The Joomla! Forum ™





Post new topic Reply to topic  [ 96 posts ]  Go to page Previous  1, 2, 3, 4  Next
Author Message
PostPosted: Thu Jul 13, 2006 10:02 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10475
Location: Leeds, UK
Google is your friend

"Secunia
Provides security advisories and information about patches.
secunia.com/"


Honestly how hard is it to search

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 9:51 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 02, 2005 7:45 am
Posts: 11
Location: Luxembourg
Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:

modules/haluk.php
modules/web.php

I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??

So watch out.


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 9:57 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
I would suggest talking to your service provider and ask them to check it out just to make sure nothing else funny has been added.  It is much easier to do those things from a shell prompt than from a ftp session.  Also, try getting them to turn of Register Globals for PHP while you have their attention as this tends to facilitate a lot of bugs making their effects once exploited much more damaging. 

Changing your passwords might be a good idea too.

I don't suppose you kept a copy of those files for investigatory purposes?  I would be interested in taking a look at them.  I will add them to my collection.  :laugh:  If you still have them you can PM them to me or email them to me, my email address is in my profile. 

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 10:02 am 
Joomla! Explorer
Joomla! Explorer

Joined: Thu Aug 18, 2005 8:54 pm
Posts: 374
muni wrote:
Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:

modules/haluk.php
modules/web.php

I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??

So watch out.


Besides the modified configuration.php we had these hacker tools and files after the simpleboard defacing:

  • cache/index.htm: Hacker message
  • media/index.htm: Hacker message
  • modules/mod_access.php: A backdoor program
  • modules/www.bankofamerica.com.zip: fraud software archive
  • modules/www.bankofamerica.com: fraud software installation
  • templates/3.php: Read out system information

There were some more files I dont remember right now.

Thats why I have blocked all IP's of the provider who is hosting these people.


Last edited by Anonymous on Fri Jul 14, 2006 11:54 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 10:41 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Sep 02, 2005 7:45 am
Posts: 11
Location: Luxembourg
Found other backdoor software that had been inserted through ext_calendar.(r57shell 1.31 and c99shell v1.0 pre-release build #16)
No, I have no backup copy.
I informed my service provider.


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 2:57 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Jun 24, 2006 12:18 am
Posts: 18
Elpie wrote:
Anybody that changed from simpleboard to Joomlaboard needs to make sure they have removed all simpleboard files from the site.
Simpleboard can be exploited even if it is unpublished and not showing on the site.


I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 4:01 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Thu Jul 13, 2006 7:39 pm
Posts: 12
If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?

Or would it be wise just to start all over again?


Top
 Profile  
 
PostPosted: Fri Jul 14, 2006 4:13 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17194
Location: **Translation Matters**
Deighardt1 wrote:
If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?

Or would it be wise just to start all over again?


1. back-up your database (always do that anyway when you touch up your site).
2. do not uninstall simpleboard through Joomla back-end uninstaller, but by using ftp or CPanel and deleting the simpleboard folders (I do not know if uninstalling simpleboard through joomla may or may not delete your data, so this is a secure way not to, applicable to other extensions like ext_calendar)
3. Install joomlaboard and when asked to upgrade the database, just say OK.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Sat Jul 15, 2006 3:21 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Aug 17, 2005 11:26 pm
Posts: 903
pdstein wrote:
I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?


Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.

_________________
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info


Top
 Profile  
 
PostPosted: Mon Jul 17, 2006 1:51 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Jun 24, 2006 12:18 am
Posts: 18
Elpie wrote:
pdstein wrote:
I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?


Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.


Thanks for your reply.  What I'm asking, though is whether removing those two directories and their contents will eliminate this security risk or are there other things that need to be done?


Top
 Profile  
 
PostPosted: Tue Jul 18, 2006 5:01 am 
Joomla! Intern
Joomla! Intern

Joined: Sun Oct 02, 2005 8:05 am
Posts: 79
Can someone just clarify for me - In regard to Simpleboard/Joomlaboard - Is this JUST A Simpleboard exploit or also Joomlaboard?

