CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • General Discussion (please no support requests here!) (Moderator: Michał Mach) »
  • unauthorized code? attempt to hack?
Pages: [1]

Author Topic: unauthorized code? attempt to hack?  (Read 1941 times)

oak

  • I’m new here
  • *
  • Posts: 11
  • Karma: 0
  • CiviCRM version: 4.1
  • CMS version: Joomla 1.7
  • MySQL version: 5.0.92
  • PHP version: PHP 5.3.6 (cli) (built: Sep 12 2011 18:02:42)
unauthorized code? attempt to hack?
April 17, 2013, 11:18:42 am
I found two files on my site which should not have been there. I am not sure where to report this.

administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/code.php
administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/shell.php

Powered by CiviCRM 4.2.8. CiviCRM - Joomla! 2.5.9

Erik Hommel

  • Forum Godess / God
  • I live on this forum
  • *****
  • Posts: 1773
  • Karma: 59
    • EE-atWork
  • CiviCRM version: all sorts
  • CMS version: Drupal
  • MySQL version: Ubuntu's latest LTS version
  • PHP version: Ubuntu's latest LTS version
Re: unauthorized code? attempt to hack?
April 18, 2013, 12:41:41 am
Thanks for the report, possibly connected to civicrm.org/blogs/totten/advisory-openflashchart-attacks
Consultant/project manager at EEatWork and CiviCooP (http://www.civicoop.org/)

oak

  • I’m new here
  • *
  • Posts: 11
  • Karma: 0
  • CiviCRM version: 4.1
  • CMS version: Joomla 1.7
  • MySQL version: 5.0.92
  • PHP version: PHP 5.3.6 (cli) (built: Sep 12 2011 18:02:42)
Re: unauthorized code? attempt to hack?
April 18, 2013, 10:09:27 am
Yes it was: http://civicrm.org/blogs/totten/advisory-openflashchart-attacks . I am not sure why that ofc_upload_image.php still was in the directory as my version is after 4.2.6. I guess it was left behind in the upgrade process.  :P . Thanks the folks for the write up. Some great idea about permission settings in the article as well. Thanks.

Hershel

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4640
  • Karma: 176
    • CiviHosting
  • CiviCRM version: Latest
  • CMS version: Mostly WordPress and Drupal
Re: unauthorized code? attempt to hack?
April 18, 2013, 10:28:05 am
Quote from: oak on April 18, 2013, 10:09:27 am
I am not sure why that ofc_upload_image.php still was in the directory as my version is after 4.2.6.

This is a common mistake--it sounds like you didn't delete the CiviCRM code before installing the fresh version. If you do it like that, then that file is never deleted and the problem remains. :(
CiviHosting and CiviOnline -- The CiviCRM hosting experts, since 2007

See here for the official: What to do if you think you've found a bug.
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • General Discussion (please no support requests here!) (Moderator: Michał Mach) »
  • unauthorized code? attempt to hack?

This forum was archived on 2017-11-26.