Could JoomlaFCKEditor have caused site to be defaced?
Moderator: General Support Moderators
Forum rules
-
- Joomla! Explorer
- Posts: 267
- Joined: Mon Mar 12, 2007 7:41 pm
Could JoomlaFCKEditor have caused site to be defaced?
Last week my site was defaced. This was 2 days after installing JoomlaFCKEditor. I don't see this extension on the list of vulnerable extension. Can anyone give me any opinions about the latest release of this product? I am hesitant to reinstall it.
-
- Joomla! Enthusiast
- Posts: 233
- Joined: Sat Feb 18, 2006 3:31 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
Unless I am mistaken, it is still up on the extensions site: http://extensions.joomla.org/component/ ... Itemid,35/
I have used it on a couple of sites without issue (knock on wood!) but I have not been looking around to see if there are any vulnerabilities, either. So, I can't speak to the security of it.
I have used it on a couple of sites without issue (knock on wood!) but I have not been looking around to see if there are any vulnerabilities, either. So, I can't speak to the security of it.
-
- Joomla! Explorer
- Posts: 267
- Joined: Mon Mar 12, 2007 7:41 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
yes, that is where I downloaded it from. I'm afraid to reinstall it.
-
- Joomla! Enthusiast
- Posts: 233
- Joined: Sat Feb 18, 2006 3:31 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
Have you checked the vulnerable components list? http://help.joomla.org/component/option ... temid,268/
I don't see it listed there, but I do find this when I search this forum for JoomlaFCK:
http://forum.joomla.org/index.php/topic,89696.0.html
That thread pertains to versions 1.1.5 and 1.2.0, and is old (August 2006). Were you using either of those versions? The latest version for download is 2.4.4a, so you may try downloading and installing that one instead. Or, you can use JCE which is listed as an "Editor's Pick" on the extensions site. Personally, I have used both and either works just as well.
HTH!
I don't see it listed there, but I do find this when I search this forum for JoomlaFCK:
http://forum.joomla.org/index.php/topic,89696.0.html
That thread pertains to versions 1.1.5 and 1.2.0, and is old (August 2006). Were you using either of those versions? The latest version for download is 2.4.4a, so you may try downloading and installing that one instead. Or, you can use JCE which is listed as an "Editor's Pick" on the extensions site. Personally, I have used both and either works just as well.
HTH!
-
- Joomla! Explorer
- Posts: 267
- Joined: Mon Mar 12, 2007 7:41 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
Yes, I looked at the list, and yes I did have the most recent version installed.
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: Could JoomlaFCKEditor have caused site to be defaced?
Just because that was the last item you installed in your site, doesn't mean it is the reason your site was defaced. There are many, many ways in which security issues happen.
1. Have you contacted your host? Were any other sites at your host defaced? Could it have been a server security issue?
2. Were your files and folders all set with secure permissions? Did you edit any core files to customize them? Was your configuration file set with secure permissions? Were there any other add ons that you had installed? Have you analyzed your log files to determine what happened and when it happened?
1. Have you contacted your host? Were any other sites at your host defaced? Could it have been a server security issue?
2. Were your files and folders all set with secure permissions? Did you edit any core files to customize them? Was your configuration file set with secure permissions? Were there any other add ons that you had installed? Have you analyzed your log files to determine what happened and when it happened?
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
-
- Joomla! Explorer
- Posts: 267
- Joined: Mon Mar 12, 2007 7:41 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
I did alert my host. If it was there fault, they didn't come out and say so! (siteground.com). How would I know if other sites hosted there had been hacked as well? I did run a google search and found that a lot of sites had been hacked by this hacker though: [Mod edit: no sense giving credit to hacker]
Regarding folder/file permissions, all folders at root level of site are set at 755 with the exception of 'userfiles' (for authenticated editor document uploading) which is set at 775. All files at root level, including the configuration.php file are set at 644. This as it should be, right? I did not edit any of the core files. I was however editing the config file for the FCKEditor trying to get it to work with my site. I was having some difficulty getting the upload functionality to work and I never did get the browse functionality to work. The only other add on is OpenSEF. I have not analyzed log files. I am uncertain how to do that.
I have since updated to Joomal 1.0.13 and checked that I have the most current version of OpenSEF. I have not reinstalled the text editor.
Regarding folder/file permissions, all folders at root level of site are set at 755 with the exception of 'userfiles' (for authenticated editor document uploading) which is set at 775. All files at root level, including the configuration.php file are set at 644. This as it should be, right? I did not edit any of the core files. I was however editing the config file for the FCKEditor trying to get it to work with my site. I was having some difficulty getting the upload functionality to work and I never did get the browse functionality to work. The only other add on is OpenSEF. I have not analyzed log files. I am uncertain how to do that.
I have since updated to Joomal 1.0.13 and checked that I have the most current version of OpenSEF. I have not reinstalled the text editor.
Last edited by dhuelsmann on Tue Nov 20, 2007 2:20 am, edited 1 time in total.
- Jenny
- Joomla! Champion
- Posts: 6206
- Joined: Sun Aug 21, 2005 2:25 pm
- Contact:
Re: Could JoomlaFCKEditor have caused site to be defaced?
What version of Joomla! were you running before you upgraded?
Your host should be able to direct you to where your raw log files are. To understand more about how to analyze them see this post: http://forum.joomla.org/index.php/topic ... #msg289697
Your host should be able to direct you to where your raw log files are. To understand more about how to analyze them see this post: http://forum.joomla.org/index.php/topic ... #msg289697
Co-author of the Official Joomla! Book http://officialjoomlabook.com
Marpo Multimedia http://marpomultimedia.com
Marpo Multimedia http://marpomultimedia.com
-
- Joomla! Explorer
- Posts: 267
- Joined: Mon Mar 12, 2007 7:41 pm
Re: Could JoomlaFCKEditor have caused site to be defaced?
I was on 1.0.12.
I also just moved my configuration.php OUT of the public_html site. I'm making me way through the checklist.
I also just moved my configuration.php OUT of the public_html site. I'm making me way through the checklist.
Last edited by Run4it on Mon Nov 19, 2007 11:42 pm, edited 1 time in total.
- donmarvin
- Joomla! Explorer
- Posts: 379
- Joined: Sat Mar 04, 2006 2:27 pm
- Location: New York
- Contact:
Re: Could JoomlaFCKEditor have caused site to be defaced?
I have JoomlaFCK 2.4.4 on my site and I just noticed that anyone can access the upload screen w/o being logged in by going to:
http://www.mydomain.com/mambots/editors ... nector.php
http://www.mydomain.com/mambots/editors ... nector.php
http://www.iTeachMe.com
Online Learning System for Joomla!(R)
Online Learning System for Joomla!(R)