Joomla! Discussion Forums

Hi All,

I have received this email from my hosting. They have turned off my site for the following reason.



Regarding your shared hosting XXXXXXXRemoved.com.

It has come to our attention that you are running "Joomla! Mambot" where multiple .PHP scripts throughout your content are vulnerable because data used in the "( $mosConfig_absolute_path" parameter is not properly verified before being used to include files. This vulnerability has allowed multiple attack IPs the ability to upload malicious content as far back as August 22, 2007. We recommend that you immediately update software (1.5 RC4) and manually review all code to ensure that input is properly sanitized. We've had the current attack IPs blocked at localhost, vulnerable scripts disabled, and had the malicious content removed.

Please contact us if you have any further issues.

Michael H.
Hosting Support
Hosting Operations


Are they right to be forcing me onto a Release candidate rather than a stable version? I have googled and cannot find any info on the vulnerability they mention. I have been around in circles for days with there only reply is to upgrade to RC4. Any help greatly accepted.

This is my settings.

Joomla! Version:  Joomla! 1.0.13 Stable [ Sunglow ] 21 July 2007 16:00 UTC


Relevant PHP Settings:
Joomla! Register Globals Emulation: OFF
Register Globals: ON
Magic Quotes: ON
Safe Mode: OFF
File Uploads: ON
Session auto start: OFF

I beleive the important part here is that PHP register_globals is on, if i were you, I would mail back the host and suggest that if they are concerned about the vulnerability of your site exposing their server, that they turn OFF PHP register_globals before suggesting that you must upgrade to 1.5 from 1.0. although this problem is eleviated in 1.5 and lax server security through PHP register_globals is no longer an issue.

Beware though, turning off PHP register_globlas may break certain components of your site if they rely on that settign being on, which is probably what the host is actually complaining about, the use of an old and unsecured extension.

Additional information maybe found here:

  Security & Performance FAQ

The above mentioned FAQ will provide with more than enough information to assist you in further securing your sites.

Particular entries of note and to pay attention to, are;

  Joomla! Administrator's Security Checklist

  Help! My site's been compromised. Now what?

  Vulnerable Extension List

  Joomla! Tools Suite
  How can I check my Joomla! installation's overall security and health?

  What does Joomla! have to do with file permissions?