Website hacked by multithumb

(1/1)

johnstevens:
Our webserver was hacked recently and we have the feeling they came in via SIG Pro.

We had many attempts in our logfiles like the one below...


[mod note: message deleted for user's privacy. The issue is with Multithumb. Please follow the steps described below by JoomlaWorks Support Team and if possible contact Multithumb's developer]

JoomlaWorks Support Team:
The problem have to do with the file
mambots/content/multithumb/multithumb.php
and IT ISN'T a SIG Pro file!

Probably, in this file, the variable $mosConfig_absolute_path it isn't sanitize
and cause your server have the register_globals on ( big mistake second me ) anyone can pass through the url bar his custom $mosConfig_absolute_path.

Do that
1st check the file mambots/content/multithumb/multithumb.php and sanitize the variable $mosConfig_absolute_path
2nd turn off the registers_global in your php.ini

Thank you!

You can also read this post
http://forum.joomla.org/index.php?topic=222801.msg1038174
about the security issues of various versions of the multithumb!

Navigation

[0] Message Index