problem with phpThumb

More
11 years 11 months ago #31438 by stuartball
Replied by stuartball on topic problem with phpThumb
Thanks for your help so far.

Now I'm flummoxed: the PHPThumb URL is
hxxp://greatlinfordscouts.org/3/compone ... q=95&f=png and it's a wrong-un

Nothing is in the database, I've re-uploaded PHPthumb,I've text searched the files and nothing. Only thing I can think of is the URL is embedded in the PNG file?

Stu

Please Log in or Create an account to join the conversation.

More
11 years 11 months ago #31440 by stuartball
Replied by stuartball on topic problem with phpThumb
OK, it's a .HTAccess hack apparently. Now need to find the offending .htaccess file.

Where does PHPThumb store it links?

Please Log in or Create an account to join the conversation.

More
11 years 11 months ago #31441 by Rooney
Replied by Rooney on topic problem with phpThumb

StuartBall wrote: I cleaned installed the code, but didn't run through the database looking for stored links.


Ken said something about a CGI script. Have you deleted all FTP accounts and changed the Joomla passwords? To run a CGI script you need write access to the server. This means that either a FTP account is compromised or Joomla was hacked. If you haven't change passwords you might be hacked again!

Rooney

Joomla! 3.9.24 and FC 3.3.9

Please Log in or Create an account to join the conversation.

More
11 years 11 months ago #31454 by stuartball
Replied by stuartball on topic problem with phpThumb
Well I found the .htaccess files that were missed when I cleaned up.

Thanks for your help.

Stuart

Please Log in or Create an account to join the conversation.

More
11 years 11 months ago #31458 by kenmcd
Replied by kenmcd on topic problem with phpThumb

Rooney wrote:

StuartBall wrote: I cleaned installed the code, but didn't run through the database looking for stored links.


Ken said something about a CGI script. Have you deleted all FTP accounts and changed the Joomla passwords? To run a CGI script you need write access to the server. This means that either a FTP account is compromised or Joomla was hacked. If you haven't change passwords you might be hacked again!

Rooney

@Rooney
The CGI script being called was on another server (the .RU server).
But being able to write the htaccess file means they did get write access.
And part of the hack recovery checklist is to change all passwords.
So that is good advice.


@StuartBall
Looks like the images are working now.
8-)

Odd hack, or hacker screw-up.
Usually they do not want you to know they are there.


.

Please Log in or Create an account to join the conversation.

More
11 years 11 months ago #31464 by ggppdk
Replied by ggppdk on topic problem with phpThumb
I have added an extra step in installation process to try setting these permission

(post-install FLEXIcontent Dashboard screen already has it, but did not want to put it there since the task there checks minimum required permissions but installation extra step set them to 664(file), 755(folder) which doing any check)

anyway will test this


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.403 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline