The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 
  Print view Previous topic | Next topic 
Author Message
maddunr
PostPosted: Mon Aug 27, 2007 4:59 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Oct 06, 2005 4:43 pm
Posts: 312
Hello,

I was in for a rude shock this morning. One of my web sites has been hacked - see pics attached. What's weird is that they seem to have logged in as an existing user (an account I had created for myself) and changed a content item. Obviously, they seem to be very knowledgeable about Joomla, but what baffles me is how they got into my account?

I am attaching a couple of pictures for everyone's reference. I googled their names, but they don't seem to be very active on the internet.

I'd appreciate it if anyone has any ideas how these guys could've got my user account. Here are some details:

Database Version:  4.1.22-standard-log
PHP Version: 4.4.7
Web Server: Apache
WebServer to PHP interface: apache
Joomla! Version: Joomla! 1.0.12 Stable [ Sunfire ] 25 December 2006 01:00 UTC
User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Relevant PHP Settings:
Joomla! Register Globals Emulation: OFF
Register Globals: OFF
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF
Session save path: /tmp
Short Open Tags: ON
Output Buffering: OFF
Open basedir: none
Display Errors: ON
XML enabled: Yes
Zlib enabled: Yes
Disabled Functions: none


Last edited by Robin on Mon Aug 27, 2007 5:25 pm, edited 1 time in total.

Top
 Profile  
 
Robin
PostPosted: Mon Aug 27, 2007 5:26 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 10:41 am
Posts: 15750
Moderator note; images with hacker names removed, no need to give them any credit  ;)

_________________
Regards Robin

http://www.linkedin.com/in/robinmuilwijk - http://twitter.com/i_robin
Top
 Profile  
 
maddunr
PostPosted: Mon Aug 27, 2007 5:52 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Oct 06, 2005 4:43 pm
Posts: 312
Sorry.. I did remember to not mention them in the write-up.. but forgot to remove their names from the images.. here's an image with the name pixelated out. I wanted to show it to other users because this sort of attack is unusual to me. I have no idea how they got a hold of and cracked on of my user account - although the account was a demo account and had a weak password :(

- V


You do not have the required permissions to view the files attached to this post.

Top
 Profile  
 
dhuelsmann
PostPosted: Mon Aug 27, 2007 6:30 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Sun Oct 02, 2005 12:50 am
Posts: 17557
Location: Omaha, NE
RussW wrote:
please review the following posts and FAQ's, you will find there is a wealth of information to assist you in such situations. As far as we are aware at this time, Joomla! has no known vulnerabilities and statistically sites are compromised through poor server, php security or vulnerable extensions and primarily due to end-user mis-configuration of permissions.



  Security & Performance FAQ

It is not recommended to leave your sites publicly available and exploited, as it will only serve to promote the offenders ego and kudos and potentially expose the rest of the server to attack.

The above mentioned FAQ will provide with more than enough information to assist you in recovering and further securing your sites.

Particular entries of note and to pay attention to, are;

  Joomla! Administrator's Security Checklist

  Help! My site's been compromised. Now what?

  Vulnerable Extension List

  Joomla! Tools Suite
  How can I check my Joomla! installation's overall security and health?

  What does Joomla! have to do with file permissions?

_________________
Regards, Dave
http://www.kiwaniswest.org
http://www.huelsmann.us
Top
 Profile  
 
shawn122
PostPosted: Mon Aug 27, 2007 6:33 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Mar 03, 2006 10:47 pm
Posts: 183
Location: Toronto
maddunr wrote:
although the account was a demo account and had a weak password :(

- V


Thats probably your answer...
Top
 Profile  
 
maddunr
PostPosted: Mon Aug 27, 2007 8:04 pm 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Oct 06, 2005 4:43 pm
Posts: 312
dhuelsmann,

Thanks very much for the links. I will read them up. We have restored the site from a backup that was taken a week ago. I have deleted the demo account. So we're good for now.

shawn122,

While I realize that having a weak password on the demo account was probably my fault, I was wondering how anyone would have found this web site and what they would be looking for?

- V
Top
 Profile  
 
shawn122
PostPosted: Mon Aug 27, 2007 8:45 pm 
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Fri Mar 03, 2006 10:47 pm
Posts: 183
Location: Toronto
I didnt get a chance to see the hacked pictures so I am not sure the extent of the problem.  If they just added that one content item then it was probably a prank of some type and nothing more.
Top
 Profile  
 
RussW
PostPosted: Tue Aug 28, 2007 5:14 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
In many cases there is no specific targeted reason for attacking a website, unless of course your site is a high-profile or contains what some might consider contentious content. Most of these type of attacks are enacted by "script-kiddies" for the fun or thrill of the exploit, nothing more nothing less.... 

These sort of attacks, are in general innocuous, although annoying and frustrating.  In many respects, from the attackers perspective,  a lesser know site is an easier target and more likely to produce a successful exploit for the average attacker due to it not being very likely to have been professionally secured.

You were unlikely to have been targeted specifically, more misfortune that it was your site and not the next persons....

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 8 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group