Member
Member
thebluebus   2011-11-10, 16:43
#1

I was actually working on my site when it was infected so i almost watched it happen! I noticed it was affecting links and loading strange things in the background. tracked it down to the .htaccess files. it had added the usual

ErrorDocument 400 http://network-teaser.ru/getup/index.php

I'm on shared hosting and have another 10 or so domains on the account. Almost all were also infected. I made a full backup of everythng, then wiped the server, and re-uploaded scripts. I now have 'zenphoto version 1.4.1.5 [8326]' which i uploaded 2 days ago. I now learn this also might not be secure??

I've just deleted the ajaxfilemanager folder as a tempory fix. I haven't seen any other symptoms though such as the tmp php files or infected php files so maybe the .htaccess thing is the first step in the attack?

Once a proper fix is available, can you make it clear on the front page maybe? All the rumours and help on here at the mo is a little confusing and i'm still not sure if my server is vulnerable or not!

Administrator
Administrator
acrylian   2011-11-10, 18:00
#2

There is no other fix than deleting the file manager (which again is not written by us). That file manager will also not return as we do not plan to fix it at all.

All that that is known is on the two main topics.

Btw, It is not necessary to open a new topic. That is confusing us. Just the already existing ones like this one: http://www.zenphoto.org/support/topic.php?id=9951
Thanks. I close this one therefore.

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.