Security alert!
Please fix your site as soon as possible
| Owner | Bernard Paques |
| Progress |  |
| Workflow | Support request |
| Status | Problem has been recorded |
Since yesterday, several sites have been systematically hurt remotely.
[subtitle]How to prevent attacks?[/subtitle]
You cannot avoid remote attacks, but you can make them harmless.
The faulty script is
Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.
[subtitle]How to detect if your site has been infected?[/subtitle]
You may receive a message from your Internet service provider, or the home page has changed, or some folders have alien files (i.e., not included in the regular yacs archive).
[subtitle]How to repair your site?[/subtitle]
If we assume that hackers were "only" looking for backdoors, most files should have been preserved.
Connect with FTP, and delete or update
Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.
Check the file
Then unlock your site as per instructions from your ISP, if any.
[subtitle]What are the risks to be infected again?[/subtitle]
All scripts have been checked manually today, and no other has the same bug than
[subtitle]How to prevent attacks?[/subtitle]
You cannot avoid remote attacks, but you can make them harmless.
The faulty script is
scripts/update_trailer.php and the best way to go is to remove it through a regular FTP session.Alternatively, you can apply the patch provided at the bottom at the page, that fixes the bug in the script.
[subtitle]How to detect if your site has been infected?[/subtitle]
You may receive a message from your Internet service provider, or the home page has changed, or some folders have alien files (i.e., not included in the regular yacs archive).
[subtitle]How to repair your site?[/subtitle]
If we assume that hackers were "only" looking for backdoors, most files should have been preserved.
Connect with FTP, and delete or update
scripts/update_trailer.php.Then browse all folders with recent dates, and delete strange files and folders. Ask for support in the forum if needed.
Check the file
index.php at the top-most directory, in case your site has been defaced.Then unlock your site as per instructions from your ISP, if any.
[subtitle]What are the risks to be infected again?[/subtitle]
All scripts have been checked manually today, and no other has the same bug than
scripts/update_trailer.php has.| Bernard Paques |  on Feb. 18 2009 at 12:29 am GMT |
 Bernard Paques |  on Feb. 17 2009 at 11:41 pm GMT |