1.5.26 vulnerability permitting upload of rogue PHP scripts

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
davecox
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Fri Jul 24, 2009 10:05 am

1.5.26 vulnerability permitting upload of rogue PHP scripts

Post by davecox » Thu Sep 13, 2012 10:13 am

We have been advised that Google was blocking acces to our site via a search. Our hosting company has discovered that this was due to a vulnerability in Joomla (1.5.26) which allows uploading of a PHP script to the image directory which was then used to make changes to .htaccess files through POST requests. Are you aware of this and has it / can it be corrected?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by mandville » Thu Sep 13, 2012 10:21 am

please download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package.
that will help us identify any issues
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

davecox
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Fri Jul 24, 2009 10:05 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by davecox » Thu Sep 13, 2012 10:32 am

How is this a poor question? I am advising you of a problem in the hope that action can be taken to correct it. I do not want to load the script you mention when you say it may allow hackers to access the site! :(

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by mandville » Thu Sep 13, 2012 1:49 pm

The poor question is in my signature line and not the post,
the FPA instructions are to not leave the file on the server as, if your site is insecure, the information provided could lead to additional attacks. the fpa itself does not allow things to be hacked. (no known hacks caused by this script) *

if you run the fpa and paste the output here, you can hide your server /url name and just show the respective results that will help identify if this is a core issue or a server issue.

*edit to add actual wordings
Please remove the FPA script from your website or otherwise change the name once the script has generated the Site Data and the message has been prepared and posted to the forum. This is so outsiders can't take a look at how your site is structured and possibly utilize any flaws that may be present.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Thu Sep 13, 2012 2:25 pm

davecox wrote:... Our hosting company has discovered that this was due to a vulnerability in Joomla (1.5.26) which allows uploading of a PHP script to the image directory which was then used to make changes to .htaccess files through POST requests. Are you aware of this and has it / can it be corrected?
... I am advising you of a problem in the hope that action can be taken to correct it. ...
Firstly:
That is your interpretation of what your hosting company said to you. And like ('Chinese whispers') it has lost a lot in it's actual meaning between what they sent to you and what you have posted for us to read.

Secondly:
If some one has uploaded a malicious script to the image directory then it is you(or someone who you gave login details to) who is the vulnerability. Because of one of several reasons
  • A computer with upload/admin access has been hacked
  • Your host is running vulnerable software on the server
  • You have bad file permissions
  • You have installed extensions that are vulnerable
  • You have allowed a member of the site to up load and they can not be trusted
  • You left your computer unattended for a toilet/fag break and someone used it without your knowledge
  • Ad infinitum ...
Finally:
There is no known vulnerability in Joomla 1.5.26. Just because one of the exploits has been found in a Joomla folder does not explain how it got there. Please ask you hosting company to provide the server logs that show when the exploit was uploaded. Also please run the http://forum.joomla.org/viewtopic.php?f=621&t=582860 and post the results here.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

davecox
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Fri Jul 24, 2009 10:05 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by davecox » Thu Sep 13, 2012 4:18 pm

Apologies for my misunderstanding of the procedure. Thanks for your patience!

