Joomla! Discussion Forums

joomla 1.5.14 just hacked about 10 minutes ago


killed my template with xaxax links!! how can i find out how this happened to stop it!

Greetings leejosh:

Is the server you are on secured?

Is the server you are on kept secured (there is no such thing as a one time server hardening)?

Is the server you are on using mod_security from http://www.modsecurity.org/ ?

Are you using FTPS or FTPeS when you use FTP?

Are you using complex (12 to 16 wide, no phrases) passwords for FTP, Joomla Admin, Joomla Super Admin that are changed often?

Do you regularly review who has super admin and admin rights within Joomla?

Have you reviewed all addons that you are using to make sure they are not vulnerable?

Do you do daily scans of all machines with super admin, admin or FTP access for malware, virus, and trojans?

Thank you.

dear all..
this is the newest version of joomla had been attached by alien?? i cant belief it.
why this joomla 1.5.14 open cms can be easly injected by unresponsible person? are also all joomla to become more unsafe?? i guest that may be the joomla is still more bug?

i have read all the request questions, the opinition or any else message from public users, into this 'security' forum topic. But it seem the moderators or joomla programmers always said the same words, such as change your all passwd to hard/complex one, clean your local, your host, make sure to protect file/folder to 644/755 mode, update to newest version, follow the security guide, etc. these all tricks does not clear permanently our site of iframe injection, etc.

i follow a netbean forum, all users request if they have any error or any bug of any version of netbean, then their moderators or may be their programmers always give us a solution, and they also make plan to remove bug in the new version of netbean.

thank

i have checked all password/updates.. and everything is updated...

the last time the site was hacked, when i didnt upgrade joomla.. and i got the same problem

my index.php was loaded up with a ton of links.. and today it happened again.. i think there is a new bug and no on knows "yet" what it is.

may be i also agree with you.
I hope the joomla programmer can give us a clarification.

thank

There is no "bug" you just have not found your actual security breach yet. The Joomla 1.5.14 core files are secure from injection and other attacks. In fact I will go as far as to say that Joomla is in general more secure than other CMS systems and has a faster response time if there is a security problem due to a special security team that is in place.

There are a huge number of ways that access can be gained by a hacker and it has nothing to do with the Joomla core files.

Some common ways:
not keeping Joomla updated to the latest version
3rd party extensions with security problems
not keeping 3rd party extensions updated
bad passwords (less than 12 - 14 characters, dictionary words etc.)
reuse of passwords on other sites
not changing passwords on regular basis
not using proper permissions on files and directories. should be max permissions of 644/755 with no exceptions.
passwords and usernames stored in your ftp program stolen and sent by undetected malware on your or other Joomla or site administrators computer
outdated server software on host service
incorrectly configured server
server not using suphp, mod_security, or similar measures
site being hacked in the past and proper site sanitation not used to remove actual (and hidden) hack thus leaving a backdoor.
failure to investigate and understand why site was hacked in the past
use of a shared server environment that is misconfigured
another domain on a shared server has been hacked
failure to review apache logs on a regular basis (multiple times a week)

Neither leejosh, nor arics have provided any real data about server environment, any protection server may have (mod_security etc.) version of Joomla that was hacked, versions of 3rd party extensions (and templates) on Joomla that was hacked, permission settings for ALL files, Directories, additional software/scripts that may be installed on your domain etc.

Exactly what has been done other than change passwords? Just changing passwords and updating core Joomla files will not eliminate a hack in most cases.

I know it can be frustrating but with proper site security measures commonly harped here on the security forum, there is no reason for an iframe injection, or any other site compromise.

I have used Joomla since it was Mambo and was hacked exactly once and this was due to using a host that ran php as an apache module forcing 777 on some directories. In the years since, I have not had any compromises of Joomla (whatever version or 3rd party extensions) and do not expect any in the future. I just use common sense and follow advice given on security.

thank for your clarification.

hem, are u sure Phil, that joomla is the most secure CMS. I affraid to this your posting, because you do not give us for some comparing statistics, between all open source CMS. So i think this post just your guest, may be. hehe.

Drupal CMS for example, almost all my friend web sites, department unit site, or else that use this drupal cms for more six years, i never seen have been hacked.

Right now, the newest Wordpress version 2.8.5 that used by some my friend also say that has provided a strong protected feature from hacker.

arics

i would love all those who have recently been defaced to

* run the forum post tool viewtopic.php?f=428&t=272481
* list their extensions/templates
* list their folder/file persmissions
* list their browser and ftp tool
* any virus detected by their computer system
that way we can track down any common things and see if it is really a joomla bug or (more likely not)

arics,
You are correct. It is my opinion that Joomla is most secure. I did state it as so in the first paragraph, but the meaning of my comment may have been lost in translation. Maybe I should have left my comment out of the posting, especially since I did not back up the claim. I do get a little peeved when others automatically blame the core of Joomla for all their security problems, hacks, exploits, without realizing that in most cases it is not the core that is the actual problem.

The security team and the developers have worked very hard to make sure the core is secure, while still providing a good CMS framework.

http://developer.joomla.org/security/news.html

viewtopic.php?f=432&t=455746

Currently there are no reported security vulnerabilities in the Joomla core 1.5.14 files.

mandeville,
I would love to see some data like you listed posted.

Hy I do belive you but I have a question:
How come my site new install with 1.5.14; VirtueMart 1.1.3 and Jsecure
give me 2 CRAZY days?
So in my jos_plugin did un-publish User - Joomla! and Authentication - Joomla just like that withput my action? I'm only person who have access to this domain.
check this topic viewtopic.php?f=432&t=456498

hijacking topics is not nice.

SORRY YOU MISUNDERSTAND
THAT SITE IT BELONG TO ME I DID WORK AT THIS
I DO HAVE ALL ACCESS BUT AT THAT MOMENT I WAS UNABLE TO LOG IN ADMINISTRATOR AND NOT EVEN ON FRONT PAGE AS VISITOR

If you read that topic you can see I did activate that
Authentication - Joomla; User - Joomla!
to be publish that field must be set to 1 (no zero 0) should be position 1
Only at that moment I was able to access my admin
MY SENSIBLE QUESTION IS : HOW IT IS POSSIBLE THIS? JOOMLA IS ABLE TO SET ALONE SOME DATA? I DO NOT THINK THIS IS POSSIBLE.

Thanks anyway for your attention,

you simply did not configure your joomla in the right way..
if you have to do this by hand ( and not in vmart or joomla)

also screaming arround here is a thing where i like to place my foot in your beloved back.

anyway, you also dont like to follow the simplest ways so we can help you , as runinng the forum post assistant, right on top of this forum.

and there is also listed the security checklist, which is a very good place to get information how to secure my joomla.

by the way, i wont expect that your problem is really solved.

Cool, folks...

Something was lost in Translation..

@mihaiachim
Hijacking a topic does not mean you hacked a site.
It means you are posting about your own issue in a topic which is not related to your issue.

Your site can't be hacked because a flag was not set properly for some plugins.
No way to really know how that happened when you installed your Joomla. Could be a wrong FTP transfer or anything else you did without noticing it.

OK i did not know that about "Hijacking a topic"
But I wanted to ask if can be possible at my issue came from a hack on my site.
indeed is a little far from this topic. I did try to find some topics near by to my issue (solved after all) because on my topic I did not received an answer yet.

But still want to find why it happen over there (to be able to prevent).
I did check all topics I did find ref. security on this forum.
Thanks a lot for attention.