[UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
trompete
Joomla! Explorer
Joomla! Explorer
Posts: 273
Joined: Thu Sep 01, 2005 11:19 pm
Location: Minneapolis, USA
Contact:

[UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by trompete » Tue Jul 18, 2006 4:45 am

OK folks,

I got a patch out for my two projects tonight. Upgrade to them ASAP.

BSQ Sitestats
http://forge.joomla.org/sf/projects/bsq_sitestats

JoomlaLib
http://forge.joomla.org/sf/projects/joomlalib

If you notice any other security issues, please send me a PM or contact me via our BSQ Sitestats forum on http://forum.4theweb.nl

Thanks,
Brent
Last edited by RobS on Wed Jul 19, 2006 4:46 am, edited 1 time in total.
Developer, bsq_sitestats module.
www.bs-squared.com

old blue
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun May 07, 2006 11:48 am

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by old blue » Tue Jul 18, 2006 5:08 am

Aloha!
Should we uninstall the component through the back-end?  Will this remove the current stats in the db?

Mahalos!

User avatar
trompete
Joomla! Explorer
Joomla! Explorer
Posts: 273
Joined: Thu Sep 01, 2005 11:19 pm
Location: Minneapolis, USA
Contact:

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by trompete » Tue Jul 18, 2006 5:14 am

Developer, bsq_sitestats module.
www.bs-squared.com

old blue
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun May 07, 2006 11:48 am

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by old blue » Tue Jul 18, 2006 5:14 am

Super mahalos for the very quick reply!

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by drummergirl » Tue Jul 18, 2006 5:48 am

Brent - installed BSQ just fine.  Everything looks good.  I am getting this in my log and I'm not sure what to make of it...

For the last several days I have had like a million of these entries...

Every minute I have an entry from an "Indeterminable" browser that keeps hitting this url:

http://www.girlscantwhat.com/component/ ... ss;action/

that link leads to the forum page.

There seem to be 4 or more IP addresses that do this.  These are not googlebots - at least I don't think they are - the googlebots actually say googlebot when you look up the IP address.  And searchbots don't repeatedly hit the same page over and over again.  The IP address tells me nothing other than all 4 or so of them US based.

I ask what these hits are because I found evidence of a hacking attempt on my site last night (no damage done) so I am looking everything over very closely now.  Hmmm

Any ideas?  They are still showing even after installing the latest about a half hour ago.  Thanks!

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by drummergirl » Tue Jul 18, 2006 6:35 am

Hey I found another strange thing.

When I checked the stats after the install of 2.1.1, I saw that a friend had been on my site in the last couple of minutes.  So I IM'd her and asked her if she was.  She said she hadn't been on my site all day.  Joomla shows her logged in and she's listed in the stats.  The log shows her looking at two really old blog articles.  Very odd.  May not be related to BSQ but I thought I'd mention it.

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by drummergirl » Wed Jul 19, 2006 5:46 pm

drummergirl wrote: Every minute I have an entry from an "Indeterminable" browser that keeps hitting this url:

http://www.girlscantwhat.com/component/ ... ss;action/

that link leads to the forum page.

There seem to be 4 or more IP addresses that do this.  These are not googlebots - at least I don't think they are - the googlebots actually say googlebot when you look up the IP address.  And searchbots don't repeatedly hit the same page over and over again.  The IP address tells me nothing other than all 4 or so of them US based.
Just an update...I blocked these IPs and everything seems to be fine now.  I am noticing on the "hits per day" graph that the lat point on the right shows the previous days date when you hover over it, but that is the point that keeps going up throughout the day as more hits are counted.  It also seems to jump to the next day (meaning rollover to the correct day) late in the evening.  Not sure what that is based on.  The actual time on the hits is the same as my server.

yabba dabba
Joomla! Intern
Joomla! Intern
Posts: 97
Joined: Fri Jan 27, 2006 4:03 pm

Re: BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib) PATCHED

Post by yabba dabba » Thu Jul 20, 2006 12:40 pm

drummergirl wrote:I am noticing on the "hits per day" graph that the lat point on the right shows the previous days date when you hover over it, but that is the point that keeps going up throughout the day as more hits are counted.  It also seems to jump to the next day (meaning rollover to the correct day) late in the evening.  Not sure what that is based on.  The actual time on the hits is the same as my server.
Same problem here, but I am using an earlier 2.0 version. I think this has been an issue for a while.

User avatar
trompete
Joomla! Explorer
Joomla! Explorer
Posts: 273
Joined: Thu Sep 01, 2005 11:19 pm
Location: Minneapolis, USA
Contact:

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomla

Post by trompete » Thu Jul 20, 2006 1:33 pm

Please don't jack this thread for bug reports. I'm looking for security issues only.
Developer, bsq_sitestats module.
www.bs-squared.com

yabba dabba
Joomla! Intern
Joomla! Intern
Posts: 97
Joined: Fri Jan 27, 2006 4:03 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by yabba dabba » Thu Jul 20, 2006 3:45 pm

I'm sorry.  :-[
It looked like this entire thread was about the upgrade because the first post directed security issues to be handled outside this thread.

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Wed Nov 08, 2006 8:44 pm

can you advise in the template.php where the following is insetred



Thankyou

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomla

Post by drummergirl » Wed Nov 08, 2006 8:46 pm

I have mine right after the tag.  :)

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Wed Nov 08, 2006 8:55 pm

thankyou, I think it works lol

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Wed Nov 08, 2006 9:11 pm

would I be right in saying that this is correct?

if(mosCountModules('right')>0) { ?>
                                     
                                         
                                     
                                     
                                     
                               
                               
                           
                   
               
               
                    Copyright (C) 2006 http://www.zkaradza.com
               
         
     


         
         
     






Does it look ok, and does the stats not start until 24 hours?

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomla

Post by drummergirl » Wed Nov 08, 2006 9:15 pm

Looks good.  You should start getting daily stats immediately.  I just clicked your link so there should be at least one hit to your home page.  Look on the summary tab.  On the referrers tab it should show that hit coming from joomla.org.


:pop  <-- where did this little guy come from?  cute!

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Wed Nov 08, 2006 9:53 pm

Where did he come from  :pop

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Wed Nov 08, 2006 9:55 pm

Well Ive tried all of that but there are no statistics as yet, Ive had 4 members and 3 guests on line in 120 minutes - but nothing to show  ???

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomla

Post by drummergirl » Wed Nov 08, 2006 10:06 pm

What are the settings for 'hit tracking' in your configuration?

User avatar
majorlag
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Fri Nov 03, 2006 7:42 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by majorlag » Thu Nov 09, 2006 8:02 am

These are set to the following:-

Track hits =-Yes

User avatar
drummergirl
Joomla! Explorer
Joomla! Explorer
Posts: 322
Joined: Wed Feb 22, 2006 9:51 pm
Location: Illinois
Contact:

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomla

Post by drummergirl » Thu Nov 09, 2006 1:14 pm

I am not sure what is going on at this point.  You might PM the developer.  ???

karryberry
I've been banned!
Posts: 21
Joined: Wed Dec 19, 2007 10:36 pm

Re: [UPGRADE AVAIL.] BSQ Sitestats (com_bsq_sitestats) and JoomlaLib (com_joomlalib)

Post by karryberry » Thu Dec 20, 2007 8:03 am

will the installation effect my database in any way? thanks in advance
smile


Locked

Return to “3rd Party/Non Joomla! Security Issues”