Thats great news ElpieElpie wrote: That vulnerability has already been fixed in the upgrade that we should have out soon.
We are in the final testing stages now.
[UPGRADE AVAIL.] ExtCalendar Vulnerability
Moderator: General Support Moderators
Forum rules
-
- Joomla! Enthusiast
- Posts: 160
- Joined: Sun Mar 12, 2006 7:11 pm
Re: ExtCalendar
- Gregorius
- Joomla! Apprentice
- Posts: 34
- Joined: Sun Aug 21, 2005 4:34 am
- Location: Melbourne, Australia
- Contact:
Re: ExtCalendar
Great news indeed.. thank you for your efforts guys... its muchly appreciated.
DoofCentral - Your Psychedelic Universe
http://www.doofcentral.com
- Trying to upgrade to Joomla, but that brick wall is starting to win the battle.
http://www.doofcentral.com
- Trying to upgrade to Joomla, but that brick wall is starting to win the battle.
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
Client of mine also hacked...nothing wrong with configuration.php but the index.php was replaced......
waiting for the patch.....
cheers
Leo
waiting for the patch.....
cheers
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: ExtCalendar
Testing is well underway Leo - hope to have it available for you soon.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
need testing and hack-attempt assistance?Elpie wrote: Testing is well underway Leo - hope to have it available for you soon.
cheers
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: ExtCalendar
Ditto here. I'm on a VPS and haven't had any hack attempts since moving to it, but would be willing to do testing with you.leolam wrote:need testing and hack-attempt assistance?Elpie wrote: Testing is well underway Leo - hope to have it available for you soon.
cheers
Leo
-
- Joomla! Enthusiast
- Posts: 127
- Joined: Thu Oct 06, 2005 2:07 pm
Re: ExtCalendar
I dashur Albi,
can you confirm that using the Calendar version you suggested there are no known security issues?
Të fala (Regards),
Luigi
can you confirm that using the Calendar version you suggested there are no known security issues?
Të fala (Regards),
Luigi
- svenl
- Joomla! Ace
- Posts: 1032
- Joined: Mon Oct 17, 2005 1:50 pm
- Location: Närke, Sweden
- Contact:
Re: ExtCalendar
Thanks for this.Elpie wrote: Testing is well underway Leo - hope to have it available for you soon.
Even if it still are a "beta" and in testing mode, is it possible to have "hands on it" and start implement ExCalendar again.
Is it anybody that also will start to develop this component futher??
/Sven
-
Sanningen finns där ute, har du sökt efter ditt svar?
var svaret bra och löste ditt problem? Glöm då inte att ändra ditt första inlägg till löst (Solved)
Sanningen finns där ute, har du sökt efter ditt svar?
var svaret bra och löste ditt problem? Glöm då inte att ändra ditt första inlägg till löst (Solved)
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: ExtCalendar
We are not releasing it until it has been thoroughly tested. The reason for this is that we need to be certain that it works as intended without causing problems. When we looked into the code we found that there was a lot more to do to fix security issues than just preventing direct access and we had to write the update so it would install the new version and completely remove the old one.
Do NOT uninstall the ExtCalendar you have now, through the Joomla backend admin, unless you have a backup or are prepared to lose all your events. The current version deletes all its data tables when it is uninstalled.
And, don't worry, ExtCalendar is not an orphan project any more. We will be looking after it
Do NOT uninstall the ExtCalendar you have now, through the Joomla backend admin, unless you have a backup or are prepared to lose all your events. The current version deletes all its data tables when it is uninstalled.
And, don't worry, ExtCalendar is not an orphan project any more. We will be looking after it
Last edited by Elpie on Fri Jul 14, 2006 2:00 pm, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: ExtCalendar
Misleading advice.Elpie wrote:Do NOT uninstall the ExtCalendar you have now
Possibly reword like this:
"Do not use the Joomla Uninstall method in Joomla ADmin for uninstalling extCalendar right now as the would remove your events and they would be lost for ever - HOWEVER YOU MUST remove manually using FTP or SSH the /components/com_extcalandar/ folder and all files below in order to prevent your site getting hacked."
:-)~ :-)
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: ExtCalendar
Agreed, I missed a couple of words Fixed that now.
All going well, the release should only be a matter of hours away.
