Bug tracker

Security alert!

Bernard Paques -- on Feb. 18 2009 at 12:29 am GMT, from nearby-an-airport
[b]YACS Leader[/b]

Please fix your site as soon as possible

OwnerBernard Paques
WorkflowSupport request
StatusProblem has been recorded
Since yesterday, several sites have been systematically hurt remotely.

[subtitle]How to prevent attacks?[/subtitle]

You cannot avoid remote attacks, but you can make them harmless.

The faulty script is scripts/update_trailer.php and the best way to go is to remove it through a regular FTP session.

Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.

[subtitle]How to detect if your site has been infected?[/subtitle]

You may receive a message from your Internet service provider, or the home page has changed, or some folders have alien files (i.e., not included in the regular yacs archive).

[subtitle]How to repair your site?[/subtitle]

If we assume that hackers were "only" looking for backdoors, most files should have been preserved.

Connect with FTP, and delete or update scripts/update_trailer.php.

Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.

Check the file index.php at the top-most directory, in case your site has been defaced.

Then unlock your site as per instructions from your ISP, if any.

[subtitle]What are the risks to be infected again?[/subtitle]

All scripts have been checked manually today, and no other has the same bug than scripts/update_trailer.php has.
Bernard Paques
on Feb. 18 2009 at 12:29 am GMT
Page has been created

Bernard Paques
on Feb. 17 2009 at 11:41 pm GMT