Support » Requests and Feedback » 1-flash-gallery – Executable File Upload Attack

  • Not certain if this is the right place to post this.

    Getting warning across all my sites for this “1-flash-gallery” plugin
    Web Page: www…………../wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php
    Warning: URL may contain dangerous content!
    Offending IP: 80.243.174.25
    Offending Parameter: $_FILE = index.bak.php

    This may be a “Executable File Upload Attack.”

    Do not even have this plug in installed, would be wary of installing this plugin.

Viewing 9 replies - 16 through 24 (of 24 total)
  • I started getting warning emails yesterday morning from my hosting company (1and1), by the end of the day they had taken my website down.

    Here’s part of the last email I got from them this morning:

    1. Analysis of the attack
    ******************************************************************************
    1.1 The hackers processed the attack through a security leak in your software

    WordPress plugin: flash gallery

    They misused at least the following modules or files of this software:

    ./mywebsite/wp-content/plugins/1-flash-gallery/upload.php

    1.2 Via this security leak, the hackers have uploaded the following malicious
    files to your webspace:

    ./mywebsite/wp-content/uploads/fgallery/20110916171543.php
    ./mywebsite/wp-content/uploads/fgallery/20110923084726.php
    ./mywebsite/wp-content/uploads/fgallery/sm3wt4.php
    ./mywebsite/wp-content/uploads/fgallery/htaccess

    1.3 In order to impede further attacks, we have disabled these files. Please
    note that part of your websites may be impaired.

    1.4 We have unlocked your 1&1 webspace. Please understand that this temporary
    lock was necessary to protect your security.

    I did have this plugin installed until this morning, but it was not activated.
    In a previous email I got from 1and1, they said that a massive number of emails were being sent from my webspace.

    I hope this helps in any way.

    What is your version of plugin?

    Version 1.6.2

    It’s installed but currently not active

    I do not have the 1-flash-gallery plugin installed. I haven’t received another notice, so I suspect it was someone checking for vulnerabilities….

    saminmt – it’s possible, because we found that bug and fixed it in the 1.6.0 version

    silvioribeiro – please update plugin to 1.7.0 version. And check ./mywebsite/wp-content/uploads/fgallery/ folder permissions

    I do not have the 1-flash-gallery plugin installed,But i received such attack Alarm yesterday

    I do not have this plugin installed and still i got this warning yesterday. Is this a real attack? I mean, The attacker actually got into my server or is just a warning from my firewall from a vulnerabilty scan?

    How do you guys manage to fix it?

    Thanx!

    If you do not have this plugin, then you do not have the same issue. Please post your own topic.

Viewing 9 replies - 16 through 24 (of 24 total)
  • The topic ‘1-flash-gallery – Executable File Upload Attack’ is closed to new replies.