checking and removing ST exploit

**cgiGeek** · November 23rd, 2010, 02:05 PM

Originally Posted by JACOBKELL

Bullshit

Hi there JACOBKELL

some facts just for you:
in http://www.askdamagex.com/f2/smart-t...tml#post384565
on October 7th, 2009, 04:13 PM
I posted:"ok I hate saying things before they are 100% tested, but can see many of you do need help think is injecting via flush.php then executing via st.php, dont throw this in my face."

then I went in and issued a patch to prevent infection/reinfection
then in
http://www.askdamagex.com/f2/smart-t...tml#post384569
on October 7th, 2009, 04:33 PM

then in:
http://www.askdamagex.com/f2/smart-t...tml#post384855

on October 8th, 2009, 03:21 PM

st guys via goodwill acknowledged and thank me for my work
"Huge thanks go out to Alpha @ xxxhostit.com"

Which is me by the way.

thank you JACOBKELL for the bump

**MMarko** · November 24th, 2010, 12:30 AM

Originally Posted by cgiGeek

Removing this is much more complex then a small step by step.( sorry but is true )

Step by step removal tutorial I wrote works fine (at least on our client's servers), unless you have old ST install or vulnerable system which can be rooted.

**benito** · November 24th, 2010, 05:04 AM

Originally Posted by MMarko

Step by step removal tutorial I wrote works fine (at least on our client's servers), unless you have old ST install or vulnerable system which can be rooted.

That tutotial is public available?

**JACOBKELL** · November 24th, 2010, 05:35 AM

Originally Posted by MMarko

Step by step removal tutorial I wrote works fine (at least on our client's servers), unless you have old ST install or vulnerable system which can be rooted.

You could also add command for searching php files in thumbs and other ST subdirectories where php files naturally doesn't go.

**hasse** · November 24th, 2010, 05:39 AM

Quoted from ST Manual

unlock.php & lock.php
Because secure.php disallow modification of files before ST update you have to unlock files before update and lock them back after updated is finished. Use unlock.php before update and lock.php after ST update (or you can again use secure.php). Files usage is very simple, there are no parameters just CD to st/admin directory and execute lock.php or unlock.php.This scripts could be executed as root or as user which was set in secure.php as files owner.

Command examples:

Code:

cd /home/domain.com/st/admin/

Code:

/bin/php unlock.php

Code:

cd /home/domain.com/st/admin/

Code:

/bin/php lock.php

**MMarko** · November 24th, 2010, 06:17 AM

Originally Posted by benito

That tutotial is public available?

Porn X Space 4 Webmasters Blog Archive Remove SmartThumbs exploit in 5 steps

Thread: checking and removing ST exploit

Thread Tools

Very important

Posting Permissions