looks like joomla org hacked

[Tonie]

These are no times for word games or things like that. The site has ben restored, and we're dealing with the immediate ramifications. If all has been done and things settled, we'll evaluate and learn from it. Simple as that.

[vistartony]

These are no times for word games or things like that. The site has ben restored, and we're dealing with the immediate ramifications. If all has been done and things settled, we'll evaluate and learn from it. Simple as that.

Just simple......
We that we use this CMS need to know, not simple that, I believe eh.., and we evaluate if  to continue to believe us or except for.
But thanks for your intervention..

[stokedfish]

Actually uncivil comments are against the rules stokedfish.  You seem to have neglected to read the rules from the link provided so I will quote them directly to you here in this post.

I still don't know where my discussion has not been civil. I called someone a liar in one of my post because, uhh, he was lying. That person stated false "facts" and I corrected him/her, that was all. I don't see in what way this isn't civil.

I find it odd that you advocate for hackers, I have never seen that done unless it is being done by the hacker themselves or someone that knows the hacker, or someone who has inside knowledge of the hack.  It certainly doesn't shine a very good light on you, and that is unfortunate.

I most certainly have no connection at all to that cracker (it's not a hacker!) and I don't have the slightest clue how this was done.

If you have never heard of how to deal with such an incident, I suggest you read this:

*click*

It's a great book and it shows how people have dealt with cracker incidents in the past and what is a good and not so good way to handle such an attack. I also suggest you do some reading on the CCC website, another good ressource.

Anyway, that's it for me. I just hope you'll learn sth out of this and that you will (should it ever happen again, which I don't hope of course) handle this different and in a more honest/mature way the next time.

Thanks for reading.

[pe7er]

[MOD note: Message deleted. This is an English board, please only use English.
If you would like to post a message in your native language, please use the appropiate forum at the International Zone: http://forum.joomla.org/index.php?actio ... a=expand#5 ]

[Jenny]

I also wish for you the ability to handle posting in forums in a mature and responsible way my friend.  Please do read that link on Netiquette provided earlier.  It really is a good read.

edit:  hmm hacker (which is what the average user thinks because they typically say "My site has been hacked" /cracker/idiot.  I know the difference, but a lot of people don't know the difference and considering you responded to this thread with this specific title on it, using that specific name, over and over again without mentioning it until now, makes me think you are just looking for things to pick at/on (another troll tactic it would seem).  Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above. 

edit2:  What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios"  You really need to write that author a letter and describe the difference to them too.  Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either. 

Actually uncivil comments are against the rules stokedfish.  You seem to have neglected to read the rules from the link provided so I will quote them directly to you here in this post.

I still don't know where my discussion has not been civil. I called someone a liar in one of my post because, uhh, he was lying. That person stated false "facts" and I corrected him/her, that was all. I don't see in what way this isn't civil.

I find it odd that you advocate for hackers, I have never seen that done unless it is being done by the hacker themselves or someone that knows the hacker, or someone who has inside knowledge of the hack.  It certainly doesn't shine a very good light on you, and that is unfortunate.

I most certainly have no connection at all to that cracker (it's not a hacker!) and I don't have the slightest clue how this was done.

If you have never heard of how to deal with such an incident, I suggest you read this:

*click*

It's a great book and it shows how people have dealt with cracker incidents in the past and what is a good and not so good way to handle such an attack. I also suggest you do some reading on the CCC website, another good ressource.

Anyway, that's it for me. I just hope you'll learn sth out of this and that you will (should it ever happen again, which I don't hope of course) handle this different and more honest/mature way the next time.

Thanks for reading.

[stokedfish]

Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above. 

It's funny that whenever you run out of arguments all you come up with is "read the rules" or "netiquette is what it's all about" but I haven't read a single convincing counter-argument to my posts here so far.

edit2:  What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios"  You really need to write that author a letter and describe the difference to them too.  Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either.

The author explains the terminology in his book and also gives reasons for choosing hacker instead of cracker as a title.
That was a marketing decision, not a technical one.

[Jenny]

The author explains the terminology in his book and also gives reasons for choosing hacker instead of cracker as a title.
That was a marketing decision, not a technical one.

ROFL now that is good comedy!  Read this for technical information - but don't worry about the technical terminology.  It is a marketing decision!

HAHAHA!

[stokedfish]

Why? it's a very valid decision and had to do sth with educating a certain target-audience. It's funny how you judge that book and its author without even having read a single page in it. Way to go, yay.

So this is how you form an opinion on things? I think that says it all...

And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.

I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon... 

[dotZen]

Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above. 

It's funny that whenever you run out of arguments all you come up with is "read the rules" or "netiquette is what it's all about" but I haven't read a single convincing counter-argument to my posts here so far.

Eh, that's probably because what she says is true, and all that is needed/required to comprehend the situation.

And your "opinion" is way off-base. The quickest, and most efficient, way to demoralize and discredit any person with ill-intentions, seeking attention, is to completely remove any publicity that person may be hoping for.

Besides, if these so-called "crackers" were that good, than they would have removed that option in the first place. But they didn't, so they aren't. Seeing as how the core team was able to restore order, in a speedy manner, then this "attempt" was more impish than an "attack".

Anyway, enough of all that..

I'm interested to hear what the team has to say about version numbers, file permissions, 3PD's, etc..

[Jenny]

Why? it's a very valid decision and had to do sth with educating a certain target-audience. It's funny how you judge that book and its author without even having read a single page in it. Way to go, yay.

So this is how you form your opinion on things? I think that says it all...

And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.

I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon... 

Stoked, obviously you didn't understand when it was posted above, so I will quote it for you again:

Not censor, sanitise. The standard in here has always been - and I have been here from the start - that there is never a link, a name, a screenshot or any other thing that might identify a hacker or their tools. There should never be any way for them to gain any credibility for their actions.

If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done.  I am sorry you can't grasp this concept, because it is an easy one.

[willebil]

Cracker, hacker...who cares in this case, the site was compromised and I agree sharing information on how it was done is not smart, simply because we don't know if there is a solution yet.

I don't want to generalize here, but the forum rules are there for a specific reason, and have proven themselves in time. No one likes to be moderated, but trust me the moderators do a good job to keep this forum a nice place, and they moderate everyone (including core members if needed).

[stokedfish]

Eh, that's probably because what she says is true, and all that is needed/required to comprehend the situation.

"I don't need to give reasons for my opinion. No need to support my view with any facts, as I am always right!" 

And your "opinion" is way off-base.

Do some reading - there's lots and lots of people in the field of computer security that share my view.

The quickest, and most efficient, way to demoralize and discredit any person with ill-intentions, seeking attention, is to completely remove any publicity that person may be hoping for.

That statement proves me that you have no idea what this is all about. Demoralizing and discrediting the [redacted] who did that should be the least of a concern here. There's much more important things to deal with now - honestly informing the Joomla! users instead of trying to hide things, "minimizing" rumours and misinformation on the web instead of boosting them and investigating a possible security-hole instead of cursing the oh-so-evil crackers.

Besides, if these so-called "crackers" were that good, than they would have removed that option in the first place. But they didn't, so they aren't. Seeing as how the core team was able to restore order, in a speedy manner, then this "attempt" was more impish than an "attack".

Again, same thing. Joomla! got cracked and whether it was a script-kiddy or a high-profile cracker doesn't matter. The site got cracked, period. It's a fact and you have to make the best out of it. Execrating and demoralizing the person who did it doesn't help anyone and certainly isn't a good way to deal with this incident at all.

[stokedfish]

MMMedia, obviously you didn't understand when it was posted above, so I will quote it for you again:

The more secretive you treat this incident the more speculations, rumours and misinformation will spread on the web and this can be in no way good for the Joomla! project. A much better way would have been to make an offical statement as fast as possible instead of trying to hide things from the public.

If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done.  I am sorry you can't grasp this concept, because it is an easy one.

