Update your PivotX immediately: you have been hacked

Get help with installation and running PivotX 2.0.x here. Please do not post Extension or Theme related questions here.

Update your PivotX immediately: you have been hacked

Postby orangeek » Sat Feb 12, 2011 10:04 am

I can't believe it! hansfn is capable of helping PivotX users even without being asked ! :)
I just got an email that my blog at orangeek.org has been hacked.
I had to reset my password and after logging in I saw in the dashboard that I had to delete some executable files (in the templates and images folders) and I did it.
Then I upgraded to 2.2.4.

I was wondering if I have to do anything else or not.
and I wanted to thank all the developers of this wonderful platform that is pivotx.

Thank you all
orangeek
orangeek
 
Posts: 27
Joined: Mon Sep 13, 2010 3:45 pm

Re: Update your PivotX immediately: you have been hacked

Postby ranchox » Sat Feb 12, 2011 11:16 am

my website has also been hacked tonight. Is there a security issue in pivotx that has been fixed with 2.2.4?
ranchox
 
Posts: 24
Joined: Mon Jan 24, 2011 4:42 pm

Re: Update your PivotX immediately: you have been hacked

Postby orangeek » Sat Feb 12, 2011 11:37 am

ranchox wrote:my website has also been hacked tonight. Is there a security issue in pivotx that has been fixed with 2.2.4?

in 2.2.3 two potential XSS issues were fixed. I was running 2.2.2.
It's great that there is this feature that notify you of the website being hacked (and also what files you're then supposed to delete).
orangeek
 
Posts: 27
Joined: Mon Sep 13, 2010 3:45 pm

Re: Update your PivotX immediately: you have been hacked

Postby Marza » Sat Feb 12, 2011 12:20 pm

Another hacked site here, but without notification, or instruction about which files to remove. I've updated tot 2.2.4, can access all pages in pivotX, except for the dasboard, that gets redirected to a 'hacked by...' page. Any tips?

Update: I found out access to the dashboard forced a redirect, because the title of an earlier hacked entry still occured in the list with latest events. Saving a couple of entries removed it from the list and thus the dashboard is 'restored'.
But I do wonder which files others were advised to remove, as I wonder whether they may still be present on my server.
Last edited by Marza on Sat Feb 12, 2011 6:23 pm, edited 1 time in total.
Marza
 
Posts: 85
Joined: Sat Dec 12, 2009 8:49 pm

Re: Update your PivotX immediately: you have been hacked

Postby Jacky » Sat Feb 12, 2011 12:45 pm

Another hacked site and got a mail from hansfn yesterday, thanks hans .. upgraded and everything looks fine. :D
Jacky
 
Posts: 15
Joined: Wed Jul 09, 2008 1:19 pm

Re: Update your PivotX immediately: you have been hacked

Postby Gerard113 » Sat Feb 12, 2011 11:06 pm

One of my sites was also hacked. They only changed one entry to let me know my site was hacked.

Hans advised me to update tot 2.2.4. Thankx for the quick reply to my PM.

Greetings,

Gerard
Gerard113
 
Posts: 183
Joined: Fri Aug 07, 2009 9:58 pm
Location: nederland

Re: Update your PivotX immediately: you have been hacked

Postby Bob » Sun Feb 13, 2011 11:50 am

Marza wrote:Update: I found out access to the dashboard forced a redirect, because the title of an earlier hacked entry still occured in the list with latest events. Saving a couple of entries removed it from the list and thus the dashboard is 'restored'.
But I do wonder which files others were advised to remove, as I wonder whether they may still be present on my server.


Glad you fixed it. You should inspect all folders with FTP. Sort the folders by date, and you'll see the files that don't belong at the top. Delete them, or rename them to .bak and you should be fine.
Bob
Lead Developer
 
Posts: 1374
Joined: Tue Nov 20, 2007 11:16 pm

Re: Update your PivotX immediately: you have been hacked

Postby orangeek » Sun Feb 13, 2011 12:20 pm

Bob wrote:
Marza wrote:Update: I found out access to the dashboard forced a redirect, because the title of an earlier hacked entry still occured in the list with latest events. Saving a couple of entries removed it from the list and thus the dashboard is 'restored'.
But I do wonder which files others were advised to remove, as I wonder whether they may still be present on my server.

Glad you fixed it. You should inspect all folders with FTP. Sort the folders by date, and you'll see the files that don't belong at the top. Delete them, or rename them to .bak and you should be fine.

Hello.
I have a recent backup (based on 2.2.2): can I upload it and then right away update to 2.2.4?
orangeek
 
Posts: 27
Joined: Mon Sep 13, 2010 3:45 pm

Re: Update your PivotX immediately: you have been hacked

Postby Bob » Sun Feb 13, 2011 2:16 pm

No, that will not do. If they left files behind, they will be new files, that will not be replaced if you overwrite the pivotx folder with a backup. Just browse through the folders. The most common places are in /images, /pivotx/db/ and /pivotx/templates/
Bob
Lead Developer
 
Posts: 1374
Joined: Tue Nov 20, 2007 11:16 pm

Re: Update your PivotX immediately: you have been hacked

Postby Jackobli » Sun Feb 13, 2011 2:35 pm

Strange behavior at my site. After logging in into 2.2.3, I got a message, that there were 2 executables in my ../images. They are called cc.php and cc_1.php. The linux cmd "file" say's they are "cc.php: GIF image data 15457 x 28735". Scanning them via Avira says they are a Virus/Trojan PHP/Hide.A.
I removed the files (got a backup for any forensic).
My site looks not hacked, there have no changes but these 2 files been made. Strange or lucky?
Jackobli
 
Posts: 1
Joined: Sun Feb 13, 2011 2:18 pm

Next

Return to 2.x Support Forum

Who is online

Users browsing this forum: Bing [Bot] and 6 guests

cron