I attach the info from the Forum Post Assistant.
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.2) : 13th September 2012 wrote:[10-Sep-2012 11:28:26 UTC] PHP Warning: substr() expects parameter 2 to be long, string given in /home/xxxx/public_html/modules/mod_nmap/mod_nmap.php on line 251
Forum Post Assistant (v1.2.2) : 13th September 2012 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: dcox (uid: 923/gid: 921) | Group: dcox (gid: 921) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-408.el5.lve0.8.58 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/dcox/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.13 | PHP API: cgi-fcgi | Session Path Writable: Unknown | Display Errors: | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: 10th September 2012 12:28:26. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 32M | Max. Input Time: 120 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.0.95-community-log (Client:5.0.95) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 2.90 MiB | #of _FPA_TABLE: 61
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.13) | date (5.3.13) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | posix () | pspell () | Reflection ($Id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | standard (5.3.13) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | eAccelerator (0.9.6.1) | timezonedb () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | imagick (3.0.1) | SourceGuardian (8.2) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (775) | modules/ (777) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: None components/ (775) | components/com_forme/uploads/ (777) | modules/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: User (1.5.0) | Wrapper (1.5.0) | MailTo (1.5.0) |
Components :: ADMIN :: Contact Items (1.0.0) | Search (1.5.0) | Trash (1.0.0) | Frontpage (1.5.0) | Configuration Manager (1.5.0) | Newsfeeds (1.5.0) | JCE (157) | Content Page (1.5.0) | User Manager (1.5.0) | Language Manager (1.5.0) | Ninja RSS Syndicator (1.0.7) | Module Manager (1.5.0) | HsConfig (2.0.9) | jUpgrade (1.2.3) | JUpdateMan (1.5.1) | Menus Manager (1.5.0) | Media Manager (1.5.0) | Weblinks (1.5.0) | Polls (1.5.0) | Installation Manager (1.5.0) | Messaging (1.5.0) | SimpleDownload (1.0.0) | Banners (1.5.0) | Cache Manager (1.5.0) | Control Panel (1.5.0) | pjinstaller (1.0.6) | Mass Mail (1.5.0) | forme (1.0.5) | Template Manager (1.5.0) | Plugin Manager (1.5.0) |

Modules :: SITE :: Menu (1.5.0) | Search (1.0.0) | Images Crawler (1.6.0) | Wrapper (1.0.0) | Who\'s Online (1.0.0) | VCNT J1.5 (1.5-6) | RSform! (1.0.4) | Random Image (1.5.0) | Banner (1.5.0) | Login (1.5.0) | Statistics (1.5.0) | ImageFlow (1.0.8) | Related Items (1.0.0) | Most Read Content (1.5.0) | Custom HTML (1.5.0) | Archived Content (1.5.0) | Breadcrumbs (1.5.0) | Feed Display (1.5.0) | Latest News (1.5.0) | Syndicate (1.5.0) | Footer (1.5.0) | Simple Image Holder (1.5.8) | Pro Magic Audio Player (1.2.7) | Sections (1.5.0) | Newsflash (1.5.0) | Ninja RSS Syndicator (1.0.4) | RokSlideshow (4.2) | Simple MP3 Player (1.5.1) | Poll (1.5.0) |
Modules :: ADMIN :: Quick Icons (1.0.0) | Latest News (1.0.0) | Online Users (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) | Admin Submenu (1.0.0) | Login Form (1.0.0) | Items Stats (1.0.0) | Title (1.0.0) | Custom HTML (1.5.0) | Popular Items (1.0.0) | Feed Display (1.5.0) | Footer (1.0.0) | Admin Menu (1.0.0) | Logged in Users (1.0.0) | User Status (1.5.0) |