All going well, the release should only be a matter of hours away.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: ExtCalendar
Actually I don't think that removing the component, regardless of the method used, is a 'must'. If your site is secure, and in my case on your own server, the odds of a hacking event are somewhat mitigated.
I don't think we should state that just because there's an issue, users should remove the product. And how long will we have to wait for the fix? I doubt we have to wait much longer, as these guys seem to really have pride in their product and my feel is they'll be providing us a very good solution in very little time.
I just would hate to "stampede the cattle" by shouting 'fire, fire, fire' when some of us may be at risk, but not been hacked, but the hack-proof solution is soon to come. Most of us get that knee-jerk reaction when we start hearing about these hacker events, but there are enough suggestions floating around to where I believe one could secure their site well enough until the solution is provided.
Anyway, that's my thought on this. I'm waiting patiently for that update myself, as I feel that this product is now an integral part of my site and I definitely don't want to lose it.
I don't think we should state that just because there's an issue, users should remove the product. And how long will we have to wait for the fix? I doubt we have to wait much longer, as these guys seem to really have pride in their product and my feel is they'll be providing us a very good solution in very little time.
I just would hate to "stampede the cattle" by shouting 'fire, fire, fire' when some of us may be at risk, but not been hacked, but the hack-proof solution is soon to come. Most of us get that knee-jerk reaction when we start hearing about these hacker events, but there are enough suggestions floating around to where I believe one could secure their site well enough until the solution is provided.
Anyway, that's my thought on this. I'm waiting patiently for that update myself, as I feel that this product is now an integral part of my site and I definitely don't want to lose it.
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: ExtCalendar
Exactly how many Joomla Users have that though???? And even if they do - do they have the knowledge to make a server secure - probably not.If your site is secure, and in my case on your own server,
Try telling that the the people that got hacked - to the 50+ people that have employed my company to fix their sites after the hackers.... Some of which were dedicated servers!
I'm not yelling fire fire fire - Im being real and serious about a real and expanding threat to hacking of 3PD
Last edited by PhilTaylor-Prazgod on Fri Jul 14, 2006 2:29 pm, edited 1 time in total.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
Incorrect wording and confusing for newbies and people who do not have YOUR knowledge!PhilTaylor-Prazgod wrote:
Misleading advice.
Possibly reword like this:
"Do not use the Joomla Uninstall method in Joomla ADmin for uninstalling extCalendar right now as the would remove your events and they would be lost for ever - HOWEVER YOU MUST remove manually using FTP or SSH the /components/com_extcalandar/ folder and all files below in order to prevent your site getting hacked."
Please realise that we (more experienced people) are here to help and protect the users of this fantastic Joomla-product and that we are not in this to play games and use the situation to promote!
Most likely rewording so people with less KB understand this as well!:
"Do NOT uninstall the ExtCalendar you have now, through the Joomla backend admin, because you will loose all your events. The current version deletes all its data tables where the events are stored when it is uninstalled through the uninstaller of the admin backend." If you want to maintain your events which are stored in the database-tables while waiting for the new EXT Calendar patch you should strongly consider to remove manually (using FTP or your cPanel-filemanager or equivalent panel) the /components/com_extcalandar/ folder and all files below. This will secure for now your system from being hacked through this component and keeps your events in the database for future use when the new files and folders are available whch will be soon."
next@ Phil...You promote on your website a hack for download solving this issue... Your rewording above is though contradiction to the "patch" on your site since it advises to remove the folders instead of applying the patch as you promote on your site? Can you please clarify this to avoid misunderstanding?
I am simply asking how your rewording from above fits this message. The people who are currently working on this new patch are addressing serious sql-issues and others related to EXT Calendar as well.....Could you shine your light on this as well because it seems that a little bit more is present than you have addressed in your patch if i understand this correct? Please advise becasue i would love to know if i can use your patch you have installed with your 50 or so users or should i uninstall as you suggest in your rewording? Is your patch safe and does it solves the issue?PhilTaylor-Prazgod wrote: Try telling that the the people that got hacked - to the 50+ people that have employed my company to fix their sites after the hackers....
I'm not yelling fire fire fire - Im being real and serious about a real and expanding threat to hacking of 3PD
thanks
Cheers
Leo
Last edited by leolam on Fri Jul 14, 2006 2:38 pm, edited 1 time in total.
