[Lazarus] Lazarus Forum seems to be hacked!

Matt Shaffer dazappa.matt at gmail.com
Wed Jan 27 22:10:40 CET 2010

On Wed, Jan 27, 2010 at 10:37 AM, Marc Weustink <marc.weustink at cuperus.nl>wrote:
> The "infection" is removed. We're currently investigating where it came
> from.
> The smf forum was  uptodate (1.1.11). Unfortunately when restoring things,
> a previous index.php was used, which reports the older version. (which is
> the only diff of the file)
> I fear the ease of the update process made it also possible to write new
> contents.
> Marc
I don't see how the ease of the update process would give hackers an
advantage... after all, you still have to have an admin account to perform
that activity.

Keep in mind:
1. An outdated index.php could be a possible culprit, if it had any security
vulnerabilities with it (although I highly doubt this)
2. Any  mods installed may have vulnerabilities
3. If the person updating the forum to 1.1.11 ignored warning messages about
files not being writable, etc, there may still be an outdated file with a
vulnerability from 1.1.10
4. SMF doesn't necessarily have to be the culprit. Exploits in other
software may have given the intruder file/ftp access, allowing him to change
any files anywhere.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20100127/5dbd7d0e/attachment-0004.html>

More information about the Lazarus mailing list