Admin password reset hack 1.5.14
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Tue Aug 25, 2009 9:47 pm
Admin password reset hack 1.5.14
A few days ago one of my sites was hacked. I received a password reset request email and tried to login to my site, but couldn't because the admin password had changed. My index.php page had been replaced with a page saying it had been hacked by someone.
I went to the forums and documentation and was able to reset my password through the database. I changed the name of the admin user and created a stronger password. I also updated the site to 1.5.14 because it was at 1.5.7 and I had read in a post somewhere that this issue had been fixed.
Yesterday, I received an email again and the site had been hacked again. I found a post about someone else that had the same problem.
http://forum.joomla.org/viewtopic.php?f ... .12+hacked
I followed the suggestion to remove the reset password directory in the com_user folder and that seems to have worked. However, it obviously removes the ability for a user to reset their password.
Is there another fix in place or in the works that will resolve this issue? I have other sites that actually involve user registration, which I will need the password reset component working.
Thanks,
Jonathan Jeter
MinistryWebs
I went to the forums and documentation and was able to reset my password through the database. I changed the name of the admin user and created a stronger password. I also updated the site to 1.5.14 because it was at 1.5.7 and I had read in a post somewhere that this issue had been fixed.
Yesterday, I received an email again and the site had been hacked again. I found a post about someone else that had the same problem.
http://forum.joomla.org/viewtopic.php?f ... .12+hacked
I followed the suggestion to remove the reset password directory in the com_user folder and that seems to have worked. However, it obviously removes the ability for a user to reset their password.
Is there another fix in place or in the works that will resolve this issue? I have other sites that actually involve user registration, which I will need the password reset component working.
Thanks,
Jonathan Jeter
MinistryWebs
- SFGolfer
- Joomla! Ace
- Posts: 1216
- Joined: Fri Jul 25, 2008 12:27 am
- Location: Bunker or a Hazard
- Contact:
Re: Admin password reset hack 1.5.14
The common suggestions are to follow the recommendations in the post you linked to (as well as other posts).
There is also a security checklist: http://docs.joomla.org/Category:Security_Checklist
Another recommendation is to disable the default 'admin' as the Super Administrator. Create a different Super Administrator with a tough username and a very strong password. Be sure there are no other logins that have access to the User Manager. Check your site's FTP access has a strong login as well (or disable it for the time being).
What it boils down to is the security on your side including folders, user database, the database tables, etc.
There is also a security checklist: http://docs.joomla.org/Category:Security_Checklist
Another recommendation is to disable the default 'admin' as the Super Administrator. Create a different Super Administrator with a tough username and a very strong password. Be sure there are no other logins that have access to the User Manager. Check your site's FTP access has a strong login as well (or disable it for the time being).
What it boils down to is the security on your side including folders, user database, the database tables, etc.
Even a blind squirrel finds a nut every once in a while.
-
- Joomla! Fledgling
- Posts: 3
- Joined: Fri Aug 28, 2009 4:33 pm
Re: Admin password reset hack 1.5.14
is it possible that this hack is somehow occurring because the hacker is putting both a legitimate admin email as well as their own email into the Forgot your Password box? for example, entering "[email protected],[email protected]"
my workaround for the time being is to append
to \components\com_user\models\reset.php, ~line 65: $query in function requestReset
this will allow other users to reset their password, but not admins.
I just don't understand because in function confirmReset (same file) it checks that the token is 32 chars, and there's no way to make a SQL injection that small, even with a hash.
my workaround for the time being is to append
Code: Select all
. ' AND usertype NOT LIKE \'%Administrator%\'';
this will allow other users to reset their password, but not admins.
I just don't understand because in function confirmReset (same file) it checks that the token is 32 chars, and there's no way to make a SQL injection that small, even with a hash.
Signature Rules: http://forum.joomla.org/viewtopic.php?f=8&t=65
-
- Joomla! Fledgling
- Posts: 2
- Joined: Thu Oct 22, 2009 4:30 pm
Re: Admin password reset hack 1.5.14
I had exact the same problem with version 14. Aftger that i secured my template but the hacker came back and resetted again my paswrod. Is there a known leak in joomla or one of his extensions ? Which extensions you use ?
