I was actually working on my site when it was infected so i almost watched it happen! I noticed it was affecting links and loading strange things in the background. tracked it down to the .htaccess files. it had added the usual
ErrorDocument 400
http://network-teaser.ru/getup/index.phpI'm on shared hosting and have another 10 or so domains on the account. Almost all were also infected. I made a full backup of everythng, then wiped the server, and re-uploaded scripts. I now have 'zenphoto version 1.4.1.5 [8326]' which i uploaded 2 days ago. I now learn this also might not be secure??
I've just deleted the ajaxfilemanager folder as a tempory fix. I haven't seen any other symptoms though such as the tmp php files or infected php files so maybe the .htaccess thing is the first step in the attack?
Once a proper fix is available, can you make it clear on the front page maybe? All the rumours and help on here at the mo is a little confusing and i'm still not sure if my server is vulnerable or not!
Zenphoto
Comments
All that that is known is on the two main topics.
Btw, It is not necessary to open a new topic. That is confusing us. Just the already existing ones like this one: http://www.zenphoto.org/support/topic.php?id=9951
Thanks. I close this one therefore.