Site hacking

[alamgir99]

Vish
I took it seriously and so posting it here for your immediate attention.
My own site has been hacked last night in front of me!
They first changed the admin password and did lot more.

I have weekly backup but I am not an expert in restoration so, still waiting for a friend's hand.

Please take notice.
Also, I sent you one or two PM long time ago, no reply yet.

alamgir

[romit]

I think you should make a post on the security forums about this..

Were you running the latest version of Joomla i.e. 1.0.10.. ??
Was your configuration.php writable or unwritable.. ??
Was all your extra extensions/components/modules updated to the latest version ??

Do you have access to the log files of the server.. ??
Then It can be found out how they hacked the site..

On a side note: Most of the Joomla hackings occur due to weaknesses with the server software..
tell your host about this.. see what they have to say.

[alamgir99]

romit
i read some posts of hacking joomla site on this forum. there are lots of them.
i had joomla 1.0.9.

who has the time to read the logs! they are just IPs.
Joomla team has been swamped with logs of hacked site.

i take it was my fault, i used to use a single password on all accounts, from forum to my own

alamgir

[Vish]

I always fail to understand hackers phyche, what do they accomplish ?
But anyways, I got this email from phil-taylor last night

Dear Joomla friends,

It is not often I write a personal plea in an email, but if I could give you
guys one bit of advice for today it would be this.

IF YOU ARE RUNNING ANY OF THE FOLLOWING JOOMLA COMPONENTS THEN PLEASE
CONTACT ME ASAP! (Or research using the links at the bottom of this letter)

* Simpleboard
* ExtCalendar
* Any version of Joomla less than version 1.0.10

## IF YOU ARE RUNNING THESE YOUR WHOLE SITE CAN BE HACKED! ##

(NOTE: None of these products are created by Phil Taylor, there are no known
security issues of this type in Phil Taylor components)

Today I have had the enduring task of fixing five hacked websites, all the
hacks were using well (now) know security holes (Which are just plain bad
programming on the part of the developers) in the above two Joomla
Components.  Also running any version of Joomla less that the latest v1.0.10
version can also allow other attack attempts to be made.

If you need assistance in upgrading to Joomla 1.0.10 we would be happy to
help - we do loads of these a week!

Else, if you are running SimpleBoard or ExtCalendar then you should
remove/replace/fix/patch the files to stop hackers gaining access to your
server.

Here are some links to help you research:

You were running 1.0.9, that was one pitfall, but now, make sure you are not running the other two components mentioned....

I upgraded to 1.0.10 in the weekend next to its release....all of my sites...

I did not get any PMs from you  !!! What were they about?

[alamgir99]

Vish
My thinking is different. It does NOT really matter which version you use. They are human products and so likely to have errros which are exploited by others. What you would have said if this has happened before the release of 1.0.10? It's just consolation. "Update to the latest versions" is NOT a good suggestion, that you can follow. How would you update, PHP, MySQL and other server side software? You live on mercy of hosting provider.

I might share this piece of text:

Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure. Deal with it. People keep having this delusion that security is a product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox. It doesn't work that way. Security is a process, not a product. Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto. But, any car can be hit, and any car can be hit hard enough to destroy it. It's all about the odds and driving safely.

I read it somewhere in
https://www.hackinthebox.org/

thanks.

alamgir

[alamgir99]

Please read

http://forum.joomla.org/index.php?topic=77742.new#new

Twice!

[rheo99]

Hi wonder if anyone can help me.

Recently i setup a website and forum for a guy who does designing. I used Simpleboard forum. What happened was... the index.html file was changed to some text saying in BIG and bold letters.. this site has been hacked by **** and ****.

However the index.php files and other files were still intact and nothing was affected.

But cause my link from the website only gave the / and not to the specific file "index.php" It defaulted to index.html so that was seen.

I AM WONDERING, AFTER READING THIS THREAD, IS IT ADVISABLE TO USE SIMPLEBOARDS AT ALL?? Is that the cause of the hacking?

Rheo

I always fail to understand hackers phyche, what do they accomplish ?
But anyways, I got this email from phil-taylor last night

Dear Joomla friends,

It is not often I write a personal plea in an email, but if I could give you
guys one bit of advice for today it would be this.

IF YOU ARE RUNNING ANY OF THE FOLLOWING JOOMLA COMPONENTS THEN PLEASE
CONTACT ME ASAP! (Or research using the links at the bottom of this letter)

* Simpleboard
* ExtCalendar
* Any version of Joomla less than version 1.0.10

## IF YOU ARE RUNNING THESE YOUR WHOLE SITE CAN BE HACKED! ##

(NOTE: None of these products are created by Phil Taylor, there are no known
security issues of this type in Phil Taylor components)

Today I have had the enduring task of fixing five hacked websites, all the
hacks were using well (now) know security holes (Which are just plain bad
programming on the part of the developers) in the above two Joomla
Components.  Also running any version of Joomla less that the latest v1.0.10
version can also allow other attack attempts to be made.

If you need assistance in upgrading to Joomla 1.0.10 we would be happy to
help - we do loads of these a week!

Else, if you are running SimpleBoard or ExtCalendar then you should
remove/replace/fix/patch the files to stop hackers gaining access to your
server.

Here are some links to help you research:

You were running 1.0.9, that was one pitfall, but now, make sure you are not running the other two components mentioned....

I upgraded to 1.0.10 in the weekend next to its release....all of my sites...

I did not get any PMs from you  !!! What were they about?

[Vish]

rheo99

I would recommend that you post this in the security forums. They will be in a better position to help you...

[rheo99]

ok can thank you

[dalypaty]

I like this thread.thanks