FILEMANAGER HACK
Just adding this note here so any future visitors are aware of this exploit.
It has long been known the filemanager is a security risk & should, MUST be removed, if used for editing your site it is likely to damage your files, so it is a bad utility to keep anyway. Its also been known it's a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanager to gain access to your site ( dbase included!! )
So remove it now, use a normal editor like such as html-kit or notepad++ after downloading all your files to your PC with ftp such as filezilla. I prefer LeapFTP myself.
To remove:
Delete file_manager.php from catalog/admin
Open admin/includes/boxes/tools.php and delete the line:
'<a href="' . tep_href_link(FILENAME_FILE_MANAGER) . '" class="menuBoxContentLink">' . BOX_TOOLS_FILE_MANAGER . '< /a>< br>' .
All done...
1 comments:
I've noticed the same today, did not delete anything, just moved /admin/ to /adminRANDOMSTRING/ and updated /adminRANDOMSTRING/includes/configure.php :-)
Post a Comment