update update! No worries! as I was saying, my bad. A little /test.php slipped into the final 0.703.x release (since which one? who knows) right in the release package. Just blast it away and you’re hopefully safe.
Totally crapped my pants today.
Hat tip to mr. l33t h4×0rz.
I’ve updated the package on SourceForge.
As a file is supposed to be deleted, anyway, just overwriting the file won’t work, you know. FTP to your site and delete test.php.
Have a nice day
Tonight an attacker managed to hack into some of your blogs.
Good time, just now that I’m very worried about an exam. Thank you, you nice guy, for not even contacting me before trying to hack around.
At least mr. l33t h4×0rz didn’t delete anything, but I can’t be 100% sure he can’t.
The attack consisted in posting a few ‘test’ entries.
My suggestion is to do a backup, just in case, and maybe reinstall with a new password (remember: overwrite using the same userid), even though I think he didn’t gain full access to the panel but he found some kind of backdoor I’m not aware of.
In the end, I’m making a plea to him, all kudos to you for finding such a bug (which probably consists in some foolery on my side), but please contact me soon, so that I can release a patch (and be back to study for my Software Engineering exam)
Thank you so much,
signed: a very worried dev
Sunday, December 2, 2007 - 08:57:32
I’m the “Hacker”
Sunday, December 2, 2007 - 13:09:37
Cool. How about informing us, instead of driving us mad ?
My bad of course…