FOP2 Manager vulnerability
For a couple of days we have received reports of compromised servers from FOP2 users. A preliminary analysis seems to indicate that indeed the attack vector is part of the FOP2 Manager (http://your.server/fop2/admin), more specifically in the files downloadfile.php and chunkdonwloadhelper.php
In case you have the FOP2 interface exposed to the internet and as an urgent measure we suggest you perform the following actions until we can confirm the problem and provide definitive measures to avoid the problem.
Log into your FOP2 Manager dashboard at https://your.server/fop2/admin
You should see the new 1.2.4 version available. Upgrade directly from there. Once done, your server won't be vulnerable any longer.
To find out if your server was already compromised you can check for the existence of the following files that are not part of FOP2 but are injected by attackers to download and run a cryptocurrency mining script:
ls -la /var/www/html/fop2/lang/index.php
ls -la /var/www/html/fop2/lang/ko.php
If you have any of these two files, your computer was compromised, you should delete these files immediately.