Toplist input path being hijacked
Posted: Thu Nov 10, 2016 5:15 pm
It looks like some hacker was able to edit the input path for the toplist. The input path was changed to "tmp/top"
The hacker seems to have created this new file in the "tmp" directory, called it "top" and changed the input path for the toplist to that file. This new file in "tmp/top" was created/is owned by user "www-data"
This has been going on for the past month. I keep trying new things to stop this, but it comes back. I changed the input path back to the real one, then I reset the TE admin password. Everything was fine for a few days, and then again last night the input path was changed. So I'm not sure how to fix this. Nothing else on my server is compromised, just the toplist. The hacker inserts a malicious javascript in the toplist file that causes many problems...
Any help on how to stop this would be appreciated.
Regards,
John
The hacker seems to have created this new file in the "tmp" directory, called it "top" and changed the input path for the toplist to that file. This new file in "tmp/top" was created/is owned by user "www-data"
This has been going on for the past month. I keep trying new things to stop this, but it comes back. I changed the input path back to the real one, then I reset the TE admin password. Everything was fine for a few days, and then again last night the input path was changed. So I'm not sure how to fix this. Nothing else on my server is compromised, just the toplist. The hacker inserts a malicious javascript in the toplist file that causes many problems...
Any help on how to stop this would be appreciated.
Regards,
John