Plugins :: SITE :: Search - Newsfeeds (1.5) | Search - Categories (1.5) | Search - Weblinks (1.5) | Search - Sections (1.5) | Search - Content (1.5) | Search - Contacts (1.5) | Authentication - GMail (1.5) | Authentication - Example (1.5) | Authentication - OpenID (1.5) | Authentication - LDAP (1.5) | Authentication - Joomla (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | Editor - JCE 154 (154) | Editor - TinyMCE 3 (3.2.6) | Joomla! Links for Advanced Lin (1.2.1) | Advanced Link (1.5.1) | Highslide HTML Expander (2.0.1) | Image Manager (1.5.2) | Paste (1.5.3) | Object Support (1.5.1) | SpellChecker (2.0.0) | Paste (1.5.0) | Highslide Expander (2.0.0) | File Browser (1.5.0 Stable) | Advanced Code Editor (1.5.3) | Editor - XStandard Lite for Jo (1.0) | User - Example (1.0) | User - Joomla! (1.5) | Content - Load Modules (1.5) | Content - Highslide (2.0.4) | Content - Example (1.0) | Content - Vote (1.5) | Content - mosforme (1.0.4) | Content - Pagebreak (1.5) | Simple Image Gallery (by Jooml (2.2) | Content - Code Highlighter (Ge (1.5) | Google Maps (2.12j) | Content - Email Cloaking (1.5) | Pro Magic Audio Player (1.2.4) | Content - Page Navigation (1.5) | System - Cache (1.5) | System - Mootools Upgrade (1.5) | System - Debug (1.5) | System - Log (1.5) | System - Backlinks (1.5) | System - SimpleDownload Link C (1.0.0) | System - Remember Me (1.5) | System - Legacy (1.5) | System - SEF (1.5) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Button - Image (1.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Purity (1.2.0) | beez (1.0.0) | js_optimus (1.3pro) | js_weblogic_blue (1.4) | rhuk_milkyway (1.0.2) |
Templates :: ADMIN :: Khepri (1.0) |
Last edited by mandville on Fri Sep 14, 2012 12:17 am, edited 1 time in total.
Reason: anoned

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Thu Sep 13, 2012 5:31 pm

Hi davecox

I will draw your attention to my previous post where I gave a list of reasons why you are the vulnerability to your site not Joomla.
Webdongle wrote:... it is you(or someone who you gave login details to) who is the vulnerability. Because of one of several reasons
  • A computer with upload/admin access has been hacked
  • Your host is running vulnerable software on the server
  • You have bad file permissions
  • You have installed extensions that are vulnerable
  • You have allowed a member of the site to up load and they can not be trusted
  • You left your computer unattended for a toilet/fag break and someone used it without your knowledge
  • Ad infinitum ...
...
The output from the FPA shows bad file permissions.
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (775) | modules/ (777) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: None components/ (775) | components/com_forme/uploads/ (777) | modules/ (777) |
Please read and follow the instructions of Before you post please read this
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

davecox
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Fri Jul 24, 2009 10:05 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by davecox » Thu Sep 13, 2012 11:33 pm

Thank you. I will sort file permissions. Please remove this topic for security reasons.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by mandville » Fri Sep 14, 2012 12:19 am

sorting the file permissions may not be enough. there is nothing in the post that warrants removal of the entire topic on the basis that it may assist others.
i have anoned your fpa output.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Fri Sep 14, 2012 1:10 am

davecox wrote:Thank you. I will sort file permissions. ...
You will need to do more than that to get rid of the exploit again I suggest Please read and follow the instructions of Before you post please read this
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

floogy
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Sep 18, 2012 2:01 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by floogy » Tue Sep 18, 2012 2:30 pm

This is a valid issue. Stop being rude to the original poster.

I was inspired by this thread to register an account here at Joomla! forums and write a script to help others diagnose their installations.

@davecox: You are not crazy, and it is probably not your fault. This very issue is being reported at http://support.godaddy.com/godaddy/rece ... product25t

@Webdongle your replies give the impression that you have become obsessed with defending 'your' platform instead of giving posters the benefit of the doubt. That is the death knoll of having responses that are typically useful. In fact, you threw this poor guy under the bus and it was revolting enough to inspire me to register an account here and try to help out, even though I personally do not use Joomla! at all, preferring to code by hand so as not to be targeted by script kiddies. Time to refocus on why you are posting here.

