[NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
Moderator: General Support Moderators
Forum rules
- antonin
- Joomla! Fledgling
- Posts: 3
- Joined: Sun Apr 30, 2006 11:59 pm
- Location: Paris - France
- Contact:
[NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
http://www.joomlafrance.org hacked the 28-06-2006
You do not have the required permissions to view the files attached to this post.
Last edited by stingrey on Sun Jul 02, 2006 4:05 pm, edited 1 time in total.
-
- Joomla! Intern
- Posts: 64
- Joined: Mon Aug 22, 2005 6:47 pm
Re: JoomlaFrance.org Hacked
Can you tell Joomla version ?
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
It seems it was updated to .10 already, we're waiting for Lexel's confirmation..
None of the other parts are affected so far luckily.
But it's still scary.
None of the other parts are affected so far luckily.
But it's still scary.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
and what about Phil Taylors site, just a missing CSS or wrong link/ file name..?
You do not have the required permissions to view the files attached to this post.
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1403
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: JoomlaFrance.org Hacked
I am currently working on my site - I am playing with a new CSS file - I must stress I AM DOING THIS I have NOT been hacked :-)
Thanks for looking out for me though :-)
Thanks for looking out for me though :-)
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
Good!
Joomlafrance.org is fixed too.
Still waiting for lexel & hosting to tell us about this...
Joomlafrance.org is fixed too.
Still waiting for lexel & hosting to tell us about this...
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: JoomlaFrance.org Hacked
Remote command execution and cross-site scripting Joe
They usually only deface the index file but I would check that the site is not running with register_globals ON.
I can tell you what to look for in your logs so please email me if you want more info.
I PM'd you the information.
They usually only deface the index file but I would check that the site is not running with register_globals ON.
I can tell you what to look for in your logs so please email me if you want more info.
I PM'd you the information.
Last edited by Elpie on Thu Jun 29, 2006 2:02 am, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
thx Elpie, will let Lexel know
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
-
- Joomla! Apprentice
- Posts: 13
- Joined: Thu Dec 01, 2005 9:36 pm
Re: JoomlaFrance.org Hacked
This d...g hacker group found something about joomla and mambo, they hack lots of sites with Joomla. When you look http://www.[ ** removed hacker's list (kudos) **]/component/option, ... ers/page,2 you can see nearly all these sites were joomla or mambo made ... and if this joomlafrance.org hacked after r1.0.10, then what will we do?
Really scared.
Really scared.
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: JoomlaFrance.org Hacked
I don't think it has been confirmed that Joomlafrance.org was running Joomla 1.0.10 at the time it was hacked. 1.0.10 had been available for less than 48 hours when antonin posted that the website has defaced. Furthermore, just because the homepage was defaced does not necessarily mean that a vulnerability in the Joomla core was exploited, it could have easily come from a 3rd party component. I don't want to seem like I am doing the "Deny, Deny, Deny" act, but, we don't seem to have any information available on this attack. Freaking out is not yet justified.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Apprentice
- Posts: 13
- Joined: Wed Sep 14, 2005 10:53 pm
Re: JoomlaFrance.org Hacked
If a vulernability isn't known and therefore fixed, then version number matters not, nor the time of release of the latest. I look forward to any further news though.RobS wrote: 1.0.10 had been available for less than 48 hours when antonin posted that the website has defaced.
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: JoomlaFrance.org Hacked
I am not sure what you mean by that. Could you please clarify? Thanks in advance.Chips wrote:If a vulernability isn't known and therefore fixed, then version number matters not, nor the time of release of the latest. I look forward to any further news though.RobS wrote: 1.0.10 had been available for less than 48 hours when antonin posted that the website has defaced.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Apprentice
- Posts: 13
- Joined: Thu Dec 01, 2005 9:36 pm
Re: JoomlaFrance.org Hacked
Yes, I'm surfing some hacking sites to find some clues about the vulnerability they used. May be they're using some vulnerabilities that we don't know yet.Chips wrote: If a vulernability isn't known and therefore fixed, then version number matters not, nor the time of release of the latest. I look forward to any further news though.
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: JoomlaFrance.org Hacked
Almost all Patriotic Hackers attacks get in the same way - through using cross-site scripting in an url and managing to find a site that is running with register_globals ON. Most often they also use a file or directory that is set with full permissions of 777.
Of course Mambo and Joomla sites get hit - there are hundreds of thousands of them out there! The more popular a script is, the more chances there are for some installations of it to be left insecure. Simple.
The zone-h list is nothing more than a list of sites that have been reported as having been hacked. It does not say what version of any script the site was using when it was defaced, it does not say what the server setup was, nor what other scripts were being run on that site. Authoratative information comes from the security advisories and if you look at Secunia you will see that there have been very few confirmed vulnerabilities in either Mambo or Joomla over the lifetimes of these, and every single one of them has been fixed in later releases.
