Joomla! Discussion Forums

These are no times for word games or things like that. The site has ben restored, and we're dealing with the immediate ramifications. If all has been done and things settled, we'll evaluate and learn from it. Simple as that.

Just simple......
We that we use this CMS need to know, not simple that, I believe eh.., and we evaluate if  to continue to believe us or except for.
But thanks for your intervention..

I still don't know where my discussion has not been civil. I called someone a liar in one of my post because, uhh, he was lying. That person stated false "facts" and I corrected him/her, that was all. I don't see in what way this isn't civil.



I most certainly have no connection at all to that cracker (it's not a hacker!) and I don't have the slightest clue how this was done.

If you have never heard of how to deal with such an incident, I suggest you read this:

*click*

It's a great book and it shows how people have dealt with cracker incidents in the past and what is a good and not so good way to handle such an attack. I also suggest you do some reading on the CCC website, another good ressource.

Anyway, that's it for me. I just hope you'll learn sth out of this and that you will (should it ever happen again, which I don't hope of course) handle this different and in a more honest/mature way the next time.

Thanks for reading.

[MOD note: Message deleted. This is an English board, please only use English.
If you would like to post a message in your native language, please use the appropiate forum at the International Zone: http://forum.joomla.org/index.php?actio ... a=expand#5 ]

I also wish for you the ability to handle posting in forums in a mature and responsible way my friend.  Please do read that link on Netiquette provided earlier.  It really is a good read.

edit:  hmm hacker (which is what the average user thinks because they typically say "My site has been hacked" /cracker/idiot.  I know the difference, but a lot of people don't know the difference and considering you responded to this thread with this specific title on it, using that specific name, over and over again without mentioning it until now, makes me think you are just looking for things to pick at/on (another troll tactic it would seem).  Again, netiquette comes into play here, you really should read that Wikipedia entry referenced above. 

edit2:  What is even funnier - the link you posted in your post points to a book "Hacker's Challenge : Test Your Incident Response Skills Using 20 Scenarios"  You really need to write that author a letter and describe the difference to them too.  Hate that you had to reference someone and recommend a read, but then they aren't using the right terminology either. 

It's funny that whenever you run out of arguments all you come up with is "read the rules" or "netiquette is what it's all about" but I haven't read a single convincing counter-argument to my posts here so far.



The author explains the terminology in his book and also gives reasons for choosing hacker instead of cracker as a title.
That was a marketing decision, not a technical one.

ROFL now that is good comedy!  Read this for technical information - but don't worry about the technical terminology.  It is a marketing decision!

HAHAHA!

Why? it's a very valid decision and had to do sth with educating a certain target-audience. It's funny how you judge that book and its author without even having read a single page in it. Way to go, yay.

So this is how you form an opinion on things? I think that says it all...

And again, you don't counter my arguments on how the Joomla! team handled this incident in a non-mature way at all. I'm still waiting for convincing reasons to support your view that the Joomla! guys did all right.

I doubt I'll ever read any in this thread, but hopefully someone will surprise me soon... 

Eh, that's probably because what she says is true, and all that is needed/required to comprehend the situation.

And your "opinion" is way off-base. The quickest, and most efficient, way to demoralize and discredit any person with ill-intentions, seeking attention, is to completely remove any publicity that person may be hoping for.

Besides, if these so-called "crackers" were that good, than they would have removed that option in the first place. But they didn't, so they aren't. Seeing as how the core team was able to restore order, in a speedy manner, then this "attempt" was more impish than an "attack".

Anyway, enough of all that..

I'm interested to hear what the team has to say about version numbers, file permissions, 3PD's, etc..

Stoked, obviously you didn't understand when it was posted above, so I will quote it for you again:



If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done.  I am sorry you can't grasp this concept, because it is an easy one.

Cracker, hacker...who cares in this case, the site was compromised and I agree sharing information on how it was done is not smart, simply because we don't know if there is a solution yet.