Attached, you will find two PHP scripts that I have written to diagnose the exploit explicitly reported (with instructions to resolve) at http://support.godaddy.com/godaddy/rece ... product25t

1. JoomlaCheck.php

This script was written for webmasters running Joomla! to determine whether their web hosting account been compromised by the Joomla! exploit reported at http://support.godaddy.com/godaddy/rece ... product25t

2. JoomlaCheckServer.php

This script was written for MySQL server administrators to determine in one fell swoop whether any accounts on a given server have been compromised by the Joomla! exploit reported at http://support.godaddy.com/godaddy/rece ... product25t and other locations

Love,

Shamus Mac
Last edited by mandville on Mon Sep 24, 2012 5:20 pm, edited 1 time in total.
Reason: removed scripts for security reasons

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by mandville » Tue Sep 18, 2012 4:45 pm

Moderators Comment - Please ensure you thoroughly check all files from 3rd parties before running. Do so at your own risk

floogy - while i understand you coming to the defence of a forum member, please note the following points.
* We have reviewed the postings by webdongle and found them to be direct and to the point - not rude. Be aware of other countries use of language.
* Your continual reference to the joomla exploit and links to the godaddy page were reported as "seo bait", please review your postings to see why this is.
* Regarding the godaddy page which is very general in its accusations.

After reviewing the posts it is apparent that webdongle had pointed out after
the FPA output that davecox posted in http://forum.joomla.org/posting.php?mod ... 2&t=750266 the various site/server administrator lapses.
Davecox report does not mention the godaddy method, his attack was by uploading a malicious file into the image directory which was set as world writeable as can be clearly seen in the FPA output.

There were in fact several other "areas for concern" eg JCE being an old possibly vulnerable version - it was reported as being OOD in Nov 2009 - it is now JCE 2.2.7.2 Updated on 12 September 2012 . Ther emay be other extensions out of date.

Without knowing the host that davecox is on (you made the godaddy connection) and and if other sites are affected, then from numerous cases the most likely case hack entry point was the world writeable files.

If godaddy would like to, or perhaps you ask them to provide exact details of every clean install where their reported hack has occurred. Then send it to the JSST for evaluation It will be gladly received. The files they (GD) reference are very similar to files mentioned in an 3rd party extension exploit that can be found in these forums.

As for the script you provided, it is NOT upload and run, it is upload, edit server settings, edit table names, then delete after running.
The information you enter into that file may be used to actively exploit your server.
Perhaps you would like to reupload or host your zip file with proper instructions, which versions of joomla its for etc. Running "as is" would cause failures and false reporting.
A quick trip to dr.upal and wdpress forums would also show they too have suffered the same "Joomla exploit"

edit to add - i removed your duplicate (without zips) post
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Slackervaara
Joomla! Ace
Joomla! Ace
Posts: 1115
Joined: Sat Aug 13, 2011 6:27 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Slackervaara » Tue Sep 18, 2012 5:03 pm

floogy wrote:Attached, you will find two PHP scripts that I have written to diagnose the exploit explicitly reported (with instructions to resolve) at http://support.godaddy.com/godaddy/rece ... product25t
The Godaddy support does not mention Joomla 1.5, but almost all subsequent versions.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Tue Sep 18, 2012 5:49 pm

@floogy

If you re read my first post you will see a list of the many possible causes for a site being vulnerable. When the OP eventually posted the results of the FPA ... then several of those (previously stated) weaknesses were shown to be existing in the OP's server set up.

As for your comment "obsessed with defending 'your' platform" ... that is a ridicules comment. All I have just stated that there were no known exploits in 1.5.26 and asked for proof of how the exploit entered the site.

The big problem is that people jump to conclusions without examening all the possibilities. And with http://support.godaddy.com/godaddy/rece ... product25t mentioning obsolete versions of Joomla more confusion is added.

Adding to the confusion is you sticking your nose into something that is none of your business. None of the other posts were directed at you. The issue concerned is not directly effecting you. Therefore it is nothing to do with you. This is not a personal attack on you .. it is just the way things are. And I doubt very much if you stick your nose in other peoples business in real life.