-
- Joomla! Intern
- Posts: 64
- Joined: Sat Nov 24, 2007 8:13 pm
Re: Admin password reset hack 1.5.14
I have been having exactly the same problem. They hacked in three times even after going through the security check list as suggested. I just gave up and started all over again with a clean install of everything. My site is small so it was not a lot of work. One thing that I did notice that when I downloaded the Rocket theme template that I was using, the latest version had a fix for a Low impact XSS vulnerability patch which, Wikipedia was describing was happening to me.
Maybe you need to update your template.
Hope that helps
Maybe you need to update your template.
Hope that helps
-
- Joomla! Fledgling
- Posts: 2
- Joined: Thu Oct 22, 2009 4:30 pm
Re: Admin password reset hack 1.5.14
it do not know if you all used sermonspeaker. But there was a problem which could cause this problem. They released a patch for it.
-
- Joomla! Intern
- Posts: 64
- Joined: Sat Nov 24, 2007 8:13 pm
Re: Admin password reset hack 1.5.14
I have been using sermon speaker and have since updated it. My site has been up for a week now without any hacking attempts.iamjoomlauser wrote:it do not know if you all used sermonspeaker. But there was a problem which could cause this problem. They released a patch for it.
Cheers
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Admin password reset hack 1.5.14
Could each of you post the following information?
* install and run the forum post tool; post the results
http://forum.joomla.org/viewtopic.php?f=428&t=272481
* list your extensions/templates and versions of each
* list your folder/file permissions
* list your browser, it's version
* list your ftp program and version
* Do a full scan of the computer you normally use and report any virus detected by their computer system.
Only by reporting common information can we can track down any common things and see if it is really a Joomla problem or a common extension.
* install and run the forum post tool; post the results
http://forum.joomla.org/viewtopic.php?f=428&t=272481
* list your extensions/templates and versions of each
* list your folder/file permissions
* list your browser, it's version
* list your ftp program and version
* Do a full scan of the computer you normally use and report any virus detected by their computer system.
Only by reporting common information can we can track down any common things and see if it is really a Joomla problem or a common extension.
PhilD
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Admin password reset hack 1.5.14
This is an SQLi vulnerability, likely in a 3rd party script. Here's how it works: the attacker finds a way to execute arbitrary SQL code, and somehow extracts the email of an admin. Then they reset the password, causing the reset token to be placed in the database and you getting that email. Then they exploit again, only this time they extract the token. Finally, the hacker pops the token into the input and resets your password.
I'll say it again: Joomla shouldn't store the reset hashes in plain text in the database... I posted about this a while back: http://forum.joomla.org/viewtopic.php?p=1831944 and so far, 0 replies.
I'll say it again: Joomla shouldn't store the reset hashes in plain text in the database... I posted about this a while back: http://forum.joomla.org/viewtopic.php?p=1831944 and so far, 0 replies.
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- fw116
- Joomla! Ace
- Posts: 1373
- Joined: Tue Sep 06, 2005 11:18 am
- Location: Germany
Re: Admin password reset hack 1.5.14
as long as joomla do so, like jeff said, you should ask your hoster if he has installed apache mod_security with a filter, that strikes against such attacks...
like :
or
and there is much more to do then only those 2 generic example filters !
