Someone just tryed/hacked me through com_mambatstaff

[squig]

Another [RussW: group removed, irrelevant] tried/hacked me (I don't know which yet) about 1 hour ago.

In my statistics there are links to a component which I don't even have installed called mambatstaff.
bsq stats lists the hacker  [RussW: IP and Country removed, irrelevant].
I looked up mambatstaff and found it is a known vulnerability.

It is obviously an autogenerated hack
system they have setup and they included a reference back to some kind of
[RussW: site removed, irrelevant] site, and when I tried to do a trace route or whois to the domain
nothing could be found which I have no idea how they could do.

I am using 1.0.13
So be warned, and if you see the same thing happened today in your
stats report it to the hacker's host, maybe they can find him. I already
reported it with the links to what appeared to be the hackers direct isp.

[emagin]

What are your settings for:
.htaccess
php.ini

Are you hosted or do you run your own box?
Did you apply all the security settings recommended in this forum? I can provide links

[squig]

it is shared hosting at micfo (which i entirely do NOT recommend to anyone - I am leaving it once my paid time is over).

I do not have the capability to figure out
all of the recommended joomla security hacks, if it doesn't come default
in joomla or it can't be understood by a useless idiot like
me then I am not going to waste years in trying to figure out
how to do it, and unfortunately I have no cash to hire anyone
to do it for me as I don't make any money on any of my sites.
All this stuff is just too complicated for me, I just posted this info
about what happened to my site thinking maybe it might help one person out there somewhere
from being hacked, because I don't even have the capability to figure out more
then 20% probably of how to tweak joomla and php and all
those tech term things but maybe someone else does and
can protect themselves better then I could.

Thanks for responding but unfortunately I have seen all the links
and they are beyond my capability or patience to figure out how to implement
beyond a few of the basic things.

Have a good day.

[infograf768]

Unhappily, the infos you provide are useless to anyone.
Origin of crackers or their IP or what they managed to display on your site would not solve the issue.
The fact that you saw in your stats something about mambatstaff neither if you really do not have any trace of that extension in your install.

Joomla is one thing, your server and settings are another one.
If you had no vulnerable extensions installed, if all your files and folders were CHMODED as should, if you had enabled the .htaccess file, if Register Globals Emulation was Off, then the only remaining reason for the hack would be your server.

[RussW]

If you have no interest or inclination to learn how to secure and support your own Joomla! instance, I am afraid there is little to nothing that anyone here can to for you either.

Good luck in the future, I hope that vulnerabilities are not found within your site or server in future.

[grayz]

This is an old thread, but today somebody tried to attack my site too through
com_thopper/inc/urgency_type.php
com_mambatstaff/mambatstaff.php
com_ponygallery/admin.ponygallery.html.php
administrator/components/com_jcs/view/register.php

All these add-ons seems to be rather old and not supported currently.

[grayz]

So, the attacks continued. I tied a little bit and tried JWsec plugin, which can block specified IPs. As by now it helped.
Also, I found the hoster and wrote a claim. No reply by now, but will see.