The facts of the matter are
  • The OP paraphrased what was said to him and put his own interpretation to it.
  • I pointed out several other possibilities
  • When the OP eventually run the FPA then several of the other possibilities were shown to be present.
  • Gddy are frequently hacked because they have bad security.
Who told you it was Gddy ? the OP ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

maia
Joomla! Apprentice
Joomla! Apprentice
Posts: 40
Joined: Thu Sep 21, 2006 4:50 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by maia » Thu Nov 01, 2012 7:11 pm

All I have just stated that there were no known exploits in 1.5.26 and asked for proof of how the exploit entered the site.
http://www.itoctopus.com/is-joomla-1-5-26-still-secure

The real problem about exploits is that they start being shared by a small number of people and in private. Those are the ones that really get the most of it before releasing it to the public (when they do). Therefore, it's hard to any inexperienced user to present a "proof of how the exploit entered the site". But the fact remains: There is an exploit but at the time it wasn't widely known.

On the other hand, I understand that FPA can be the first tool to assess to facts regarding security. Nevertheless, it shouldn't be the alpha and the omega of all explanations about security holes in Joomla. That's a naive interpretation of such tool. Debugging logs and understanding how 3rd party extensions can become a vehicle to such vulnerabilities is much more important. The problem is, not every user can perform such task. Still, throwing the "FPA pie and shut up" isn't the best way to help people.
Adding to the confusion is you sticking your nose into something that is none of your business. None of the other posts were directed at you. The issue concerned is not directly effecting you. Therefore it is nothing to do with you. This is not a personal attack on you .. it is just the way things are. And I doubt very much if you stick your nose in other peoples business in real life.
I'm sorry to say this, nothing personal, but it's this kind of attitude that drives people away from the joomla community. I have seen this behavior in some experienced joomla users and in some mods/admins as well. Guys, this is an open forum so deal with it. Plain and simple. If there are no rules restricting interaction with messages "that is none of your business" then others can present their contribution either you like it or not. I mean what's all about this argumentation about "sticking noses" or whatever ? Keep doing it and probably people would stop helping others because "The issue concerned is not directly effecting you". Is that what you really want ? Can't you see it works both ways ?

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Thu Nov 01, 2012 8:27 pm

maia wrote:... Guys, this is an open forum so deal with it. Plain and simple. If there are no rules restricting interaction with messages "that is none of your business" then others can present their contribution either you like it or not....
Yes they can give their opinion ... and if my opinion is that they are talking twadle and that they are sticking their nose into something that is not business to ... then I also have the write to do so. And if you don't like my opinion then tough because in your own words " this is an open forum so deal with it"

As for your comment
maia wrote:it's hard to any inexperienced user to present a "proof of how the exploit entered the site"
The point is not the difficulty of presenting proof. The problem is that people 'jump on the band wagon' without any knowledge of what they are talking about. If they are too 'inexperienced' to present the proof of how the exploit entered the site ... then they do not have enough experience to say where the problem is.

They may as well say "My site was hacked because the river flooded. I can't prove this because I am 'too 'inexperienced' to present the proof of how the exploit entered the site'. But I know it's true because others say the river flooding cause sites to be hacked."

The point is that until the point of entry is know that it is impossible to categorically state the cause. Yet people come on the forum making statements that they have no way of substantiating.

These forums are for helping people so when posts are made with unsubstantiated statements ... then the responsible people on the forum have a duty to point out how stupid the comments are.

And the fact remains that most of the hacks are due to 777 permissions and the use of extensions that have known vulnerabilities.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

maia
Joomla! Apprentice
Joomla! Apprentice
Posts: 40
Joined: Thu Sep 21, 2006 4:50 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by maia » Thu Nov 01, 2012 11:43 pm

Yes they can give their opinion ... and if my opinion is that they are talking twadle and that they are sticking their nose into something that is not business to ... then I also have the write to do so. And if you don't like my opinion then tough because in your own words " this is an open forum so deal with it"
Lol. This is like talking to my 16 year old ... look, there's a reason behind your comments and that reason is not helpful. Once you realize that, you'll reach the conclusion you're not helping to solve any issue. Yes, of course it's your opinion and you're entitled to having and expressing one. Too bad it serves nothing ... I mean, who cares if you think it's not their business ? The good thing is most people do think it's their business to help others with practical and open minded information. If they didn't, it wouldn't be any community to help, wouldn't it ?
These forums are for helping people so when posts are made with unsubstantiated statements ... then the responsible people on the forum have a duty to point out how stupid the comments are.
:eek:

