MWPSK hacked!

Topics: Developer Forum
Dec 6, 2010 at 8:37 AM

All of our websites are hacked through the image upload tool of MWPSK called: ftb.imagegallery.aspx
They have uploaded 1.aspx in the image map, and then execute this via the browser path: www.website.com/images/1.aspx!!!
This is the know trojan ASPXspy.

They can upload and execute any script they want!!

Please advise how to stop this?

Coordinator
Dec 7, 2010 at 10:42 AM

Hi Mika,

thanks for bringing this to our attention!

The easiest countermeasure is to put a web.config into the directory where the Images get stored that denies access to any non-Image-File.

The web.config needs to contain the following:

<configuration> 
   
<system.web> 
     
<authorization> 
       
<deny users="*" /> 
     
</authorization> 
   
</system.web> 
</configuration> 

Best,
Dirk

 

 

Coordinator
Dec 7, 2010 at 1:53 PM

Alright, the web.config didn't completely fix the problem as the ftb component could be tricked into writing stuff somewhere else. By now MRAatFC fixed the problem and uploaded a patched version of MWPSK.

Thanks again for catching this bug and thanks MRAatFC for fixing it!

Best,
Dirk

Dec 7, 2010 at 2:41 PM

The patched version did not protect my server, for hackers to upload image files etc.
So they can use my server as a free database server for their images, and put the links to their images on other servers....