As normal, the information on TSMF is very vague and unhelpful.

Thanks,


Top
 Profile  
 
PostPosted: Tue Jul 18, 2006 5:43 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Mon Dec 05, 2005 10:17 am
Posts: 1367
Location: New Orleans, LA, USA
At first we thought it was just SimpleBoard but it turns out that older versions of Joomlaboard were vulnerable <=1.1.1.  JoomlaBoard 1.1.2 should be safe.

_________________
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions


Top
 Profile  
 
PostPosted: Tue Jul 18, 2006 11:08 pm 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 18, 2006 11:04 pm
Posts: 95
Hi!
I am reading all this scary stuff. My site was hacked the 17 july. The indexfile was changed for some turkey page...
I did get it to work again but now when i am writing something in the forum it says "Youre file did not upload. Please try again".
I do believa that there is a file somewhere, but where sould i look?
My site is "www.mx-skane.net"

Regards...
Peter


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 5:50 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 17194
Location: **Translation Matters**
You are using simpleboard 1.1.0 version.

Move to Joomlaboard 1.1.2.
Backup your db.
Delete all simpleboard related files by ftp.
Install Joomlaboard.
Update db if asked to.

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr
Multilanguage in 2.5: http://help.joomla.org/files/EN-GB_multilang_tutorial.pdf
---------------------------------
Joomla Translation Coordination Team • Joomla! Production Working Group


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 8:41 am 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 18, 2006 11:04 pm
Posts: 95
I can do this even that i am using Mambo and not Joomla? Maybe a stupid question but i want to be shure..

Thanx in advance!!!!!  :)


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 12:40 pm 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 18, 2006 11:04 pm
Posts: 95
2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be?? ??? ???


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 12:43 pm 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 18, 2006 11:04 pm
Posts: 95
MX-Skane wrote:
2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be?? ??? ???


Btw...
It ask the same question 2 times... first it ask for a img-file and second for a file it does that 2 times...


Top
 Profile  
 
PostPosted: Wed Jul 19, 2006 10:46 pm 
Joomla! Intern
Joomla! Intern

Joined: Tue Jul 18, 2006 11:04 pm
Posts: 95
Sorry to "spam".

But, after my hacked site i did install, joomlaboard. That was no problem at all. But, as i wrote there comes this alert that the file did not load.
I do have "Little Snitch" installed and that application checks the connections.

Now when i log in on my profile i do get this mess from Little Snitch http://mx-skane.net/img_from_site/img.gif
I have no idea what this is but my guess is that the file that the forum asks for is on tis site.

Please help me. Should i look in the scriptings for this or what???
Maybe its placed in the CB-files.

When i copy the html-code an paste it in a Dremweaver doc the same mess from Little snitch shows up.


Top
 Profile  
 
PostPosted: Thu Jul 20, 2006 9:32 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Apr 01, 2006 3:57 am
Posts: 32
??? ??? ??? ???  just re-instal the Joomlaboard aftert many problems..now is working ok but..........the pretty icons/images from it..has disapear!
I instal the orange template and still nothing shows...tale a look.


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 3:46 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Feb 11, 2006 9:43 pm
Posts: 290
Location: Birmingham, USA
vokaldesign wrote:
I've installed joomlaboard and was surprised how easy it all went - all of my forums and settings from simpleboard were integrated right away!  :-*
Now I've removed the simpleboard component + modules and tjecked via ftp that every thing has gone...



Where can I get to download the upgrade, please point me the right direction.

Thank you!

_________________
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 3:52 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 9:58 am
Posts: 10079
Location: Hillerød - Denmark
zuze wrote:
Where can I get to download the upgrade, please point me the right direction.

Thank you!

