Could JoomlaFCKEditor have caused site to be defaced?

[Run4it]

Last week my site was defaced.  This was 2 days after installing JoomlaFCKEditor.  I don't see this extension on the list of vulnerable extension.  Can anyone give me any opinions about the latest release of this product? I am hesitant to reinstall it.

[rmd]

Unless I am mistaken, it is still up on the extensions site: http://extensions.joomla.org/component/ ... Itemid,35/

I have used it on a couple of sites without issue (knock on wood!) but I have not been looking around to see if there are any vulnerabilities, either. So, I can't speak to the security of it.

[Run4it]

yes, that is where I downloaded it from.  I'm afraid to reinstall it.

[rmd]

Have you checked the vulnerable components list? http://help.joomla.org/component/option ... temid,268/

I don't see it listed there, but I do find this when I search this forum for JoomlaFCK:
http://forum.joomla.org/index.php/topic,89696.0.html

That thread pertains to versions 1.1.5 and 1.2.0, and is old (August 2006). Were you using either of those versions? The latest version for download is 2.4.4a, so you may try downloading and installing that one instead. Or, you can use JCE which is listed as an "Editor's Pick" on the extensions site. Personally, I have used both and either works just as well.

HTH!

[Run4it]

Yes, I looked at the list, and yes I did have the most recent version installed.

[Jenny]

Just because that was the last item you installed in your site, doesn't mean it is the reason your site was defaced.  There are many, many ways in which security issues happen.

1. Have you contacted your host?  Were any other sites at your host defaced?  Could it have been a server security issue?
2. Were your files and folders all set with secure permissions? Did you edit any core files to customize them? Was your configuration file set with secure permissions?  Were there any other add ons that you had installed?  Have you analyzed your log files to determine what happened and when it happened?

[Run4it]

I did alert my host.  If it was there fault, they didn't come out and say so!  (siteground.com).  How would I know if other sites hosted there had been hacked as well? I did run a google search and found that a lot of sites had been hacked by this hacker though: [Mod edit: no sense giving credit to hacker]


Regarding folder/file permissions, all folders at root level of site are set at 755 with the exception of  'userfiles' (for authenticated editor document uploading) which is set at 775.  All files at root level, including the configuration.php file are set at 644.  This as it should be, right?  I did not edit any of the core files.  I was however editing the config file for the FCKEditor trying to get it to work with my site.  I was having some difficulty getting the upload functionality to work and I never did get the browse functionality to work.  The only other add on is OpenSEF.  I have not analyzed log files.  I am uncertain how to do that.

I have since updated to Joomal 1.0.13 and checked that I have the most current version of OpenSEF.  I have not reinstalled the text editor.

[Jenny]

What version of Joomla! were you running before you upgraded?

Your host should be able to direct you to where your raw log files are.  To understand more about how to analyze them see this post: http://forum.joomla.org/index.php/topic ... #msg289697

[Run4it]

I was on 1.0.12.

I also just moved my configuration.php OUT of the public_html site.  I'm making me way through the checklist.

[donmarvin]

I have JoomlaFCK 2.4.4 on my site and I just noticed that anyone can access the upload screen w/o being logged in by going to:

http://www.mydomain.com/mambots/editors ... nector.php