Author Topic: Upload Bug (hacker)?  (Read 3541 times)

0 Members and 1 Guest are viewing this topic.

Offline Pierre Corell

  • Newbie
  • *
  • Posts: 2
Upload Bug (hacker)?
« on: 05.10.2014 19:21:23 »

I have an automatic email-info for upload-files, so I got firstly yesterday an email with an illegal upload into an read-only category, upload is only allowed to registered (or manager) users. This person is not registered or was loggedin while he/she did the upload.
Yesterday I hardened the upload directory via htaccess and put an empty index.html in it which was not.
Since then the probablly hacker did it again. All corrupted zip-files, text inside were no code, just txt "zip".

The site is live, when you want to try it by yourself or similar. I checked the normal availability via direct link to index.php?option=com_jdownloads, all available categories there are not set with permissions to upload. That works so far.
Maybe this bug, when a bug is existing, is known.... Maybe a bug at another extension have caused it. I just wanna be sure to notice it here.
I completely update the site today and if its happen again, I will check all serverlogs on the uploaders IP and timestamps and inform you here.

best regards,

---until today it was---
joomla 2.5.22
PHP 5.3.18
mySQL 5.1.73

Offline Pierre Corell

  • Newbie
  • *
  • Posts: 2
Re: Upload Bug (hacker)?
« Reply #1 on: 05.10.2014 19:25:39 »
ups... at the changelogs I have seen you fixxed it already :-)