Security problems in 1.3.x

[MrPenibel]

Hi everybody. It all starts with problems in LinPHA 1.3.0 which is integrated in a PHP programmed website.
From time to time visitors got a virus alert when visting the album. I checked this and found, that various files were modified. Mostly CSS files. I found Java Script Code appended at the end of these files.
I updated stepwise from 1.3.0 to current version 1.3.4 but that didn't solve the problems.
Here are the affected files:
- rootdir/styles/*.CSS
- rootdir/include/menu.js
Added folder with bad code in files:
- rootdir/plugins/guestbook/obis
I can delete the "obis" folder and can restore all files listed above but it helps only for some days.
Also affected are other CSS files in the website where the album-structute is included ...
LHA environment:
- V 1.3.4
- enabled plugins: guestbook, logger, mailing list, DB Management, Statistics, Watermark
What can I do to prevent this these problems? Who has an idea?

[Anonymous]

hi

there are no known security vulnerabilities in the latest version

please make sure you are doing a clean install of the complete www root
even if there is only one infected file left it will be possible to break into again and again

also make sure that you change all passwords (database, linpha admin user, ... i would also change the root password)

flo