Pivotx hacked?

Get help with installation and running PivotX 2.0.x here. Please do not post Extension or Theme related questions here.

Pivotx hacked?

Postby lassowski » Wed Feb 16, 2011 7:07 am

Hi there!

Yesterday I - or pivotx 2.1.1 which I am using (http://lassowski.dyndns.org/BierderLOG) - discovered an executable file in my images directory. It was named hacksir.php and I immediately moved it out of place.
And more, the password for admin was resettet/changed - on Saturday, the 12. February - and I did not receive the resetting mail which I saw when I had to reset the password again to gain access to the PivotX administration.
The name hacksir.php ist mentioned twice in the file pivotx/db/ser_events.php.
Code: Select all
i:151;a:5:{i:0;s:16:"2011-02-12-13-19";i:1;s:5:"admin";i:2;s:9:"save_file";i:3;s:0:"";i:4;s:11:"hacksir.php";}i:152;a:5:{i:0;s:16:"2011-02-12-13-19";i:1;s:5:"admin";i:2;s:9:"save_file";i:3;s:0:"";i:4;s:11:"hacksir.php";}

What has happened?

My system is Debian Lenny.

greetings
Frank

ps:
And, btw, what was up with pivotx.net yesterday? Servers down? I tried to reach you dozens of times...
lassowski
 
Posts: 28
Joined: Thu Mar 04, 2010 12:09 pm

Re: Pivotx hacked?

Postby dokistation » Wed Feb 16, 2011 7:37 am

I was also hacked yesterday (it seems a lot of PivotX users are being targeted).

The recommendation around the forum is to try to delete the malicious files, repair what you can and upgrade to 2.2.4 that's available on the front page.

I love PivotX and hope I don't get hacked again. ):
dokistation
 
Posts: 19
Joined: Fri Aug 27, 2010 1:50 pm

Re: Pivotx hacked?

Postby lassowski » Wed Feb 16, 2011 9:23 am

dokistation wrote:I was also hacked yesterday (it seems a lot of PivotX users are being targeted).

Oh, apologies, I noticed the thread a few minutes later.

That was close, wasn't it??

The recommendation around the forum is to try to delete the malicious files, repair what you can and upgrade to 2.2.4 that's available on the front page.

Ok, I deleted that file and all seems fine. But how can I be sure that everything is ok?

Frank
lassowski
 
Posts: 28
Joined: Thu Mar 04, 2010 12:09 pm

Re: Pivotx hacked?

Postby hansfn » Wed Feb 16, 2011 12:08 pm

Regarding the pivotx.net down-time - read About yesterday's outage in our blog.

The other forum thread that you should read is Update your PivotX immediately: you have been hacked.

Added: Rather read I have been hacked - now what?

After upgrading to 2.2.4 and deleting any the malicious files (reported by PivotX), you should be fairly safe that everything is back to normal. However, you can't really be 100% sure - they might have placed files in locations that PivotX doesn't survey. You should really use your FTP client and review all newly created or modified files.
hansfn
Developer
 
Posts: 3282
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway

Re: Pivotx hacked?

Postby wilsoupcup » Wed Apr 20, 2011 8:18 pm

jonturk is trying to reset my administrator password. I wish I knew his ip. I looked at the ser_events table, am I missing anything? Even though I get these password resets every day for a dozen or so 2.2.4 and 2.2.5 I have yet to have lost one. Seems they kept track of me from a prior exploit and they keep looking for a crack.

Am I missing any logging or ip blocking projects that I should look at?
wilsoupcup
 
Posts: 10
Joined: Fri Feb 18, 2011 7:12 pm

Re: Pivotx hacked?

Postby hansfn » Thu Apr 21, 2011 8:41 am

PivotX is currently not logging the IP for password requests - only the IP for failed and successful logins (in the file ser_logins.php). However, if those passwords requests annoy you, read the forum thread Restrict administrator login to IP range?.
hansfn
Developer
 
Posts: 3282
Joined: Sun Nov 25, 2007 7:48 pm
Location: Molde, Norway


Return to 2.x Support Forum

Who is online

Users browsing this forum: No registered users and 5 guests

cron