Have a look at the forge project for joomlaboard:
http://forge.joomla.org/sf/frs/do/viewS ... eboard/frs

_________________
Ole Bang Ottosen
redCOMPONENT Community Manager http://redcomponent.com
Personligt site www.ot2sen.dk
Dansk Joomla! support websted - joomla.dk


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 6:57 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Feb 11, 2006 9:43 pm
Posts: 290
Location: Birmingham, USA
I just want to clarify this, since there are different mentions of it: to replace Simpleboard I need to FTP the unzipped com_Joomlaboard 1.2 in components directory, correct?

Or should I use uninstall/instal from the back end admin?

_________________
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 7:35 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Aug 30, 2005 9:11 pm
Posts: 551
Location: Aix-En-Provence, France
Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?
Uninstall old version and install the new the upgrade the table from the JoomlaBoard backend...

_________________
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 7:52 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Feb 11, 2006 9:43 pm
Posts: 290
Location: Birmingham, USA
globule wrote:
Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?



I did...3 x...it forwards to a blank page here http://jigsnet.net/suspended.page/

_________________
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 8:03 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Aug 30, 2005 9:11 pm
Posts: 551
Location: Aix-En-Provence, France
Is Jigsnet your hoster?

_________________
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 8:20 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Feb 11, 2006 9:43 pm
Posts: 290
Location: Birmingham, USA
no. we have our own server.

Does that site opens up for you? I went to it through the JoomlaBoard as well as SimpleBoard control panel. seems that their account has been suspended.



I uploaded Joomla Board, but I still get the same issue as with Simple Board. Can not add a post. When I click on "Post New Topic"
page opens, showing only the following links:

Forum Name

Home | My profile | help | rools

footer

Nothing else.

_________________
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org


Last edited by zuze on Tue Aug 08, 2006 8:43 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Wed Aug 09, 2006 8:41 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Aug 30, 2005 9:11 pm
Posts: 551
Location: Aix-En-Provence, France
If you want to go to the website of JoomlaBoard editor ( http://www.tsmf.net ) you will see the same screen.

Is there any moderator to tell us what's happening with TSMF and its Joomlaboard?

Coming back to your problem, I hope you have a backup because ...

_________________
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)


Top
 Profile  
 
PostPosted: Wed Aug 09, 2006 11:10 pm 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Thu Aug 18, 2005 7:34 pm
Posts: 213
Location: Belgium
it's up again, see http://forum.joomla.org/index.php/topic ... #msg431073

_________________
See joomlaboard in action: http://www.tsmf.net/component/option,co ... /Itemid,32
More information: http://www.tsmf.net/content/view/24/38/


Top
 Profile  
 
PostPosted: Thu Aug 17, 2006 12:23 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Aug 17, 2006 12:16 pm
Posts: 3
Quote:
This code should be in all files installed by com_simpleboard and com_extcalender.  Basically, everything in /path/to/Joomla/components/com_extcalender,  /path/to/Joomla/administrator/components/com_extcalender, /path/to/Joomla/components/com_simpleboard, and /path/to/Joomla/administrator/components/com_simpleboard


Code:
// no direct access
defined( '_VALID_MOS' ) or die( 'Restricted access' );


Quote:
Refer to this link for more information about extCalender: http://forum.joomla.org/index.php/topic,75390.0.html

Quote:

Just checking to see if I get this right: every single file in those folders +subfolders have to be opened and edited..? (really hoping that I'm wrong on this..!)  :'(



I am using Mambo 454 with Simpleboard 1.1.0 stable and this proceedure does not work. It just crashes SB. Besides, almost all the files already have this:

// MOS Intruder Alerts
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

Any other suggestions?


Top
 Profile  
 
PostPosted: Thu Aug 17, 2006 1:45 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Thu Aug 18, 2005 7:13 am
Posts: 16530
Isn't Mamboboard a better option for you? That is supposed to be (I never used it) the Mambo offshoot of Simpleboard. Simpleboard development has been stopped, so sooner or later you will run into troubles.

_________________
Joomla forum global moderator.

Have fun


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 96 posts ]  Go to page Previous  1, 2, 3, 4  Next



Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group