A duty ?!?! What ? Are you serious ? When people don't understand something, and even if they say the utter nonsense, your idea of helping is calling them "stupid" ? That's exactly the "attitude" I was referring to. You're just proving me right, word after word. Man, you're lacking focus, just like the noobs posting stupid comments. Either way, the noobs have an excuse because they also lack understanding. Shouldn't be you, guys, that "know it all", giving the example ? I know probably one gets annoyed when noobs talk stuff they don't understand time after time but there are more subtle, and intelligent, ways to deal with this.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Fri Nov 02, 2012 1:17 am

maia wrote:...
Lol. This is like talking to my 16 year old ... look, there's a reason behind your comments and that reason is not helpful. ...
on contraire ... Tis I who feels like I am talking to a child. Yes there is a reason for my comments. And that reason is because posts that state so called facts but don't have anything to substantiate them are misleading.
maia wrote: and even if they say the utter nonsense, your idea of helping is calling them "stupid" ? That's exactly the "attitude" I was referring to
I said "...to point out how stupid the comments are". I did not say the people making them were stupid. It is not a judgement of the intelligence of the users making the comments. It describes the comments not the users making them.

The fact remains that unsubstantiated statements mislead new users. Therefore pointing out how stupid, nonsensical( or what ever adjective you want to use) they are ... is useful to the newbies and prevents them from doing something that damage their sites. It appears that you are confusing the commenting on the validity of posts with judging the person who makes them. I make no such confusion, I comment on the post not the person who makes them.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

jeff19090
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Nov 13, 2012 10:45 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by jeff19090 » Wed Nov 14, 2012 2:16 am

Jesus... I seriously think that 1.5.26 has a major security issue, because our sites get infected too much, and to be frank, I am surprised that after erading all these posts, I still have no idea what caused his problem.

Overall, I found people to be very generic: READ SECURITY CHECKLISt does not really help. I read it. 3 times. And the suggestion to check third-party extensions is not really helping. Most of the people here use similar extensions. If JCE version is a problem - how do we upgrade it would be more useful than this banter. What other typical components are out of date for 1.5.26 and how do you upgrade them and from where?

Also, I have noticed that quite a few use rockettheme and Gantry, yet, there is virtually no suggestion here on how to deal with them other than *check the list*.

Most of us cannot easily upgrade from 1.5.26 to 2.5 and are stuck with this version. It would be really valuable if someone actually sat down and addressed most of the concerns in a more realistic security checklist instead of quoting and re-quoting each other!

I, for one, sure could use it!

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Wed Nov 14, 2012 3:09 am

jeff19090 wrote:... I seriously think that 1.5.26 has a major security issue, because our sites get infected too much, and to be frank, I am surprised that after erading all these posts, I still have no idea what caused his problem.
...
There are hundreds of 1.5.26 sites that get attacked daily but are not hacked. Yet all your sites get hacked frequently and you "have no idea what caused his problem". To say 1.5.26 is the cause when you don't know the cause is just contradicting yourself. Because if you have no idea of the cause then you can not state what the cause is.