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: ExtCalendar
Maybe if the "more experienced" had advised his customer correctly he would not hack got hacked !!leolam wrote: Client of mine also hacked...nothing wrong with configuration.php but the index.php was replaced......
waiting for the patch.....
cheers
Leo
Maybe if the "more experienced" had the experience he could patch or help his customer right away?
Not sure if you are counting your self more experienced then me or that you think I am trying to promote my services ? or both. Infact I do this for a living is a fact - I cant change that - and yes I do charge and yes I do make money - get over it - thats my job! - it also means that I am very experienced.Please realise that we (more experienced people) are here to help and protect the users of this fantastic Joomla-product and that we are not in this to play games and use the situation to promote!
At the end of the day if users leave excalendar.php or file_upload.php or image_upload.php on their server they seriously risk getting hacked. Even if they are leaving it there waiting for a new release to be made.
Two choices:
1) remove the files - dont get hacked
2) leave the files - risk getting hacked.
I personally was involved in one of the first hacks of this wave last friday - and since then I have spend 12 hours of every day - along with two staff members fixing hacked sites around the world. I am experienced in the hackers methods and entry points and know I personally can protect a server from hacking.
Last edited by PhilTaylor-Prazgod on Fri Jul 14, 2006 3:12 pm, edited 1 time in total.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
may i object to this flame and abuse? I ask you a very descent question, one which is not flaming and one which is very fair question? I asked you if your thread was solving the issue and i made a clarification on the remark. What is wrong with asking if your solution solves it? OPlease advise why you need to be aggresive and abusive?PhilTaylor-Prazgod wrote: @leo
Im not interested in your nit picking personal flaming thread posts - go and find some one else to troll and I'll simply get on with doing what I was doing before you decided to popin.
leolam wrote: Client of mine also hacked...nothing wrong with configuration.php but the index.php was replaced......
waiting for the patch.....
cheers
Leo
thanks you for that...I could reply very easy with a remark that i read somewhere that you just helped 50 of your customers but i won't becasue i just asked a descent question on which i have not yet got an answer. Does your patch solves the issue was the question? If so I am happy and we will apply ity to the customer's site!!Maybe if the "more experienced" had advised his customer correctly he would not hack got hacked !!
Please note that i do not understand your aggression and or your frustration. I even posted a thank you message on your blog at http://blog.phil-taylor.com for sharing your solution with us...I read now that we have other developments (Elpie's posts) and possible other hacks or releases and i ask a question......the answer is insults? May I be displeased with that approach?
Cheers
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: ExtCalendar
Actually they were not customers of mine - but they are now cause they knew where to turn when they were let down by other so called "more experienced"just helped 50 of your customers
The fact is, and this thread proves, that there is a lot of people thinking they are qualified to give advice. Even bad advice.
Your posts have done nothing for this thread.
I conclude (on topic)
If you have files extcalendar.php, file_upload.php, image_upload.php (or perForms) on your site then you are liable to be hacked if have not taken action to remove, patch, or protect yourself agains a string of automated, self replicating attacks. You are also vunerable if you have taken action based on some incorrect advice (like modifing htaccess files I read somewhere)
You have been warned.
Last edited by PhilTaylor-Prazgod on Fri Jul 14, 2006 3:09 pm, edited 1 time in total.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
completely agree without doubt!PhilTaylor-Prazgod wrote: The fact is, and this thread proves, that there is a lot of people thinking they are qualified to give advice. Even bad advice.
which is without doubt an excellent advise! but:If you have files extcalendar.php, file_upload.php, image_upload.php (or perForms) on your site then you are liable to be hacked if have not taken action to remove, patch, or protect yourself agains a string of automated, self replicating attacks. You are also vunerable if you have taken action based on some incorrect advice (like modifing htaccess files I read somewhere)
You have been warned.
Phil,
once again I ask you if your patch which is downloadable from your site solves indefinitely this vulnarability which has been discovered recently? Is it too much asked to give a straight answer to that question which is a fair request? On the bad advise i do concur by the way. the .htaccess remarks are not applicable in this situation and does not solve anything. So in other words if i understand you correct that if I would apply your patch I do not have to fear anymore and i cannot get hacked through the ext.calendar vulnerability any longer?