[vistartony]

Cracker, hacker...who cares in this case, the site was compromised and I agree sharing information on how it was done is not smart, simply because we don't know if there is a solution yet.

This is the better sentence read until now

[dotZen]

Um, buddy, think you can step off your high-horse?

Your confusing two points here: A) Doesn't seem like anyone is ignoring or removing info that it happened, which your implying B) Moderators (and to a greater extent PR) are the ones who can de-publicize and discredit-- it will be the developer and core team who find out the how/why.

Seriously, this shouldn't even been up for debate. You're not on the core team, not likely to ever be on the team, they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.

Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...

[Jenny]

Does this thread exist?  Has it been deleted?  The answer would be a resounding NO.

There is no secrecy here.  There is no concealment of information, except for the publication and promotion of the exact names of the entity responsible, which has always been the policy of this forum. One reason is that a lot of time mis information is posted regarding who, what, where, etc the crack/hack/whatever you want to call it comes from.  Two is this forum does not allow for the publication or promotion of malicious entities that compromise sites, it never has and never will, because people should not get credit or promotion for doing bad deeds.  People that do credit or promote bad deeds are no better than the ones that do the deed themselves. 

Discussion is had on vulnerabilities and solutions, when they are known, and there are whole security forums dedicated to the issue of security.

Please stop making up things, creating issues where there are none.  Your continued arguments that there is secrecy, or concealment are laughable at best, and an outright lie at worst.

The more secretive you treat this incident the more speculations, rumours and misinformation will spread on the web and this can be in no way good for the Joomla! project. A much better way would have been to make an offical statement as fast as possible instead of trying to hide things from the public.

[user deleted]

Don't mind me, I'm just passing by 

** Robin waves around the book with forum rules **

[stokedfish]

Seriously, this shouldn't even been up for debate.

I agree, and it wouldn't have been up for debate had the Joomla! team acted different.

You're not on the core team, not likely to ever be on the team.

I didn't know that you have to be in the core team to discuss something on this board. So do you want to say that I am not allowed to state an opinion on this just because I am not on the core team? Wow, now that's an interesting take on it.

they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.

That's fine but I don't see why this should make a discussion about what happened impossible. The Joomla! team can keep acting in the way they do, that's fine. However, we should be allowed to discuss such topics anyway. Or do you seriously think the users on this board should not be allowed to voice an opinion on things?

Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...

I'm just supporting my view here, that is all. It's called reasoning and debate. I'm not forcing anything on anybody. If you don't agree with it, that's perfectly fine. Also, I never said that my view is superior. But at least I used references/facts to support it while others don't do this at all and just keep saying "read the rules" instead.

Quite probably because they don't have any good arguments, coz otherwise I assume they would have shared them with me.

[willebil]

[me=willebil]slaps Robin with that book[/me]

[user deleted]

Okay, enough is enough!

stokedfish, and all others, please remain on topic! which is that the site was hacked. If you have input about this, you are free to share that. Just stop the argument about being allowed to argue before this turns into a flame thread.

Anything beyond my post which is still off topic will simply be deleted.

[exrace]

Any new news on the shop.joomla site and how this contributed to the event?

[user deleted]

Hi exrace,

I have no details if there was a link between the shop and the main site that got hacked later. Currently, a few people are still going through log files and such. But as you now, the Core team is spread around the Globe, and some are simply not available right now. I can't tell you if and when more details will be posted about the incident right now.

[mmckeen]

Could you share whether or not the http://www.joomla.org site was running .13 code?  I certainly understand if you cannot at this time.

[user deleted]

Hi mmckeen,

We are indeed running version 1.0.13 on joomla.org.