Due to the fact that you are getting hacked frequently when many others are not ... suggests that it's you lack of knowledge that is preventing you from securing your site correctly. If you run the FPA and post the results here then you may recieve some help.


jeff19090 wrote:...
Overall, I found people to be very generic: READ SECURITY CHECKLISt does not really help. I read it. 3 times. ...
The checklist is not a tutorial on security it is there to pinpoint various aspects to look at.
jeff19090 wrote:...And the suggestion to check third-party extensions is not really helping. Most of the people here use similar extensions. If JCE version is a problem - how do we upgrade it would be more useful than this banter. What other typical components are out of date for 1.5.26 and how do you upgrade them and from where? ...!
If you don't know how to update the extensions that you installed then consult the author of that extension. And you really don't know that you would download the latest version of JCE ? If you don't know that then you really need to learn how to use your initiative.(that is not an insult it is just an observation because downloading the latest version [from the site you downloaded the original] is obvious).

jeff19090 wrote:...
Also, I have noticed that quite a few use rockettheme and Gantry, yet, there is virtually no suggestion here on how to deal with them other than *check the list*.
...
Joomla does not write the third party extensions so the best people to explain how to update those extensions are their authors. One of the features in 2.5 is updating of extensions. Not all extension developers use it but many do http://docs.joomla.org/Help25:Extension ... ger_Update


jeff19090 wrote:...
Most of us cannot easily upgrade from 1.5.26 to 2.5 and are stuck with this version. It would be really valuable if someone actually sat down and addressed most of the concerns in a more realistic security checklist instead of quoting and re-quoting each other!

I, for one, sure could use it!
For someone to point to something being a security risk then say they "have no idea what caused his problem" ... and then admits they don't know that the latest version of an extension can be found on the site they first downloaded it from. Then I am not surprised.

The security checklist is just that ... a checklist for security ... it does not give you common sense. There are many pages in docs.joomla.org explaining how to upgrade to 2.5. And Google is a very useful tool for finding instructions and methods.

The method I used was to look for extensions that exported/imported data from 1.5.26 into 2.5. When I found those extensions then it was easy to work out a method to upgrade(migrate). http://forum.joomla.org/viewtopic.php?p ... 1#p2930081 explains the steps I took. You will probably need to learn a lot of skills to follow the list ... so here are some of the skills that you need.
  • Being able to install a program onto your computer
  • Learning how to use xampp
  • Learning about ftp
  • Learning how to read the instructions that come with kickstart.
    (A common mistake is to just click rather than actually reading the instructions).
  • Using a search engine(like Google) when you come to some instructions that you don't understand.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

jeff19090
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Tue Nov 13, 2012 10:45 am

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by jeff19090 » Wed Nov 14, 2012 7:37 am

Reading replies to my comments is very insightful.

You are right, I do not understand it, because I am not a technology expert. My status on this board clearly shows it. After receiving numerous reports about infection, I thought that I would learn more about the topic before deciding if this is our contractor fault , our software policy issue, or a combination of two. We have over 120MM page views globally spread over 90 different internal Joomla sites through out the world and too many departments are pointing fingers to too many variables.

While you may find acceptable to reply like this, I, for one, as a beginner, find this sort of attitude not constructive, not to mention not helpful. I was just suggesting what I think, as a newcomer, would be helpful to people like me. Judging from the sheer number of identical posts over the past 11 months, it seems to me that there are quite a few people affected by this. This clearly demonstrates that there is a problem that needs to be addressed. Telling me that I am not qualified to run Joomla is hardly the way to do it.

I also do not think that adding your company's URL in your signature file and insulting beginners is the best way to promote your company's support service. At least not with me.

On to the issue: I definitely think there should be something more simple and thorough than what is available out there. The more I look into Joomla, the more I am amazed by its versatility.I refuse to believe that this sort of attitude is prevalent in the community that created this wonderful product.

Just my two cents.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44018
Joined: Sat Apr 05, 2008 9:58 pm

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by Webdongle » Wed Nov 14, 2012 12:56 pm

jeff19090 wrote:Reading replies to my comments is very insightful.
...
Thank you.

jeff19090 wrote:...
You are right, I do not understand it, because I am not a technology expert. My status on this board clearly shows it. ....
Sorry but that is incorrect. Because your status on the board shows how many posts you have made. It bears no relation to your computer, software, Joomla (or other) expertise. You could be a 16 year old trying to 'talk it up big' ... you could be a very talented Graphic designer who is extremely competent with Mac OS. There is know way of knowing just by looking at your board status.

