Change font size Change Width
Advanced Search
 

Joomla! Discussion Forums



It is currently Tue Nov 24, 2009 7:47 pm (All times are UTC )

 

Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues



Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 
  Print view Previous topic | Next topic 
Author Message
paulmc
Posted: Tue Oct 16, 2007 10:44 am 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Tue Jul 25, 2006 12:52 pm
Posts: 24
Hi

I just received the following message from one of my providers last night. Any comments?

Quote:
We have received complaints about content hosted on your VPS at the following URL:

http://www.mydomaine.org/components/com ... index.html

Upon further investigation, we have found additional software in place on your system which was actively used to gather personal information such as logins and passwords for the Bank of America. These files are located at the following location:

/home/virtual/mydomaine.org/webroot/htdocs/components/com_joomlalib/standalone:
---------- 1 root root 161220 Sep 18 12:26 mag.php
---------- 1 root root 8031 Sep 18 12:26 stubjambo.php
---------- 1 root root 72121 Oct 13 08:41 http://www.BankOfAmeria.com-2007.zip
d--------- 3 root root 1024 Oct 13 08:42 http://www.BankOfAmeria.com-2007
---------- 1 root root 183465 Oct 13 09:16 bankofamerica.zip
d--------- 5 root root 1024 Oct 15 07:06 bankofamerica

We have taken steps to disable and remove access to these files. However, it is possible that there are other compromised sites which we have been unable to detect.

The likely source of this compromise is outdated web software which you are running on this domain. In this case, a version of Joomla is running that has known, published vulnerabilities to allow an attacker unauthorized system access.
Top
   
 
rued
Posted: Tue Oct 16, 2007 11:30 am 
User avatar
Joomla! Virtuoso
Joomla! Virtuoso
Offline

Joined: Fri Sep 16, 2005 10:23 pm
Posts: 3433
Location: Finland / Norway
Quote:
In this case, a version of Joomla is running that has known, published vulnerabilities to allow an attacker unauthorized system access.


What version of Joomla! are you running then?
Have you considered to upgrade to latest version, if you haven't already?

_________________
Rune Rasmussen - http://www.syntaxerror.no/ (Norske løsninger, Mamut integrasjon, kortbetaling m.m.)

Joomla! i Norge - the Norwegian Joomla! Association and Translation Team - http://www.joomlainorge.no/

Top
   
 
Tonie
Posted: Tue Oct 16, 2007 11:35 am 
User avatar
Joomla! Master
Joomla! Master
Offline

Joined: Thu Aug 18, 2005 7:13 am
Posts: 13249
Also, which version of bsq_sitestats are you running?

_________________
Antonie de Wilde - Forum admin
All Joomla! release dates and days between releases: http://jfoobar.org/blog/189-days-betwee ... a-releases.test

Top
   
 
paulmc
Posted: Tue Oct 16, 2007 12:00 pm 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Tue Jul 25, 2006 12:52 pm
Posts: 24
The site is running on v1.0.13 and I'm not running bsq_sitestats.
Top
   
 
Tonie
Posted: Tue Oct 16, 2007 12:16 pm 
User avatar
Joomla! Master
Joomla! Master
Offline

Joined: Thu Aug 18, 2005 7:13 am
Posts: 13249
My mistake. Are you running joomlalib then? The com_joomlalib in the message is a directory of this extension.

_________________
Antonie de Wilde - Forum admin
All Joomla! release dates and days between releases: http://jfoobar.org/blog/189-days-betwee ... a-releases.test

Top
   
 
paulmc
Posted: Tue Oct 16, 2007 12:33 pm 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Tue Jul 25, 2006 12:52 pm
Posts: 24
Hi Tonie. Thanks for helping me on this.

It appears that my provider has completely removed the directory for com_joomlalib. The weird thing is that I don't recall installing joomlalib, though it may have been a legacy from a older plugin install - the site has been up for a while.

Do you happen to know what components besides the Gallery2 bridge, which I don't use, would have used it?

Paul
Top
   
 
Tonie
Posted: Tue Oct 16, 2007 12:56 pm 
User avatar
Joomla! Master
Joomla! Master
Offline

Joined: Thu Aug 18, 2005 7:13 am
Posts: 13249
Not really, all I did was search on 'com_joomlalib security' on google. If there are security issues with an extension, this will get you the results you need normally.

_________________
Antonie de Wilde - Forum admin
All Joomla! release dates and days between releases: http://jfoobar.org/blog/189-days-betwee ... a-releases.test

Top
   
 
infograf768
Posted: Tue Oct 16, 2007 2:25 pm 
User avatar
Joomla! Master
Joomla! Master
Offline

Joined: Fri Aug 12, 2005 3:47 pm
Posts: 11676
Location: **Translation Matters**
http://forum.joomla.org/index.php/topic ... html  ;)

_________________
Jean-Marie Simonet / infograf · http://www.info-graf.fr · GMT +1
Qui vult dare parva non debet magna rogare.
---------------------------------
Joomla! Translation Coordination Team

Top
  E-mail  
 
paulmc
Posted: Tue Oct 16, 2007 2:43 pm 
Joomla! Apprentice
Joomla! Apprentice
Offline

Joined: Tue Jul 25, 2006 12:52 pm
Posts: 24
Thanks.
Top
   
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 

Quick reply

 


Board index » Joomla! Older Version Support » Joomla! 1.0 » Security - 1.0.x » 3rd Party/Non Joomla! Security Issues

Who is online

Users browsing this forum: No registered users and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
 
 
 
 
 

© 2005-2009 Open Source Matters, Inc. All rights reserved. Joomla hosting by Rochen Ltd.