Cheers
Leo
Last edited by leolam on Fri Jul 14, 2006 3:22 pm, edited 1 time in total.
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- albi
- Joomla! Explorer
- Posts: 273
- Joined: Fri Aug 19, 2005 12:47 pm
- Contact:
Re: ExtCalendar
Pershendetje miku imlboccia wrote: I dashur Albi,
can you confirm that using the Calendar version you suggested there are no known security issues?
Të fala (Regards),
Luigi
No known security issues till now for this calendar
http://extensions.joomla.org/component/ ... Itemid,35/
Regards
dimitri
Demetris Dimarelis
http://www.e-orama.com, Web Services & Internet Marketing in Greece & Albania
http://www.e-orama.com, Web Services & Internet Marketing in Greece & Albania
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: ExtCalendar
Simple answer. The patch on my blog has been removed in favour of the pending combined developers re-release of ExtCalendar which I have been aware of for some time. The patch that was available on my site was developed inhouse at speed for a particular customer and fixed all file include vunerabilities in that single file. Since that time other SQL injection and string manipulatiuon issues have been found and the patch removed from my site.Phil,
once again I ask you if your patch which is downloadable from your site solves indefinitely this vulnarability which has been discovered recently? Is it too much asked to give a straight answer to that question which is a fair request? On the bad advise i do concur by the way. the .htaccess remarks are not applicable in this situation and does not solve anything. So in other words if i understand you correct that if I would apply your patch I do not have to fear anymore and i cannot get hacked through the ext.calendar vulnerability any longer? Smiley
Cheers
I have been in almost daily touch with Martin Brampton (Ex Mambo Core Lead Developer) and he has been working with the team on securing ExtCalendar. I have offered to promote the official release he and the team of developers will make available soon to my mailing list of over 10,000 Joomla users worldwide (The same list I announced the issues to at the beginning of this week).
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
Thank you for your reply....that was all i asked for in my initial post. On the remainder i will post in private to the known channels. As usual it was my pleasurePhilTaylor-Prazgod wrote:Simple answer. The patch on my blog has been removed in favour of the pending combined developers re-release of ExtCalendar which I have been aware of for some time. The patch that was available on my site was developed inhouse at speed for a particular customer and fixed all file include vunerabilities in that single file. Since that time other SQL injection and string manipulatiuon issues have been found and the patch removed from my site.Phil,
once again I ask you if your patch which is downloadable from your site solves indefinitely this vulnarability which has been discovered recently? Is it too much asked to give a straight answer to that question which is a fair request? On the bad advise i do concur by the way. the .htaccess remarks are not applicable in this situation and does not solve anything. So in other words if i understand you correct that if I would apply your patch I do not have to fear anymore and i cannot get hacked through the ext.calendar vulnerability any longer? Smiley
Cheers
I have been in almost daily touch with Martin Brampton (Ex Mambo Core Lead Developer) and he has been working with the team on securing ExtCalendar. I have offered to promote the official release he and the team of developers will make available soon to my mailing list of over 10,000 Joomla users worldwide (The same list I announced the issues to at the beginning of this week).
Cheers
Leo
Last edited by leolam on Fri Jul 14, 2006 3:56 pm, edited 1 time in total.
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: ExtCalendar
Weeeeeeeeeeeeeeeeea hah.... sometimes these forums can be oh so much fun!!!
This is what I meant in an earlier post about developers not wanting to hear anything bad said about their "babies". You gotta love developers, they are such lonely people, working hard on their computers all in a world of their making, designing and creating wonderful products for lame butts like me....
Warning to all visitors to these forums - never get a developer angry at you - the have a very long memory, and tons of RAM to store it in!!!
This is what I meant in an earlier post about developers not wanting to hear anything bad said about their "babies". You gotta love developers, they are such lonely people, working hard on their computers all in a world of their making, designing and creating wonderful products for lame butts like me....
Warning to all visitors to these forums - never get a developer angry at you - the have a very long memory, and tons of RAM to store it in!!!
