CKEditor 4
Wed, 03/10/2010 - 05:01
#1
bigthink
bigthink's picture
Joined: 01/04/2009
Posts: 4

Security Breach!

After having one of my websites hacked not once but TWICE I went through the server logs to see WHAT was going on. Apparently, there was a link somehow in GOOGLE that was a direct link, past our login security, to the IMAGE UPLOAD feature.

We need a security fix to get this resolved ASAP.
Top
Wed, 03/10/2010 - 07:05
bigthink
bigthink's picture
Joined: 01/04/2009
Posts: 4

Re: Security Breach!







www.mysite.com/fckeditor/editor/plugins ... anager.php

Top
Wed, 03/10/2010 - 08:54
alfonsoml
alfonsoml's picture
Joined: 31/12/2006
Posts: 3735

Re: Security Breach!

Ok, if you have put that file without any protection and you have enabled the connector for everyone then you should blame yourself.

This is in the config.php file for the file manager:

// SECURITY: You must explicitly enable this "connector". (Set it to "true").
// WARNING: don't just set "$Config['Enabled'] = true ;", you must be sure that only
// authenticated users can access this file or use some kind of session checking.
$Config['Enabled'] = false;
Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check