Hi I just downloded this file:
http://dev.cmsmadesimple.org/frs/downlo ... ull.tar.gz
But there is a root kit!
In the FIleManager diretory:
modules/FileManager/postlet/config.php
Don't use it!
[NeverMind] Root Kit in the FIleManager(1.4.1-full.tar.gz)
[NeverMind] Root Kit in the FIleManager(1.4.1-full.tar.gz)
Last edited by Anonymous on Sun Aug 31, 2008 7:27 pm, edited 1 time in total.
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: !!!!! Root Kit in the FIleManager(1.4.1-full.tar.gz) !!!!!
Must be your problem. I just downloaded both the full and base packages, AND checked their contents and there is no config.php in that directory.
I've attached a history of my extracting the file, changing to the appropriate directory and showing a listing
there is no config.php
I've attached a history of my extracting the file, changing to the appropriate directory and showing a listing
there is no config.php
- Attachments
-
[The extension txt has been deactivated and can no longer be displayed.]
Last edited by calguy1000 on Sun Aug 31, 2008 3:47 pm, edited 1 time in total.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
wrong alert
Very sorry. You are absolute right!
Only my website was infected by the "config.php" and the "postlet" directory is not the part of the rootkit. This was my very big mistake.
I don't know how could it happend. This is the first time when somebody hacked up my site.
This "config.php" was a complete shell and file manager kit tool "C99Shell v. 1.0 pre-release build #16" by the "RootShell Security Group".
And it was accessable for the entire world. This kit was installed to this place maybe in 2008 may.(as I see in the backups)
And the attacker today made some modification in my webpages: The attacker published hidden spam links to all pages,by the include.php int the root dir. (this hidden links made some problems in the style sheets, and the font sizes in the main pages was bigger than before. That was the reason why I opened the main page html code, and I was shocked... )
By the apache log files: The attacker used an american located server (with russian language web page).
Due legal issues I don't write IP-s, and provider names.
Cmsmadesimple forever!
Only my website was infected by the "config.php" and the "postlet" directory is not the part of the rootkit. This was my very big mistake.
I don't know how could it happend. This is the first time when somebody hacked up my site.
This "config.php" was a complete shell and file manager kit tool "C99Shell v. 1.0 pre-release build #16" by the "RootShell Security Group".
And it was accessable for the entire world. This kit was installed to this place maybe in 2008 may.(as I see in the backups)
And the attacker today made some modification in my webpages: The attacker published hidden spam links to all pages,by the include.php int the root dir. (this hidden links made some problems in the style sheets, and the font sizes in the main pages was bigger than before. That was the reason why I opened the main page html code, and I was shocked... )
By the apache log files: The attacker used an american located server (with russian language web page).
Due legal issues I don't write IP-s, and provider names.
Cmsmadesimple forever!
