Joomla! Discussion Forums

Hello,

I was in for a rude shock this morning. One of my web sites has been hacked - see pics attached. What's weird is that they seem to have logged in as an existing user (an account I had created for myself) and changed a content item. Obviously, they seem to be very knowledgeable about Joomla, but what baffles me is how they got into my account?

I am attaching a couple of pictures for everyone's reference. I googled their names, but they don't seem to be very active on the internet.

I'd appreciate it if anyone has any ideas how these guys could've got my user account. Here are some details:

Database Version:  4.1.22-standard-log
PHP Version: 4.4.7
Web Server: Apache
WebServer to PHP interface: apache
Joomla! Version: Joomla! 1.0.12 Stable [ Sunfire ] 25 December 2006 01:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Relevant PHP Settings:
Joomla! Register Globals Emulation: OFF
Register Globals: OFF
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF
Session save path: /tmp
Short Open Tags: ON
Output Buffering: OFF
Open basedir: none
Display Errors: ON
XML enabled: Yes
Zlib enabled: Yes
Disabled Functions: none

Moderator note; images with hacker names removed, no need to give them any credit 

Sorry.. I did remember to not mention them in the write-up.. but forgot to remove their names from the images.. here's an image with the name pixelated out. I wanted to show it to other users because this sort of attack is unusual to me. I have no idea how they got a hold of and cracked on of my user account - although the account was a demo account and had a weak password

- V

Thats probably your answer...

dhuelsmann,

Thanks very much for the links. I will read them up. We have restored the site from a backup that was taken a week ago. I have deleted the demo account. So we're good for now.

shawn122,

While I realize that having a weak password on the demo account was probably my fault, I was wondering how anyone would have found this web site and what they would be looking for?

- V

I didnt get a chance to see the hacked pictures so I am not sure the extent of the problem.  If they just added that one content item then it was probably a prank of some type and nothing more.

In many cases there is no specific targeted reason for attacking a website, unless of course your site is a high-profile or contains what some might consider contentious content. Most of these type of attacks are enacted by "script-kiddies" for the fun or thrill of the exploit, nothing more nothing less.... 

These sort of attacks, are in general innocuous, although annoying and frustrating.  In many respects, from the attackers perspective,  a lesser know site is an easier target and more likely to produce a successful exploit for the average attacker due to it not being very likely to have been professionally secured.

You were unlikely to have been targeted specifically, more misfortune that it was your site and not the next persons....