After having one of my websites hacked not once but TWICE I went through the server logs to see WHAT was going on. Apparently, there was a link somehow in GOOGLE that was a direct link, past our login security, to the IMAGE UPLOAD feature.
We need a security fix to get this resolved ASAP.
We need a security fix to get this resolved ASAP.
Re: Security Breach!
More specifically I have found that the link is to the ImageManager plugin:
fckeditor/editor/plugins/ImageManager/manager.php
This file has NO protection and can be accessed via a standard URL if the path is known! So if the path was:
www.mysite.com/fckeditor/editor/plugins ... anager.php
Then ANYONE can access the image manager and upload hacks and viruses to YOUR website! This needs to be addressed NOW to get this fixed!!
Re: Security Breach!
This is in the config.php file for the file manager: