Joomla! Discussion Forums

File Includer -Increase Performance, GZIP CSS & JS - http://extensions.joomla.org/component/ ... Itemid,35/

This tool has a PHP Injection vul, please remove it before you've been hacked!

For more info, follow this link:
http://www.domain.com/path_to_script/fi ... t/test.txt

The test.txt contain:

Thanks for the warning.

We took off for the moment from JED this file and also a component by the same developer using that file, com_configeditor

com_juser and com_jjgallery have RFI vulnerability as well,
exploits published yesterday and few days ago.

i guess this explains the recent rush of hacked sites...

Thanks Joomborg for your report. It's appreciated!

We have unpublished JUser and Carousel Flash Image Gallery extensions and we have notified the developers.

[MOD note: moving to 3rd party/Non Joomla! Security Issues]

The developer of Carousel Flash Image Gallery has now upgraded their component and they have also released a security patch.

The developer of Juser says that this vulnerability has been fixed in their latest version of Juser 2.0.1 RC.

Hi there
Can anyone here pehaps give me some advice as to this warning message I recieved from jDefender.

My site has been atacked alot recently, and I got this after reinstaling it yesterday:

My config is:
PHP Version 5.2.6
Linux fhlinux141
Joomla 1.5.9
Extentions:
mod_ninjasifr
mod_yoo_carousel
mod_yoo_login
mod_yoo_search
mod_yoo_toppanel
plg_rokbox-content
plg_rokbox-system

com_jdefender
plg_badbehaviour
plg_jdefender
plgSystemJSecure
RokBridge with PHPBB3

Theme = yoo evolution

The website has been set to offline since the reinstall, the sheer relentlessness of the atacks and the amount of work lost has really upset me now.
The above message may be nothing I'm not sure, I just need a little advice before I move the site back over and set joomla online again.