-
- Joomla! Apprentice
- Posts: 7
- Joined: Tue Jul 11, 2006 4:25 pm
Rootkit Installed
I have a website that was defaced through the security hole in the ExtCalendar component and previously with RSGallery. In both defacements, not only did the home page get replaced, but the hacker installed a rootkit. My other security measures limited the rootkit's usefulness, but standard installations would be compromised and most likely be relays for spam or slaves for a DDOS attack. If you have been hacked, or even before you have been hacked, and you're running a *NIX system, I would recommend to install and run a rootkit scanner like chkrootkit or rkhunter and a log analysis program like logwatch. Here are their web site addresses:
http://www.chkrootkit.org/
http://www.rootkit.nl/
http://www.logwatch.org/
http://www.chkrootkit.org/
http://www.rootkit.nl/
http://www.logwatch.org/
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: Rootkit Installed
Please pardon my ignorance (well, why should you? My wife doesn't). What is a *NIX system???donaldwheaton wrote: I have a website that was defaced through the security hole in the ExtCalendar component and previously with RSGallery. In both defacements, not only did the home page get replaced, but the hacker installed a rootkit. My other security measures limited the rootkit's usefulness, but standard installations would be compromised and most likely be relays for spam or slaves for a DDOS attack. If you have been hacked, or even before you have been hacked, and you're running a *NIX system, I would recommend to install and run a rootkit scanner like chkrootkit or rkhunter and a log analysis program like logwatch. Here are their web site addresses:
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1402
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: Rootkit Installed
donaldwheaton wrote: I have a website that was defaced through the security hole in the ExtCalendar component and previously with RSGallery. In both defacements, not only did the home page get replaced, but the hacker installed a rootkit. My other security measures limited the rootkit's usefulness, but standard installations would be compromised and most likely be relays for spam or slaves for a DDOS attack. If you have been hacked, or even before you have been hacked, and you're running a *NIX system, I would recommend to install and run a rootkit scanner like chkrootkit or rkhunter and a log analysis program like logwatch. Here are their web site addresses:
http://www.chkrootkit.org/
http://www.rootkit.nl/
http://www.logwatch.org/
For clarification:
You can only run these tools if you have ssh/telnet access to your server and correct permissions and priviledges to do so. Most normal web hosting accounts will not have this level of access to the servers operating system and scanning for rootkits should only be done by those with full access and permission to the OS files. (After all if you run a rootkit check and find a problem you need the experience or knowledge to know what to do next :-) )
For the regular Joomla user the use of rootkit scanning would not apply.
A *nix ssystem is one based on UNIX or Linux code (redhat, centos, etc...)
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: ExtCalendar
Hack their memory and removeRobinH wrote: Warning to all visitors to these forums - never get a developer angry at you - the have a very long memory, and tons of RAM to store it in!!!
from what they consider to be a brain// no direct access
defined( '_VALID_MOS' ) or die( 'Restricted access' );
cheers
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: Rootkit Installed
Thanks, appreciate the info. I'm on VPS with full admin authority on the server, running Centos. Will go investigate that rootkit scanner.PhilTaylor-Prazgod wrote: For clarification:
You can only run these tools if you have ssh/telnet access to your server and correct permissions and priviledges to do so. Most normal web hosting accounts will not have this level of access to the servers operating system and scanning for rootkits should only be done by those with full access and permission to the OS files. (After all if you run a rootkit check and find a problem you need the experience or knowledge to know what to do next :-) )
For the regular Joomla user the use of rootkit scanning would not apply.
A *nix ssystem is one based on UNIX or Linux code (redhat, centos, etc...)
- Buster
- Joomla! Guru
- Posts: 619
- Joined: Mon Nov 28, 2005 10:29 am
- Location: England
Re: ExtCalendar
Any news on any re-releases?
Last edited by Buster on Fri Jul 14, 2006 4:12 pm, edited 1 time in total.
A true Panspermian........aren't we all?
- RobinH
- Joomla! Enthusiast
- Posts: 177
- Joined: Mon Sep 19, 2005 6:29 pm
- Location: Lake Norman, North Carolina, USA
Re: ExtCalendar
Coming soon to a theater near you!!!Buster wrote: Any news on any re-releases?
Last edited by RobinH on Fri Jul 14, 2006 4:39 pm, edited 1 time in total.
- Buster
- Joomla! Guru
- Posts: 619
- Joined: Mon Nov 28, 2005 10:29 am
- Location: England
Re: ExtCalendar
That's strange, the last e-mail I got from the developer it was a HE not SHE and his name is David. Has he had surgery?
A true Panspermian........aren't we all?