Hacked website

My main gallery using Zenphoto was hacked yesterday.
I spotted a series of PHP files scattered in the website, full directories as well as files hidden in the album and cache directories.

The website was running Zenphoto 1.4.12. I upgraded it to Zenphoto 1.4.13
The server does not seem to be running ImageMagick or at least it appears nowhere with the phpinfo() command.

Another of my websites running the MODx CMS on the same server was hacked in the past weeks, but I am not sure it is linked (I cleaned it and found nothing alarming on it)

Was there a security fix in V 1.4.13? Has anybody heard of a new vulnerability?

Comments

  • IBIZAGOCAR es un rent a car en Ibiza con precios económicos y disponibles para ti en distintos puntos de la isla. Vive tus mejores vacaciones en Ibiza!
  • acrylian Administrator, Developer
    Sorry to hear that. Such hacks can happen via lots of way, Server itself, the ModX hack you mentioned, a plugin, a custom theme…

    There was no security fix in 1.4.13 otherwise it would have been noted. There are no actual security issues known to us currently. But that of course never means there might be one somewhere. Nothing is 100% perfect ever.

    Please mail me directly via our contact form so we can talk about this directly.
  • I checked a bit further and had numerous other files uploaded the same day (23rd of November) on two MODx websites on the same server (but a different directory).

    I will see if other files appear on the server and contact you via the form if they do.
Sign In or Register to comment.