MicrostockGroup

Microstock Photography Forum - General => Selling Stock Direct => Topic started by: leaf on December 04, 2013, 15:59

Title: Ktools Vulnerability - Did you get hacked
Post by: leaf on December 04, 2013, 15:59: I just got a note from my web host that my ktools site got hacked.. looks like I have my evening project in place :( I logged onto their site and saw there was a vulnerability discovered. Anything less than version 4.5 is vulnerable... which means everyone since 4.5 was released today.
Quote
PhotoStore 4.x Security Vulnerability Discovered
A vulnerability has been found in a 3rd party script called Uploadify we use in PhotoStore. Any versions lower than 4.5 are vulnerable. To protect your site please delete the /assets/uploadify/old/ directory and files within.
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: lisafx on December 04, 2013, 18:54: Oh joy. I haven't heard anything from Bluehost.

Of course I can't find the assets file in my file manager.
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: cthoman on December 04, 2013, 19:38: Quote from: lisafx on December 04, 2013, 18:54
Oh joy. I haven't heard anything from Bluehost.

Of course I can't find the assets file in my file manager.

I think it is just for 4 and not 3. I didn't see those folders either.
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: leaf on December 05, 2013, 04:15: Quote from: cthoman on December 04, 2013, 19:38
Quote from: lisafx on December 04, 2013, 18:54
Oh joy. I haven't heard anything from Bluehost.

Of course I can't find the assets file in my file manager.

I think it is just for 4 and not 3. I didn't see those folders either.

Yeah, probably just for 4. I had the folder which needed deleting. Since my site got hacked and the paypal ipn wasn't working I decided to do an upgrade. I 'think' i have most things working again.. sigh.. They really really need a better template system so we don't have to reapply our changes on every update.
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: lisafx on December 05, 2013, 10:41: Quote from: cthoman on December 04, 2013, 19:38
Quote from: lisafx on December 04, 2013, 18:54
Oh joy. I haven't heard anything from Bluehost.

Of course I can't find the assets file in my file manager.

I think it is just for 4 and not 3. I didn't see those folders either.

Good to know. Thanks for posting Cory. :)

I am not confident tinkering around in the back end of my website, so I wondered if maybe I was just overlooking something.
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: alezan on December 06, 2013, 15:07: >:( >:( >:(

What a piece of junk! Hope you get back on track and consider a change of software!!
Title: Re: Ktools Vulnerability - Did you get hacked
Post by: ArenaCreative on February 06, 2014, 01:07: Yeah, I edited and hacked up the code in my older version of ktools that I don't even want to think about upgrading.

Symbiostock looks nice, and runs on wordpress, but it still looks no frills compared to what you get with ktools. I'm sure it doesn't run as fast, either. Who knows/cares. Selling direct is not something I would ever do over again. Too much time/pain in the rear to deal with for such a small return, unless you happen to be some sort of special SEO wizard or have bottomless pockets for google adsense to drive traffic.