The Joomla! Forum ™

Download

Demo


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 
  Print view Previous topic | Next topic 
Author Message
sdk19852
PostPosted: Sun May 27, 2012 8:14 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Feb 12, 2010 8:36 pm
Posts: 42
My previous joomla intallation was hacked.

The hackers used the image upload feature to upload serveral files including a mail script and some html scripts for spamming and phishing purposes.

Now I have recreated my site (in joomla 2.5.4) from scratch.

However I would like to be certain this "leak" cannot be exploited again. Any ideas?
Top
 Profile  
 
MrCodexCY
PostPosted: Sun May 27, 2012 8:18 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Nov 03, 2010 7:35 pm
Posts: 510
Location: Limassol, CY
Well if you have a fresh and latest installation of Joomla! then there should be no-known way you can exploit it. The problem most of the time comes when you are installing components and modules that are not well-written and sometimes not even up-to-date so hackers are able to find holes into your site.

~Artemis

_________________
Providing quality web design services since 2005!

Get direct Joomla! assistance, contact me on skype: mrcodexcy
Top
 Profile  
 
sdk19852
PostPosted: Tue May 29, 2012 2:18 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Feb 12, 2010 8:36 pm
Posts: 42
My previous install was not updated to 1.6/1.7 other than that no weird components (jcomments, jce editor, etc).

Are you sure that by default (for 2.5.4) files cannot be injected into the image directory?
Top
 Profile  
 
mandville
PostPosted: Tue May 29, 2012 2:27 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11629
Location: The Girly Side of Joomla in Sussex
how about your folder permissions?
http://docs.joomla.org/Security_Checkli ... ermissions

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
sdk19852
PostPosted: Tue May 29, 2012 6:51 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Feb 12, 2010 8:36 pm
Posts: 42
At this time my permissions are 755 for the images folder.

I guess it will not hurt to add that code
(# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI)

thanks:)
Top
 Profile  
 
mandville
PostPosted: Tue May 29, 2012 7:10 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11629
Location: The Girly Side of Joomla in Sussex
it may also be that you are allowing via the registered users/allowed uploads people to put these files on

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
MrCodexCY
PostPosted: Tue May 29, 2012 7:15 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Nov 03, 2010 7:35 pm
Posts: 510
Location: Limassol, CY
Indeed, you may let users to link images from other server but not allow them to upload them on your server.

~Artemis

_________________
Providing quality web design services since 2005!

Get direct Joomla! assistance, contact me on skype: mrcodexcy
Top
 Profile  
 
sdk19852
PostPosted: Thu May 31, 2012 5:21 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Fri Feb 12, 2010 8:36 pm
Posts: 42
Hmm I did not change this setting. Where can I disable registered user uploads?
Top
 Profile  
 
howard+
PostPosted: Tue Aug 07, 2012 3:45 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Aug 07, 2012 8:56 am
Posts: 2
MrCodexCY wrote:
Indeed, you may let users to link images from other server but not allow them to upload them on your server.

~Artemis

Hi I am new to Joomla and looking for tips. Please can you tell us how to do the above
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 9 posts ] 


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Who is online

Users browsing this forum: originalhandy and 17 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group