Author Topic: Intruder in my site... (Read 4215 times)

live@ct · « **on:** July 29, 2008, 08:25:47 AM »

Yesterday someone upload a file to my site, checking the source of the php file I can cheked that is something like a shell, I notice that something goes wrong when the pictures mark the error 404 and check by ftp and the files was in the folders, so i try to re upload the image and the system tell me that the extension its no permitted, so I went to the Control Panel and check the options and I saw that the extension options was changed to only permit to upload PHP files extension!!!

How did he do that!?!?!
I can believe that someone upload a file modifiying something in the upload code like a sql injection, BUT how did he changed the option to permit to upload php files!!!

is there something to prevent such kind of exploits?!?!?!?!?!

thanks for your help!!!

kai · « **Reply #1 on:** July 29, 2008, 08:36:35 AM »

What version of 4images are you running? Which mods do you have installed?

live@ct · « **Reply #2 on:** July 29, 2008, 08:53:53 AM »

I have the 1.7 with many mods, i cant remember the mods I had

also I Iadded come field but nothing that its not documented... (db_field_definition)

kai · « **Reply #3 on:** July 29, 2008, 10:11:33 AM »

We recommended always to upgrade to the latest version, currently 1.7.6.:
http://www.4homepages.de/4images/download.php

4images Forum & Community

News:

Author Topic: Intruder in my site... (Read 4215 times)

live@ct

Intruder in my site...

kai

Re: Intruder in my site...

live@ct

Re: Intruder in my site...

kai

Re: Intruder in my site...