Skip to:
Content
Pages
Categories
Search
Top
Bottom

RTMEDIA HACKED?


  • coolhunt
    Participant

    @coolhunt

    Hey Guys,

    I installed WordFence… and it notified me of a malicious file
    uploads/rtMedia/tmp/upme.PhP.jpg

    Filename: wp-content/uploads/rtMedia/tmp/lc.PhP.jpg
    File Type: Not a core, theme, or plugin file from wordpress.org.
    Details: This file appears to be installed or modified by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The matched text in this file is: $root = $_SERVER['DOCUMENT_ROOT']; $files = $_FILES['idx_file']['name']; $dest = $root.'/'.$files; if(isset($_POST['upload'])) {\x0d\x0a if(is_writable($root)) { \x0d\x0a\x0d\x0a if(@copy($_FILES['idx_file']...
    
    The issue type is: Suspicious:PHP/upload.docroot.6578
    Description: Suspicious uploader that places files in docroot

    When I checked the directory /rtMedia/tmp I found a bunch of PDF files..
    If you were to google “rtmedia/tmp pdf files” you will find a bunch of sites with random PDF files..

    Anyway.. RTMEDIA seems to be a popular Buddypress related plugin — im surprised I havent heard about this..

    any thoughts @buddydev @imath and everyone else?

Viewing 3 replies - 1 through 3 (of 3 total)

  • BuddyDev
    Participant

    @buddydev

    Hi,
    Thank you for the question.

    It seems to be a security issue. We have reported it to rtMedia team. They should be able to able to fix it soon.

    Since it is related to security, I am refraining from disclosing the details. Please wait for their update.

    Regards
    BuddyDev

    Hi @coolhunt,

    The reported issue, related to unauthorized file uploads has been fixed and released in v4.5.4, uploads to the reported directory can only be done by an admin user.

    Could you please let me know the version of rtMedia you are currently using? We will be doing an audit on the upload code, to make sure nothing is missed.

    Regards,
    Thrijith Thankachan | rtMedia Team


    coolhunt
    Participant

    @coolhunt

    my sites were on the newest release of rtmedia (i have since removed rtmedia)

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘RTMEDIA HACKED?’ is closed to new replies.
Skip to toolbar