like :
Code: Select all
REQUEST_URI|ARGS|XML:/*|!ARGS:/descr/|!ARGS:movie_brief|!ARGS:/text/|!ARGS:/message/|!ARGS:ncontent|!ARGS:/body/|!ARGS:/content/|!ARGS:searchword|!ARGS:comments|!ARGS:text|!ARGS:/description/|!ARGS:/^sql/|!ARGS:/products_description/|!ARGS:contactMessage|!ARGS:cts|!ARGS:meta_descr|!ARGS:text|!ARGS:edited|!ARGS:content|!ARGS:description|!ARGS:introtext|!ARGS:Post|!ARGS:sql_query|!ARGS:itembigtext|!ARGS:article_content|!ARGS:body|!ARGS:mytextarea|!ARGS:ll_content_message|!ARGS:page-content|!ARGS:reply|!ARGS:xml|!ARGS:content_en|!ARGS:filecontent|!ARGS:message|!ARGS:content_en|!ARGS:general[description]|!ARGS:response[14]|!ARGS:/article/ "(?:(?:select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(?:from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|union select.*[a-z0-9].*into.*from)"
Code: Select all
REQUEST_URI_RAW|XML:/*|ARGS|!ARGS:/sql/|!ARGS:/text/|!ARGS:/message/|!ARGS:/body/ "(?:procedure\s+analyse\s*\()|(?:;\s*(declare|open)\s+[\w-]+)|(?:create\s+(procedure|function)\s*\w+\s*\(\s*\)\s*-)|(?:declare[^\w]+[@#]\s*\w+)|(exec\s*\(\s*@)" \
SecRule REQUEST_URI_RAW|XML:/*|ARGS|!ARGS:/sql/| "(?:union select.*php.*(?:system|eval\(|shell_exec|exec).*into)" \ SecRu_rules.conf:
SecRule REQUEST_URI_RAW|XML:/*|ARGS|!ARGS:/sql/| "(?:union select.*php.*(?:system|eval\(|shell_exec|exec).*into)" \
SecRule REQUEST_URI_RAW|XML:/*|ARGS|!ARGS:/sql/| "(?:union select.*php.*(?:system|eval\(|shell_exec|exec).*into)" \
-
- Joomla! Apprentice
- Posts: 24
- Joined: Wed Jul 22, 2009 7:51 am
Re: Admin password reset hack 1.5.14
Guys,
We modified the Joomla codes and make a patch to help you all, please see it the following. We contribute it to all J!1.5 users.
[MOD EDIT]
Exploit instructions removed.
[/MOD EDIT]
Hope this helps all Joomla admins.
Helix
Open Source Excellence
We modified the Joomla codes and make a patch to help you all, please see it the following. We contribute it to all J!1.5 users.
[MOD EDIT]
Exploit instructions removed.
[/MOD EDIT]
Hope this helps all Joomla admins.
Helix
Open Source Excellence
-
- Joomla! Apprentice
- Posts: 24
- Joined: Wed Jul 22, 2009 7:51 am
Re: Admin password reset hack 1.5.14
Guys, also let you know that J1.5.15 does not deal with this matter, therefore upgrading from J1.5.14 to J1.5.15 does not help.
Helix
Open Source Excellence
Helix
Open Source Excellence
-
- Joomla! Apprentice
- Posts: 22
- Joined: Tue Jun 30, 2009 10:25 pm
Re: Admin password reset hack 1.5.14
I found one issue with the patch and installation procedure. The Intellispire Software Installer uses the same component name "com_updater" so when trying to install the patch downloaded the following error is produced.
* Component Install: Another Component is already using diirectory: "..../components/com_updater"
Any suggestions on a work-a-round for this conflict, other than removing the Intellispire Software?
* Component Install: Another Component is already using diirectory: "..../components/com_updater"
Any suggestions on a work-a-round for this conflict, other than removing the Intellispire Software?
-
- Joomla! Apprentice
- Posts: 24
- Joined: Wed Jul 22, 2009 7:51 am
Re: Admin password reset hack 1.5.14
Hmm... interesting.. then I think we should change the name to com_oseupdater in the stable final version then. Sorry about the inconvenience.
Helix
Helix
-
- Joomla! Apprentice
- Posts: 22
- Joined: Tue Jun 30, 2009 10:25 pm
Re: Admin password reset hack 1.5.14
if the name change could be done that would be great, it would help those of us that use the Intellspire software for software installation and updates.
Thanks.
Thanks.