jeff19090 wrote:... After receiving numerous reports about infection, I thought that I would learn more about the topic before deciding if this is our contractor fault , our software policy issue, or a combination of two. We have over 120MM page views globally spread over 90 different internal Joomla sites through out the world and too many departments are pointing fingers to too many variables.....
Yes (many) companies are very good at finger pointing. Especially when speaking to people who have little in depth knowledge. It adds to the confusion an helps prevent them from taking responsibility ... and thus is cost effective for them. A perfect example is a women takes a car into a garage(workshop for repair) .. I'm sure you know how mechanics(well a lot of them) tell her a load of bull.


jeff19090 wrote:...
While you may find acceptable to reply like this, I, for one, as a beginner, find this sort of attitude not constructive, not to mention not helpful. I was just suggesting what I think, as a newcomer, would be helpful to people like me. ...
I'm sorry if my attitude offends you ... it is not meant to be offensive.


jeff19090 wrote:... I was just suggesting what I think, as a newcomer, would be helpful to people like me. Judging from the sheer number of identical posts over the past 11 months, it seems to me that there are quite a few people affected by this. This clearly demonstrates that there is a problem that needs to be addressed. Telling me that I am not qualified to run Joomla is hardly the way to do it....
People like you ? There are people of various levels that post on this board some with considerable technical knowledge and others with none. This forum is to help people with Joomla but help is also given on other computer related topics.

As for several people being effected by this ... that is a presumption that you make ... that is not an accurate comment. If you look at the ones effected by hacks they have little or no technical knowledge. They set folders/files with 777 permissions ... they use Hosts that get hacked frequently ... they use out of date software. There was even one who had a work colleague sabotage a project. It is not one issue that is effecting sites. It is a combination of issues caused by users who don't understand enough (about computers). Therefore saying a vulnerability in 1.5.26 and then saying you don't understand the cause ... is illogical and the pointlessness of your conclusions(based on false logic) needs to be explained..


jeff19090 wrote:...
I also do not think that adding your company's URL in your signature file and insulting beginners is the best way to promote your company's support service. At least not with me.
...
I am not a company I am an enthusiastic amateur who has had no formal computer tuition(except for the free word-processing/spreadsheet courses offered by local adult learning centres). My site is a hobby site and I do not offer support services.


jeff19090 wrote:...
On to the issue: I definitely think there should be something more simple and thorough than what is available out there. The more I look into Joomla, the more I am amazed by its versatility.I refuse to believe that this sort of attitude is prevalent in the community that created this wonderful product.
....
Joomla is a CMS that is Content Management Service not create magical sites. One of the problems is that people (who have little or no computer experience) expect to be able to create sites easily with it. But the truth is that it is only easy for people who are experienced in computing.

In order to make the most of Joomla the user needs to know and understand other things or employ people who do.

You say you have over 90 internal Joomla sites. If you have that many and don't understand server security ... then you need to employ someone who does. There are a lot of users who come on to this forum expecting all sort of free support. And thus save them from expense when providing services(that they don't have experience for).

I am not saying that you are running a service and complaining because we are not giving the correct free support for you to run it. But I am intrigued to know how someone who has no technical knowledge ends up running 90+ sites. Especially as you openly admit you have no technical knowledge.

If you wish to start a separate thread with issues that are specific to you and PM me a link. I will address the thread in a more specific manner. But when you post to an existing comments with statements that you don't know where to download the updates(for 3rd party extensions that you have previously downloaded) ... well there is not much specific to reply.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: 1.5.26 vulnerability permitting upload of rogue PHP scr

Post by mandville » Thu Nov 15, 2012 12:10 am

moderators comment
due to the continual off topic comments and to prevent trolling/degredation, this topic is now locked.
If the OP wishes to PM me or PhilD we will unlock the topic.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Locked

Return to “Security in Joomla! 1.5”