Security Hole in FlexiContent...

More
13 years 9 months ago #13805 by ThatComputerDude
So we've been having a problem with a government site getting spyware files on it that basically is hosting phising sites.

We host with Rackspace (Cloud Sites) who has been working with us to trace how this is happening, so it's NOT a server issue.

We thought maybe it was a problem with the FTP Username/Password and again, that's not the issue after working on this with Rackspace on and off for 3 months.


So the access is /com_flexicontent/librairies/phpthumb where the files are put, which allows them access to just about anywhere on the site to upload these spyware/malware files. (how ever you want to call it)

First it was in these path, then they put files in the /cache directory and now this week they were creating them in /plugins/ and naming it Betterperview (a plugin for Joomla).


So my question is, what security holes are you aware of and how are people able to gain access to upload files/directories to a server? This is a very serious issue that I hope you guys are able to address.

Thank you for your attention! Attached is a screenshot of the extra files in this libraries directory.

[attachment=0:35p0761l]<!-- ia0 -->hacked-directory.jpg<!-- ia0 -->[/attachment:35p0761l]
Attachments:

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #13808 by effrit
the problem was solved.
use search or download svn-version what contain patched phpThumb library

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #13814 by micker
a new version is comming with solved issue !

FLEXIcontent is Free but involves a very big effort on our part.
Like the our support? (for a bug-free FC, despite being huge extension) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing reviews. Thanks![/size]

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #13828 by ThatComputerDude
Any idea how soon it will be released?

I've just downloaded the most recent version from the svn - I'll just unzip it and upload the new files for /components/com_flexicontent/librairies/phpthumb

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #13829 by ThatComputerDude
ok I just looked at that latest version and I see nothing different in the /components/com_flexicontent/librairies/phpthumb directory of files

code.google.com/p/flexicontent/downloads/list

Please Log in or Create an account to join the conversation.

More
13 years 9 months ago #13833 by effrit
so you looked in wrong place :)

code.google.com/p/flexicontent/ ... 2Fphpthumb

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.822 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline