CKEditor 4
Thu, 08/09/2007 - 03:34
#1
bazooka
bazooka's picture
Joined: 09/08/2007
Posts: 1

I got haxored through fcked

fyi

I found bank and party poker phishing sites in my UserFiles dir.

in the logs i found this

http://www.google.ro/search?q=allinurl: ... rt=10&sa=N

I have since turned of indexes so google can't just index directories (which was my fckup) but it brings up a larger question of people knowing the path to say ... /FCKeditor/editor/filemanager/upload/test.html or the such.

take heed, passwd protect your FCKeditor dir.

- bazooka

Top
Thu, 08/09/2007 - 12:43
alfonsoml
alfonsoml's picture
Joined: 31/12/2006
Posts: 3737

Re: I got haxored through fcked

Removing the test.html file isn't really interesting, what everymody MUST do is password protect the editor, or at least the filemanager, and/or don't just set the connector to enabled = true, instead do some checking based on a session variable to be sure that the user has the proper rights to use the connector.
Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check