Being Hacked !

Hi ! My Webhosting Service send me an email. They noticed my chronoform folder have been hacked ! The following activity have been noticed :

/administrator/components/com_chronocontact/js/tiny_mce/plugins/media/img/quicktime.php

Quicktime.php have been added to this folder.

I'm using 3.1 RC 5.5

Is that a know problem, and what am I doing now ?

Thanks

Hi nitromedia,

Remove the file (there should be a quicktime.gif in there).

Scan all the files on your site with a virus scanner (your ISP maybe able to do this for you).

Over-write any suspect files with known good copies.

Change your site admin and FTP passwords

Ask your ISP what else they recommend.

Bob

Thanks for your answer Bob !

I read elsewhere that Tiny_MCE could be responsible about this issue. Is there a way to juste delete it ? Or use another Wysiwyg ?

Hi nitromedia,

That's always possible but I think it more likely that it's a common utility and the spammers make seek it out to hide their files. From what you said none of the Tiny MCE files were affected.

You can remove it from ChronoForms but I supect that then some of the admin will be broken.

Bob