Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
You are here: HomeForum
Welcome, Guest

minify in YT Framework allows backdoor?
(1 viewing) (1) Guest
  • Page:
  • 1

TOPIC: minify in YT Framework allows backdoor?

minify in YT Framework allows backdoor? 2 years, 11 months ago #40510

The YT Framework deployed with SJ University II still contains a version of minify (\includes\lib\minify) that allows an attacker to misuse the resources of the site. We've been experiencing al increased bandwidth on our site (the attacker managed to make 24GB of traffic in 10 days) and all caused by direct HTTP access to the \minify subfolder.

The minify backdoor(?) is seems a known issue since 2015 but I see that even the standalone library still contains files from 2014 therefore I conclude it is an old version that allows missuse.

I've currently restricted the web access to the problematic IP addresses since I cannot find any other solution in this short period so please take note of this and see if the version of the minify package can be upgraded or this kind of missuse can be blocked.
Last Edit: 2 years, 11 months ago by lamermaniac.

Re: minify in YT Framework allows backdoor? 2 years, 11 months ago #40512

Finding the "backdoor" might be hard.
As with any hacked website, you probably have three options:

1. restore from a known good backup, update Joomla and third party extensions to the latest versions and reset passwords

2. rebuild the website from scratch with clean copies of Joomla and third party extensions

3. find and fix the malware, update Joomla and third party extensions to the latest versions and reset passwords
  • Page:
  • 1
Time to create page: 0.21 seconds

Notification

Please find your issue via Suggested Posts before submitting your question. We have solved the most of issues and maybe your issue was solved before.

Latest My Topics

No posts to display.

Love all our templates?

Join our membership clubs starting at $49 only for access to all of our templates

Join Now
Home Pricing
Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
SearchSupport
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes