Delete plugin enough ?

lcollong

lcollong

FabriKant d'applications web
Hi,

One of my customer site has been hacked. It's not up to date. I've restored it and deleted the involved plugin (hack on begin of july corrected with v3.7) using Joomla extension manager-->manage uninstall the plugin.

Is it enough to prevent the attack ?

We won't update this site as we are building a complete new one based on last releases which will replace the actual one within some days.
 
Assuming it's the upload plugin, then yes, if you updated to a version that has the fix (I can't remember which release of 3.7 the fix went in) it will fix it. And deleting the plugin will definitely fix it.

-- hugh
 
Actually the installed fabrik version is prior to the fix. I did not update it. But I deleted the plugin.
Was the breach in the plugin code ? If yes, I guess deinstalling/delete the plugin will be enough to protect the site against this attack.
 
Yes, the vulnerability was in the fileupload.php model.

If you just ran the J! uninstall, make sure it did delete the actual plugin folder.

-- hugh
 
You must log in or register to reply here.

Useful links

  • Create a Fabrik Account (Downloads)
  • Create a Forum Account
  • Fabrik Wiki
  • Fabrik 4 Changelog /Install /Upgrade
    • We are in need of some funding.
    More details.

    Thank you.

    Members online

    Total: 120 (members: 1, guests: 119)
    Back
    Top