Carlos Garcia Posted September 30, 2013 Report Posted September 30, 2013 Please patch your sites : QUOTE :"Hi Carlos Garcia,It's come to my attention that there is a nasty exploit for phpVMS that is out in the wild, and sites are getting hit with it. The exploit is not actually in phpVMS, but in a 3rd party library that's used for the charts. It allows the attacker(s) to write files to your server, and spam out from it.Currently the way to fix it is simple: delete the file in core/lib/php-ofc-library/ofc_image_upload.php. Also please make sure that you've deleted any suspicious files, some names include kill.php, contact.html, etc.If you have a tmp-upload-images in your core/lib folder, your server has been compromised.Please visit this thread and take a look at the possible files that have been uploaded.http://forum.phpvms.net/topic/16288-notice-open-flash-chart-exploit/I've removed the above file from the download links from phpVMSThanks, and sorry for any troubles!Nabeel-------------------------------------Handy Links-------------------------------------Community Address: http://forum.phpvms.net/index.phpLog In: http://forum.phpvms.net/index.php?app=core&module=global§ion=loginLost Password Recovery: http://forum.phpvms.net/index.php?app=core&module=global§ion=lostpass Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.