-
- Joomla! Apprentice
- Posts: 24
- Joined: Wed Jul 22, 2009 7:51 am
Re: Admin password reset hack 1.5.14
Exploit instructions Kidding?? We provide this patch to help Joomla users but this has marked as exploit instructions?? We are working on PHP security software, and we just want to help others, and this has been removed?? Shall we NOT share the codes??osexcel wrote:Guys,
We modified the Joomla codes and make a patch to help you all, please see it the following. We contribute it to all J!1.5 users.
[MOD EDIT]
Exploit instructions removed.
[/MOD EDIT]
Hope this helps all Joomla admins.
Helix
Open Source Excellence
Anyway, to those who wants to patch this security hole, please google "Open Source Excellence" and submit a request in the forum. We will NOT provide any links here any more.
Open Source Excellence
-
- Joomla! Ace
- Posts: 1964
- Joined: Tue Jun 09, 2009 2:21 am
- Location: WV
- Contact:
Re: Admin password reset hack 1.5.14
Overzealous mod? Your software did something bad (not saying it did - I didn't test it)? Aliens?
Mods?
Mods?
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
-
- Joomla! Apprentice
- Posts: 24
- Joined: Wed Jul 22, 2009 7:51 am
Re: Admin password reset hack 1.5.14
Overzealous mod? possibly. Do not want to be negative on this, just want others know here:
One of the Joomla users who had the same scenario asked us about this issue today (as we do security software for PHP system), we then investigated this issue, and find that the hackers might go for some steps (NOT BEING DISCLOSED HERE for security reasons) to hack the admin account. We therefore find the method to restrict this behavior by modifying one Joomla file. Then share it with all OSE users + Joomla users here. Never thought that this would be tagged as Exploit instructions (honestly, moderators, please test the patch first before you moderate the post).
Anyway, as we said, for those who would need help with this, please google us and we will tell you where to download the patch.
Also, we will not replying any post here. For those who would like to know more about the patch, please go to our forum.
Open Source Excellence
One of the Joomla users who had the same scenario asked us about this issue today (as we do security software for PHP system), we then investigated this issue, and find that the hackers might go for some steps (NOT BEING DISCLOSED HERE for security reasons) to hack the admin account. We therefore find the method to restrict this behavior by modifying one Joomla file. Then share it with all OSE users + Joomla users here. Never thought that this would be tagged as Exploit instructions (honestly, moderators, please test the patch first before you moderate the post).
Anyway, as we said, for those who would need help with this, please google us and we will tell you where to download the patch.
Also, we will not replying any post here. For those who would like to know more about the patch, please go to our forum.
Open Source Excellence
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Admin password reset hack 1.5.14
it could be that the post was being validated or checked or whatever before being spread around as a total fix as some people are advertising it.
As it also altered the core/code files then a beginner may have really messed up their site. A simple issue as the name being the same as many extensions may have caused it to be pulled.
At least you were left with the main contents of the post.
The mods were being cautious for the sake of the community, possibly over cautious, but the only way to find out is to contact the mods team who dealt with your post and see. Perhaps consider posting the file to the JED for validation and doing it that way?
If you feel so strongly about the way it was dealt with, then contacting the mods team is the only real way to go about it.
Its also unusal that there is not mods edit tag on the post, possibly went the same way as the avatar gallery did yesterday...weird
(get your silverfoil/alien protector hats here!!!)
As it also altered the core/code files then a beginner may have really messed up their site. A simple issue as the name being the same as many extensions may have caused it to be pulled.
At least you were left with the main contents of the post.
The mods were being cautious for the sake of the community, possibly over cautious, but the only way to find out is to contact the mods team who dealt with your post and see. Perhaps consider posting the file to the JED for validation and doing it that way?
If you feel so strongly about the way it was dealt with, then contacting the mods team is the only real way to go about it.
Its also unusal that there is not mods edit tag on the post, possibly went the same way as the avatar gallery did yesterday...weird
(get your silverfoil/alien protector hats here!!!)
