Comments on: Mambo and Joomla exposed as script kiddies have their summer holidays

By: tj

tj — Fri, 11 Jan 2008 08:47:13 +0000

Remember that gaining access to configuration.php is just one way you can do harm here. There are lots of other things that can happen, including as you say e-mail spammers, so I don’t think ioncube should make you sleep better. Anything can be cracked, even ioncube. A quick google search found this for instance: http://blog.php-security.org/archives/14-PHP-Encoders-Protection-where-are-you.html

By: Ian Wright

Ian Wright — Fri, 11 Jan 2008 05:16:25 +0000

I am using Joomla 1.0.13, virtue mart 1.0.13a and have almost no other extensions added to my site, but still i have had my site hacked into. They hacked in sometime in October according to the file dates, and left a small directory called com_uk in the public_html/components directory.

It was a file manager script, allowing anybody to visit that page and have all the info about my site, no idea how they gained access, as all the permissions were correct etc.

I have now found that 4 of my sites were email spammers, and also had open access. I then found a small text file in another directory that had links to other sites with the file manager, 2 of them were mine on my other servers.

It is getting to the stage where I’m seriously wondering if using Joomla is the best idea as a commercial sense. I have never minded paying for scripts, as i sell them at the end of the day. So i have already started looking for commercial components.

Do you think encrypting the configuration.php file in ioncube would help, or can ioncube be cracked?

All the best
Ian

By: abby lim

abby lim — Sat, 22 Dec 2007 15:28:57 +0000

i’d like to add com_poll component in joomla 1.5
recently been bugged by an irc — eggdrop
hackers attempting to use our server to use it as irc

By: tj

tj — Thu, 12 Jul 2007 09:10:51 +0000

Script kiddies do not need administration access to upload and hide folders, so you should not assume that they have admin access, but that is besides the point at this time.

Hackers could just as easily have gotten in through another application or even another website if you are using a shared hosting service. The only way to find that out is to go through the webserver logs, which your hosting co. should do.

What you need to do, regardless of what your hosting company does, is:

a) Secure your data.
You probably do not want to lose your data that you have worked alot to accumulate. So make backups of your database and the files you might have uploaded or modified. Typical folders you would want to backup is your images folder and your templates folder. Joomla core files are not important, unless you have made modifications to them.

You might end up backing up some data that the hackers have put there, so after you have made the backup you should go through the data to ensure that it is in fact your data.

b) Go through your installed components, mambots and modules.
Compare their version numbers with the ones you find on the extension websites, for instance on extensions.joomla.org. Download the most recent versions of the stuff you have installed. Using old extensions that might have known security holes is a big security risk.

c) Consider switching hosting companies
If your hosting company is unable to stop what ever is happening to the server you should reconsider using their service, and you should at least demand to be moved to another server that is not compromised. If the hosting company will not set up a new account for you, you should consider switching host.

Do a fresh Joomla install, using the latest Joomla version available in the 1.0 series (1.0.12 at this time). Also: Install new versions of the components you had on your old site, if new versions are available.

Alot of other security tips and measures plus help and assistance can be found in the Joomla security forums.

Hope this helps!

- Torkil

By: Freddy Egersdorfer

Freddy Egersdorfer — Wed, 11 Jul 2007 15:17:53 +0000

It seems someone has found a way to get into my administration. So far they are uploading huge amounts of content into my hosting server and I find that they hide the folders, sometimes as so that my hosting co. can not find them.

Please help as I do not know how to upgrade properly, really scared about losing all my content. I’m so far using 1.0.10.

By: Top Five Things That Brought Down Lieberman’s Web Server »Rotophonic«

Wed, 09 Aug 2006 01:49:37 +0000

[…] The most recent serious problem with the Com_ExtCalendar component was discovered very recently–on July 7th, 2006. This issue would allow a hacker to deface or even overwrite the entire configuration file for the site. Others have written about “script kiddies” spending their summer vacations attacking Joomla sites, including those with this component. Geary told TPMmuckraker that, “We have nobody with a security background helping with this. It’s just us, what we know, how we work with our server network.” I read this as, “We just use the webserver control panel and know how to upload stuff via FTP.” […]

By: Elpie

Elpie — Sat, 22 Jul 2006 16:04:56 +0000

ExtCalendar & MiniCal have been updated for both Mambo and Joomla.
Details and download links are here: http://forum.mamboguru.com/showthread.php?t=318

The only ExtCalendar addon not yet updated is the Latest Events module. It is recommended that this be entirely removed from servers as there are some significant vulnerabilities with “Latest Events”.

By: tj

tj — Wed, 19 Jul 2006 15:12:29 +0000

I have seen stuff far worse than simple defacing, so you should let your hosting provider know about this and have them check the server. Some simple suggestions are outlined in this thread:

http://forum.joomla.org/index.php/topic,76551.0.html

By: Bjørn Are Solstad

Bjørn Are Solstad — Wed, 19 Jul 2006 15:09:46 +0000

Yup. We have had 3 sites hacked the last couple days. Simple defacings as far as I have seen so far though. The hackers that attacked us, was some islam group spreading their propaganda.