Post to Facebook
Tweet about this
Share at LinkedIn
Invite participants
Reference this page
 | 20090217 patch security.tgz - 1,469 bytes, 134 downloads |
English « Bug tracker «
Security alert!
Please fix your site as soon as possible
| Workflow | Support request |
| Status | Problem has been recorded
|
| Owner | Bernard Paques |
| Progress |  |
Since yesterday, several sites have been systematically hurt remotely.
The faulty script is
Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.
Connect with FTP, and delete or update
Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.
Check the file
Then unlock your site as per instructions from your ISP, if any.
How to prevent attacks?
You cannot avoid remote attacks, but you can make them harmless.The faulty script is
scripts/update_trailer.php and the best way to go is to remove it through a regular FTP session.Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.
How to detect if your site has been infected?
You may receive a message from your Internet service provider, or the home page has changed, or some folders have alien files (i.e., not included in the regular yacs archive).How to repair your site?
If we assume that hackers were "only" looking for backdoors, most files should have been preserved.Connect with FTP, and delete or update
scripts/update_trailer.php.Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.
Check the file
index.php at the top-most directory, in case your site has been defaced.Then unlock your site as per instructions from your ISP, if any.
What are the risks to be infected again?
All scripts have been checked manually today, and no other has the same bug thanscripts/update_trailer.php has.