I don't want to generalize here, but the forum rules are there for a specific reason, and have proven themselves in time. No one likes to be moderated, but trust me the moderators do a good job to keep this forum a nice place, and they moderate everyone (including core members if needed).

"I don't need to give reasons for my opinion. No need to support my view with any facts, as I am always right!" 



Do some reading - there's lots and lots of people in the field of computer security that share my view.



That statement proves me that you have no idea what this is all about. Demoralizing and discrediting the moron who did that should be the least of a concern here. There's much more important things to deal with now - honestly informing the Joomla! users instead of trying to hide things, "minimizing" rumours and misinformation on the web instead of boosting them and investigating a possible security-hole instead of cursing the oh-so-evil crackers.



Again, same thing. Joomla! got cracked and whether it was a script-kiddy or a high-profile cracker doesn't matter. The site got cracked, period. It's a fact and you have to make the best out of it. Execrating and demoralizing the person who did it doesn't help anyone and certainly isn't a good way to deal with this incident at all.

MMMedia, obviously you didn't understand when it was posted above, so I will quote it for you again:



If you don't understand that, then there isn't much hope for you to get it no matter how much explanation is done.  I am sorry you can't grasp this concept, because it is an easy one.

This is the better sentence read until now

Um, buddy, think you can step off your high-horse?

Your confusing two points here: A) Doesn't seem like anyone is ignoring or removing info that it happened, which your implying B) Moderators (and to a greater extent PR) are the ones who can de-publicize and discredit-- it will be the developer and core team who find out the how/why.

Seriously, this shouldn't even been up for debate. You're not on the core team, not likely to ever be on the team, they've made their stance regarding situations like these long ago. It won't change unless they wish it to change. 'Nuff said.

Why do you think you can push _your_ opinions on the rest of us? As if they're far superior, or something...

Does this thread exist?  Has it been deleted?  The answer would be a resounding NO.

There is no secrecy here.  There is no concealment of information, except for the publication and promotion of the exact names of the entity responsible, which has always been the policy of this forum. One reason is that a lot of time mis information is posted regarding who, what, where, etc the crack/hack/whatever you want to call it comes from.  Two is this forum does not allow for the publication or promotion of malicious entities that compromise sites, it never has and never will, because people should not get credit or promotion for doing bad deeds.  People that do credit or promote bad deeds are no better than the ones that do the deed themselves. 

Discussion is had on vulnerabilities and solutions, when they are known, and there are whole security forums dedicated to the issue of security.

Please stop making up things, creating issues where there are none.  Your continued arguments that there is secrecy, or concealment are laughable at best, and an outright lie at worst.

Don't mind me, I'm just passing by 

** Robin waves around the book with forum rules **

I agree, and it wouldn't have been up for debate had the Joomla! team acted different.



I didn't know that you have to be in the core team to discuss something on this board. So do you want to say that I am not allowed to state an opinion on this just because I am not on the core team? Wow, now that's an interesting take on it.



That's fine but I don't see why this should make a discussion about what happened impossible. The Joomla! team can keep acting in the way they do, that's fine. However, we should be allowed to discuss such topics anyway. Or do you seriously think the users on this board should not be allowed to voice an opinion on things?



I'm just supporting my view here, that is all. It's called reasoning and debate. I'm not forcing anything on anybody. If you don't agree with it, that's perfectly fine. Also, I never said that my view is superior. But at least I used references/facts to support it while others don't do this at all and just keep saying "read the rules" instead.

Quite probably because they don't have any good arguments, coz otherwise I assume they would have shared them with me.

[me=willebil]slaps Robin with that book[/me]

Okay, enough is enough!

stokedfish, and all others, please remain on topic! which is that the site was hacked. If you have input about this, you are free to share that. Just stop the argument about being allowed to argue before this turns into a flame thread.

Anything beyond my post which is still off topic will simply be deleted.