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Admin password reset hack 1.5.14
re reading the original post, i think a slightly curious comment was
if this was true then we would see a lot more sites being hacked. if you find a joomla core vulnerability or exploit, it should be reported to the Joomla Security Strike Team at http://developer.joomla.org/security.htmlThere is a security risk issue in the Joomla Password Reset System, please read the following:
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- ooffick
- Joomla! Master
- Posts: 11615
- Joined: Thu Jul 17, 2008 3:10 pm
- Location: Ireland
- Contact:
Re: Admin password reset hack 1.5.14
Mod Note: The post was edited by the Joomla Security Strike Team.
Olaf Offick - Global Moderator
learnskills.org
learnskills.org
-
- Joomla! Guru
- Posts: 861
- Joined: Wed Jan 09, 2008 9:16 pm
- Contact:
Re: Admin password reset hack 1.5.14
I've now patched my live sites with Helix's patch (after testing on local dev first, of course). Everything seems fine but I'm now a bit worried about upgrading.
Will this patch get over-written when 1.5.16 is released, or might 1.5.16 contain the 'same' patch if the vulnerability is found to be correct by the JSST, or...?
Thanks,
Dave.
Will this patch get over-written when 1.5.16 is released, or might 1.5.16 contain the 'same' patch if the vulnerability is found to be correct by the JSST, or...?
Thanks,
Dave.
My website: http://www.davidboggitt.com/
Love and hate both devastate you, but at least love takes you to dinner first.
Love and hate both devastate you, but at least love takes you to dinner first.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Admin password reset hack 1.5.14
Yes, if you make a change to a core code file, and then upgrade and that core file is replaced.
but not if osexcel wishes to put it in as a bug and enter it in the bug tracker , or the JSST see it as needed and make the change in the core code,
but not if osexcel wishes to put it in as a bug and enter it in the bug tracker , or the JSST see it as needed and make the change in the core code,
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- alexwalker
- Joomla! Enthusiast
- Posts: 183
- Joined: Thu Sep 15, 2005 3:54 pm
- Location: Lancaster, UK (near the Lake District)
- Contact:
Re: Admin password reset hack 1.5.14
One of my sites was attacked today, an email was submitted stating a request has been made to reset your ****** account password. To reset your password, you will need to submit this token in order to verify that the request was legitimate.
I clicked on the link and as soon as I did that the attcahed page was rendered:
Thankfully I had a backup of the site and could restore quickly.
Problem Description:
Site asked for admin password reset via legitiate email.
Diagnostic Information
Joomla! Version: Joomla! 1.5.14 Stable [ Wojmamni Ama Naiki ] 30-July-2009 23:00 GMT
configuration.php: Writable (Mode: 644 ) | RG_EMULATION: N/A
Architecture/Platform: Linux 2.6.18-164.6.1.el5PAE ( i686) | Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 ( http://www.heyshamssp.org.uk ) | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Enabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5): Yes | iconv Support (1.5): Yes | save.session_path: Writable | Max.Execution Time: 30 seconds | File Uploads: Enabled
MySQL Version: 5.0.85-community ( Localhost via UNIX socket )
I clicked on the link and as soon as I did that the attcahed page was rendered:
Thankfully I had a backup of the site and could restore quickly.
Problem Description:
Site asked for admin password reset via legitiate email.
Diagnostic Information
Joomla! Version: Joomla! 1.5.14 Stable [ Wojmamni Ama Naiki ] 30-July-2009 23:00 GMT
configuration.php: Writable (Mode: 644 ) | RG_EMULATION: N/A
Architecture/Platform: Linux 2.6.18-164.6.1.el5PAE ( i686) | Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 ( http://www.heyshamssp.org.uk ) | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Enabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5): Yes | iconv Support (1.5): Yes | save.session_path: Writable | Max.Execution Time: 30 seconds | File Uploads: Enabled
MySQL Version: 5.0.85-community ( Localhost via UNIX socket )
Last edited by ooffick on Wed Dec 09, 2009 6:52 pm, edited 1 time in total.
Reason: Mod Note: Removed Hacker Names.
Reason: Mod Note: Removed Hacker Names.
