• Hello Fabrik Community

    Fabrik is now in the hands of the development team that brought you Fabrik for Joomla 4. We have recently transitioned the Fabrik site over to a new server and are busy trying to clean it up. We have upgraded the site to Joomla 4 and are running the latest version of Fabrik 4. We have also upgraded the Xenforo forum software to the latest version. Many of the widgets you might have been used to on the forum are no longer operational, many abandoned by the developers. We hope to bring back some of the important ones as we have time.

    Exciting times to be sure.

    The Fabrik 4.0 Official release is now available. In addition, the Fabrik codebase is now available in a public repository. See the notices about these in the announcements section

    We wish to shout out a very big Thank You to all of you who have made donations. They have really helped. But we can always use more...wink..wink..

    Also a big Thank You to those of you who have been assisting others in the forum. This takes a very big burden off of us as we work on bugs, the website and the future of Fabrik.

possible malware

skyrun

Active Member
fyi, my scanner found this file in a fabrik-sounding directory ..../fabrik_build/tests/unit/schema/fite.php
 
Found what?
Which Fabrik version?
This file is not in GitHub.
But you don't need fabrik_build at all...
 
i keep on the latest. not sure when the file got there. the ill-effects of hacking one of my 25 location sites started feb 12 abt.

there are dozens of .php scripts that have been added or replaced (including a bit on the front of index.php in the root and to a similar file on admin that runs each time). those scripts copy themselves and on and on. they are used to send spam.

i have heard this hack (called cloki sometimes) has infected joomla primarily but also some wordpress. so it's unclear where it comes from.

so i would just check the git to make sure that file isn't on it... fite.php and fabrik is unintentionally helping spread it.
 
I checked before anwering, it's not there
upload_2018-2-16_17-40-48.png
But I just spent my day by cleaning a hacked Joomla site ...
Which was hacked in December (I think, because of modified index.php files with this date) but closed down by the host two days ago.
So maybe there are sites hacked some weeks ago but "used" now?
 
great. same hack? did you see 'clocki' and 'xmcc' and a bunch of changed index.php's in most every directory?
i wonder if joomla 3.8.5 has a vulnerability.
 
yup, a lot of index.php doing
@include "\x2fis/h\....
a nice cache/ps.php with
define('_JEXEC', '07b....

etc

but this site was still running J!3.7.3
(and I'm not sure if this was the Joomla version on 12-12-2017, the date of these index.phps)
 
We are in need of some funding.
More details.

Thank you.

Members online

Back
Top