[eyezberg]

How will publication of the investigations be handled, do we have to wait untill hole and fix both are available if it's Joomla core, will you post the hole if it's a 3rd part extension even before the fix is available so concerned people can remove it from their sites, are there any hints yet..?
Don't know if this part is off topic, but I don't see how posting a screenshot can be considered "rude"... I don't mind readers here not knowing who hacked the site, but how it was done is crucial info, and if these same hackers (a cracker for me is this: http://www.cepolina.com/freephoto/f/oth ... .bread.jpg ) have, as I understood from a post here, already compromised other sites, it might be helpfull to be able to search with their name or url or whatever to gain insight on the methods they used, and thus maybe be able to secure one's site before the team here is able to post something...
Alsoo think this is more a Security matter than "Sites and Infrastructure", as it doesn't only affect joomla.orgs site(s), and is in no way a "'mechanical' forum or Joomla! sites related issues/suggestions" topic.

[stokedfish]

Okay, enough is enough! [...] Anything beyond my post which is still off topic will simply be deleted.

It's sad that you don't give me a chance to counter what MMMedia has just written as I was already sending out a long and well-thought reply but then I saw your above statement. Of course, I'll comply, although I think it isn't very fair to do this.

However, since I feel I have the right to rectify MMMedia's accusations, just allow me 2 very last statements: First, I have NEVER accused the Joomla! team of deleting threads on this board and I too DO NOT agree with the cracking. And second, I HAVE NOT promoted bad deeds on here. I just have a different way to handle such incidents, that is all.

Thank you for not editing out this post and sorry to cause so much trouble. I hope you'll treat everyone the same in this thread and also moderate down core members, should they not respect your above condition for future posts on this topic. I certainly will and this discussion is done for me now.

[user deleted]

Hi Joe,

To answer your questions; if our investigation turns out the leak would be in the core code, then normal procedures would be followed and a security patch would be released almost immediately. I would be responsible for doing that. If it would turn out to be a leak in a 3rd party extension, then of course we would share this information, if it were only to prevent other sites from getting hacked.

I'll be leaving the rest of your ideas/questions for now, I'm a bit busy as you can probably understand 

[user deleted]

Okay, enough is enough! [...] Anything beyond my post which is still off topic will simply be deleted.

It's sad that you don't give me a chance to counter what MMMedia has just written as I was already sending out a long and well-thought reply but then I saw your above statement. Of course, I'll comply, although I think it isn't very fair to do this.

However, since I feel I have the right to rectify MMMedia's accusations, just allow me 2 very last statements: First, I have NEVER accused the Joomla! team of deleting threads on this board and I too DO NOT agree with the cracking. And second, I HAVE NOT promoted bad deeds on here. I just have a different way to handle such incidents, that is all.

Thank you for not editing out this post and sorry to cause so much trouble. I hope you'll treat everyone the same in this thread and also moderate down core members, should they not respect your above condition for future posts on this topic. I certainly will and this discussion is done for me now.

Duly  noted, thanks for understanding and following the rules.

[bergmannn]

Something new about it ?

[cbh]

I think a few folks raised a suggestion/recommendation that some form of notification should go out as quickly as possible after something like this happens, and I strongly agree with that idea. I don't necessarily need technical details at the outset (though that would be good if they're available) but simply a heads up along the lines of "Our site has been compromised, we're running version 1.0.13, we don't know much more than this at the moment but will let you know as soon as possible." (This as well as the password/bridge issue make me glad I've stuck with 1.0.12, though I suppose it might be vulnerable as well.) Providing this information will help me ensure I can, as much as possible, take care of my clients - who are in my case mostly small not for profits.

This type of notice at least lets me know that I should check all the sites I manage as quickly as possible to ensure they're OK, because I tend not to check them all that much on the weekends. It was only due to an insomniac coincidence that I checked the site at 6:30 on a Saturday morning here in the Great White North.

I'm aware that I can sign up for notifications in the security section of this forum, and if that works, that's great, but I think an even better model for this type of warning system is the one used by the folks at Drupal. You join a specific mailing list and are advised, very promptly it seems, of security concerns, not only with the core Drupal installation, but also wherever possible, about problems with add-ons.

I'm sure this is probably eating up a lot of time and effort for those of you who are responsible for this kind of thing. Believe me, it's appreciated.

Cheers
Chris Hutcheson