Skip to main content Help Control Panel

 

English «   Bug tracker «  

Security alert!

Bernard Paques -- on Feb. 18 2009, from nearby-an-airport
YACS Leader

Please fix your site as soon as possible

WorkflowSupport request
StatusProblem has been recorded
OwnerBernard Paques
Progress0%
Since yesterday, several sites have been systematically hurt remotely.

How to prevent attacks?

You cannot avoid remote attacks, but you can make them harmless.

The faulty script is scripts/update_trailer.php and the best way to go is to remove it through a regular FTP session.

Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.

How to detect if your site has been infected?

You may receive a message from your Internet service provider, or the home page has changed, or some folders have alien files (i.e., not included in the regular yacs archive).

How to repair your site?

If we assume that hackers were "only" looking for backdoors, most files should have been preserved.

Connect with FTP, and delete or update scripts/update_trailer.php.

Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.

Check the file index.php at the top-most directory, in case your site has been defaced.

Then unlock your site as per instructions from your ISP, if any.

What are the risks to be infected again?

All scripts have been checked manually today, and no other has the same bug than scripts/update_trailer.php has.

Files

20090217 patch security.tgz - 1,469 bytes, 134 downloads
edited by Bernard Paques on Feb. 17 2009 · details