website security compromised ..

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
shawie60
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Tue Sep 25, 2007 6:00 pm

website security compromised ..

Post by shawie60 » Mon May 13, 2013 5:58 pm

Hi I recently logged into a website i was going to develope to find the security had ben compromisd. After reading various posts etc I realise a lot of the problem may have come from me not keeping things up todate, but in all honesty I assumed my hosting company would be on top of this. Anyways I've followed the instruction and used the fpa, the results of which are posted below. I havent done any major work on the site so if its easier to delete and reinstall then thats what I'll do, but i'd like to know how its happened and what to avoid in the furture. I cant even log in to take the thing offline at the moment.
many thanks for any and all support in this mater.
glenn
Problem Description :: Forum Post Assistant (v1.2.3) : 13th May 2013 wrote:site hacked
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.3) : 13th May 2013 wrote:[23-Dec-2011 08:53:05] PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/apexcomp/public_html/libraries/joomla/database/database/mysql.php on line 344
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 13th May 2013 wrote:deleted associated database, possible reinstall of joomla to a later version
Forum Post Assistant (v1.2.3) : 13th May 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.24-Stable (senu takaa ama naiki) 17-October-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: 1119 (uid: /gid: ) | Group: 1119 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 1 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-379.22.1.lve1.2.14.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/apexcomp/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.23 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: 13th May 2013 17:41:17. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Connection Error: 1044:Access denied for user 'apexcomp_glenn'@'localhost' to database 'apexcomp_newmedia' : Database Credentials Present? in Configuration...
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.23) | date (5.3.23) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | enchant (1.1.0) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.23) | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | suhosin (0.9.33) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | imagick (3.1.0RC2) | SourceGuardian (9.0.4) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: site.co.uk/administrator/backups/ (777) | site.co.uk/administrator/cache/ (777) | site.co.uk/administrator/components/ (777) | site.co.uk/administrator/language/ (777) | site.co.uk/administrator/modules/ (777) | site.co.uk/administrator/templates/ (777) | site.co.uk/components/ (777) | site.co.uk/logs/ (777) | site.co.uk/media/ (777) | site.co.uk/tmp/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | Wrapper (1.5.0) | User (1.5.0) |
Components :: ADMIN :: Media Manager (1.5.0) | Contact Items (1.0.0) | Updater (1.5.1) | Polls (1.5.0) | JoomlaPack Backup Notification (1.0) | JoomlaPack (2.4.1) | Trash (1.0.0) | Menus Manager (1.5.0) | Weblinks (1.5.0) | Plugin Manager (1.5.0) | Search (1.5.0) | Frontpage (1.5.0) | Newsfeeds (1.5.0) | Module Manager (1.5.0) | Mass Mail (1.5.0) | User Manager (1.5.0) | Control Panel (1.5.0) | Language Manager (1.5.0) | Configuration Manager (1.5.0) | Installation Manager (1.5.0) | Banners (1.5.0) | Cache Manager (1.5.0) | Messaging (1.5.0) | Template Manager (1.5.0) | Content Page (1.5.0) |

Modules :: SITE :: Sections Tweaked (1.5.0) | Login (1.5.0) | Statistics (1.5.0) | JB Slideshow v2.5 (2.5.4) | JEmbed J1.5 (1.0.0) | Footer (1.5.0) | Poll (1.5.0) | Sections (1.5.0) | Archived Content (1.5.0) | Feed Display (1.5.0) | Breadcrumbs (1.5.0) | Wrapper (1.0.0) | Sections Tweaked (1.5.0) | Search (1.0.0) | Newsflash (1.5.0) | Menu (1.5.0) | Banner (1.5.0) | Extended Menu (1.0.5 (build ) | Syndicate (1.5.0) | Custom HTML (1.5.0) | Section Overview Tweaked (1.0.0) | Microblog (1.0) | Most Read Content (1.5.0) | Random Image (1.5.0) | Latest News (1.5.0) | Who\'s Online (1.0.0) | Related Items (1.0.0) |
Modules :: ADMIN :: Login Form (1.0.0) | Logged in Users (1.0.0) | Items Stats (1.0.0) | Popular Items (1.0.0) | JoomlaPack Backup Notification (1.0) | Footer (1.0.0) | Toolbar (1.0.0) | Feed Display (1.5.0) | Online Users (1.0.0) | Admin Menu (1.0.0) | Admin Submenu (1.0.0) | Unread Items (1.0.0) | User Status (1.5.0) | Custom HTML (1.5.0) | Quick Icons (1.0.0) | Title (1.0.0) | Latest News (1.0.0) |

Plugins :: SITE :: Button - Pagebreak (1.5) | Button - Image (1.0.0) | Button - Readmore (1.5) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Authentication - OpenID (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Content - Pagebreak (1.5) | Content - Load Modules (1.5) | Content - Vote (1.5) | Content - Email Cloaking (1.5) | Content - Page Navigation (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | User - Joomla! (1.5) | User - Example (1.0) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | System - Cache (1.5) | System - Remember Me (1.5) | System - Debug (1.5) | System - SEF (1.5) | System - Backlinks (1.5) | System - Mootools Upgrade (1.5) | System - Legacy (1.5) | System - Log (1.5) | Search - Sections (1.5) | Search - Newsfeeds (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Categories (1.5) | Search - Weblinks (1.5) |
Templates Discovered :: wrote:Templates :: SITE :: rhuk_milkyway (1.0.2) | js_weblogic_blue (1.4) | JB New Media J1.5 (1.0.6) | Newsflash (1.5.0) | Newsflash (1.5.0) | js_inspirion (1.2) | beez (1.0.0) | JA_Purity (1.2.0) |
Templates :: ADMIN :: Khepri (1.0) |
Last edited by mandville on Mon May 13, 2013 7:02 pm, edited 1 time in total.
Reason: replace urls with "site"
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: website security compromised ..

Post by mandville » Thu May 16, 2013 4:26 pm

please see http://docs.joomla.org/Security_Checklist_7
http://docs.joomla.org/Security_Checkli ... ter_relief

i will not repeat what you already said yourself :)
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
Locked

Return to “Security in Joomla! 1.5”