Any new news on the shop.joomla site and how this contributed to the event?

Hi exrace,

I have no details if there was a link between the shop and the main site that got hacked later. Currently, a few people are still going through log files and such. But as you now, the Core team is spread around the Globe, and some are simply not available right now. I can't tell you if and when more details will be posted about the incident right now.

Could you share whether or not the http://www.joomla.org site was running .13 code?  I certainly understand if you cannot at this time.

Hi mmckeen,

We are indeed running version 1.0.13 on joomla.org.

How will publication of the investigations be handled, do we have to wait untill hole and fix both are available if it's Joomla core, will you post the hole if it's a 3rd part extension even before the fix is available so concerned people can remove it from their sites, are there any hints yet..?
Don't know if this part is off topic, but I don't see how posting a screenshot can be considered "rude"... I don't mind readers here not knowing who hacked the site, but how it was done is crucial info, and if these same hackers (a cracker for me is this: http://www.cepolina.com/freephoto/f/oth ... .bread.jpg ) have, as I understood from a post here, already compromised other sites, it might be helpfull to be able to search with their name or url or whatever to gain insight on the methods they used, and thus maybe be able to secure one's site before the team here is able to post something...
Alsoo think this is more a Security matter than "Sites and Infrastructure", as it doesn't only affect joomla.orgs site(s), and is in no way a "'mechanical' forum or Joomla! sites related issues/suggestions" topic.

It's sad that you don't give me a chance to counter what MMMedia has just written as I was already sending out a long and well-thought reply but then I saw your above statement. Of course, I'll comply, although I think it isn't very fair to do this.

However, since I feel I have the right to rectify MMMedia's accusations, just allow me 2 very last statements: First, I have NEVER accused the Joomla! team of deleting threads on this board and I too DO NOT agree with the cracking. And second, I HAVE NOT promoted bad deeds on here. I just have a different way to handle such incidents, that is all.

Thank you for not editing out this post and sorry to cause so much trouble. I hope you'll treat everyone the same in this thread and also moderate down core members, should they not respect your above condition for future posts on this topic. I certainly will and this discussion is done for me now.

Hi Joe,

To answer your questions; if our investigation turns out the leak would be in the core code, then normal procedures would be followed and a security patch would be released almost immediately. I would be responsible for doing that. If it would turn out to be a leak in a 3rd party extension, then of course we would share this information, if it were only to prevent other sites from getting hacked.

I'll be leaving the rest of your ideas/questions for now, I'm a bit busy as you can probably understand 

Duly  noted, thanks for understanding and following the rules.

Something new about it ?

I think a few folks raised a suggestion/recommendation that some form of notification should go out as quickly as possible after something like this happens, and I strongly agree with that idea. I don't necessarily need technical details at the outset (though that would be good if they're available) but simply a heads up along the lines of "Our site has been compromised, we're running version 1.0.13, we don't know much more than this at the moment but will let you know as soon as possible." (This as well as the password/bridge issue make me glad I've stuck with 1.0.12, though I suppose it might be vulnerable as well.) Providing this information will help me ensure I can, as much as possible, take care of my clients - who are in my case mostly small not for profits.

This type of notice at least lets me know that I should check all the sites I manage as quickly as possible to ensure they're OK, because I tend not to check them all that much on the weekends. It was only due to an insomniac coincidence that I checked the site at 6:30 on a Saturday morning here in the Great White North.

I'm aware that I can sign up for notifications in the security section of this forum, and if that works, that's great, but I think an even better model for this type of warning system is the one used by the folks at Drupal. You join a specific mailing list and are advised, very promptly it seems, of security concerns, not only with the core Drupal installation, but also wherever possible, about problems with add-ons.

I'm sure this is probably eating up a lot of time and effort for those of you who are responsible for this kind of thing. Believe me, it's appreciated.

Cheers
Chris Hutcheson