Alex Walker
"to assume is to make an ass of u and me"
"to assume is to make an ass of u and me"
- ooffick
- Joomla! Master
- Posts: 11615
- Joined: Thu Jul 17, 2008 3:10 pm
- Location: Ireland
- Contact:
Re: Admin password reset hack 1.5.14
Hi, to learn how to reset the password, have a look here:
http://docs.joomla.org/How_you_reset_an ... assword%3F
http://docs.joomla.org/How_do_you_recov ... assword%3F
Please note that you might need to delete additional files which are inserted by the hacker, like webshells.
Please also note that your own computer might have been infected by a virus:
http://forum.joomla.org/viewtopic.php?f=432&t=411735
You might want to consider to use an SFTP or SSH connection to your server (instead of an normal FTP connection)
Please change all your passwords as well.
Moreover, please read this List as well:
http://docs.joomla.org/Category:Security_Checklist
Olaf
http://docs.joomla.org/How_you_reset_an ... assword%3F
http://docs.joomla.org/How_do_you_recov ... assword%3F
Please note that you might need to delete additional files which are inserted by the hacker, like webshells.
Please also note that your own computer might have been infected by a virus:
http://forum.joomla.org/viewtopic.php?f=432&t=411735
You might want to consider to use an SFTP or SSH connection to your server (instead of an normal FTP connection)
Please change all your passwords as well.
Moreover, please read this List as well:
http://docs.joomla.org/Category:Security_Checklist
Olaf
Olaf Offick - Global Moderator
learnskills.org
learnskills.org
- PhilD
- Joomla! Hero
- Posts: 2737
- Joined: Sat Oct 21, 2006 10:20 pm
- Location: Wisconsin USA
- Contact:
Re: Admin password reset hack 1.5.14
Never EVER, EVER, click on a link like that when you did not specifically request your password to be reset! This goes for any site not just Joomla!
You now need to change all your ftp, mysql database, c-panel, Joomla administrator passwords, inspect for any newly created Joomla user(s) and delete any that may have been made and inspect you Joomla install (and site as a whole) for anything unusual. It might be best to just do a Restore of Joomla from a backup made before you clicked the link and change all your passwords like mentioned above.
You now need to change all your ftp, mysql database, c-panel, Joomla administrator passwords, inspect for any newly created Joomla user(s) and delete any that may have been made and inspect you Joomla install (and site as a whole) for anything unusual. It might be best to just do a Restore of Joomla from a backup made before you clicked the link and change all your passwords like mentioned above.
PhilD
-
- Joomla! Guru
- Posts: 861
- Joined: Wed Jan 09, 2008 9:16 pm
- Contact:
Re: Admin password reset hack 1.5.14
Do we have any news as to whether this has been submitted as a bug to the JSST and if so, has it been confirmed?
Thanks again,
Dave.
Thanks again,
Dave.
My website: http://www.davidboggitt.com/
Love and hate both devastate you, but at least love takes you to dinner first.
Love and hate both devastate you, but at least love takes you to dinner first.
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Admin password reset hack 1.5.14
The JSST deal with security issues and not with bugs.
Bugs are dealt with by the bugsquad at http://developer.joomla.org/bug-squad-blog.html
eddit to add ...
or here
http://forum.joomla.org/viewforum.php?f=199
Bugs are dealt with by the bugsquad at http://developer.joomla.org/bug-squad-blog.html
eddit to add ...
or here
http://forum.joomla.org/viewforum.php?f=199
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Guru
- Posts: 861
- Joined: Wed Jan 09, 2008 9:16 pm
- Contact:
Re: Admin password reset hack 1.5.14
Not wanting to sound rude, but wasn't that rather unnecessarily pedantic?
Besides, surely a bug could result in a security issue? Anyway, do you know whether this apparent security issue been reported to the JSST please?
Dave.
Besides, surely a bug could result in a security issue? Anyway, do you know whether this apparent security issue been reported to the JSST please?
Dave.
My website: http://www.davidboggitt.com/
Love and hate both devastate you, but at least love takes you to dinner first.
Love and hate both devastate you, but at least love takes you to dinner first.