Edit: FWIW, Microsoft France was hit by a defacing attack from a Turkish cracker too this week - and they were NOT using Joomla!
Of course Mambo and Joomla sites get hit - there are hundreds of thousands of them out there! The more popular a script is, the more chances there are for some installations of it to be left insecure. Simple.
The zone-h list is nothing more than a list of sites that have been reported as having been hacked. It does not say what version of any script the site was using when it was defaced, it does not say what the server setup was, nor what other scripts were being run on that site. Authoratative information comes from the security advisories and if you look at Secunia you will see that there have been very few confirmed vulnerabilities in either Mambo or Joomla over the lifetimes of these, and every single one of them has been fixed in later releases.
Edit: FWIW, Microsoft France was hit by a defacing attack from a Turkish cracker too this week - and they were NOT using Joomla!
Last edited by Elpie on Fri Jun 30, 2006 3:03 am, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
Lexel hasn't given us the final conclusion on this, but apparently they would have gotten in via one of the joomla or mambo demo sites with all and every 3rd party component installed, so not easy to tell; at least not via the main site running .10
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
-
- Joomla! Apprentice
- Posts: 13
- Joined: Thu Dec 01, 2005 9:36 pm
Re: JoomlaFrance.org Hacked
Small note:Elpie wrote: Edit: FWIW, Microsoft France was hit by a defacing attack from a Turkish cracker too this week - and they were NOT using Joomla!
Patriotic Hackers are not Turkish hackers, they're Kurdish rebels. MS France was defaced by another group.
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: JoomlaFrance.org Hacked
I think you will find that "patriotic hackers" has become a generic term meaning all those crackers who hack sites to upload patriotic messages or deface them
I was using the expression iin the general term, not as one identifying any particular ethnic or idealogical group.
I was using the expression iin the general term, not as one identifying any particular ethnic or idealogical group.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
- eyezberg
- Joomla! Hero
- Posts: 2859
- Joined: Thu Aug 25, 2005 5:48 pm
- Location: Geneva mostly
- Contact:
Re: JoomlaFrance.org Hacked
It appears they got in via on older Mambo demo and went from there.. .10 should be ok
Sometimes one pays most for the things one gets for nothing.
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
The important thing is not to stop questioning. Curiosity has its own reason for existing. AE
http://joomla15.[URL banned].com for J! 1.5 screenshots
http://www.eyezberg.com
-
- Joomla! Apprentice
- Posts: 13
- Joined: Wed Sep 14, 2005 10:53 pm
Re: JoomlaFrance.org Hacked
Certainly:RobS wrote: I am not sure what you mean by that. Could you please clarify? Thanks in advance.
I misread what you posted slightly!
I thought you inferred that it couldn't be .10 as it was only released 48 hours before, not giving enough time to be hacked - hence my post.
Reading it again, it's quite clear you actually say ".10 has only been available for 48, so has the site may actually not have updated yet".
Sorry for the confusion, should read things a bit more carefully in future
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: JoomlaFrance.org Hacked
Oh, okay. Thanks for clarifying!
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Intern
- Posts: 80
- Joined: Fri Oct 07, 2005 11:45 am
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
I'm running 1.0.10 and was hacked over the weekend by
Hacked By Neuromancer Maviates Hack Team
Tim : Neuromancer ,OsSie ,CyBeR-HiJacKeR ,NeGaTiFf ,Anatolian_Hacker
As far as my very quick initial investigation goes it looks like they just replaced the configuration.php with the code below. In retrospect I think that the file was 777 which wasn't too clever. It would be nice if there was some code which checked the security settings on a site and came back with recommendations. Should be pretty simple to check a load of files and directories for the correct rights.
Hacked By Neuromancer Maviates Hack Team
Tim : Neuromancer ,OsSie ,CyBeR-HiJacKeR ,NeGaTiFf ,Anatolian_Hacker
As far as my very quick initial investigation goes it looks like they just replaced the configuration.php with the code below. In retrospect I think that the file was 777 which wasn't too clever. It would be nice if there was some code which checked the security settings on a site and came back with recommendations. Should be pretty simple to check a load of files and directories for the correct rights.
Code: Select all
<title> Hacked By Maviates Hack Team | Neuromancer </title>
<head>
<STYLE>BODY {
scrollbar-face-color: #000000;
scrollbar-highlight-color: #000000;
scrollbar-shadow-color: #000000;
scrollbar-3dlight-color: #000000;
scrollbar-arrow-color: #CC0000;
scrollbar-track-color: #000000;
scrollbar-darkshadow-color: #000000;
}
.page
{
background-color: #EDEDED;
color: #41444C;
}
TABLE.bit {
border-right: 1px solid #CFCFCF;
border-left: 1px solid #CFCFCF;
border-bottom: 1px solid #CFCFCF;
<title> Hacked By MaviAtes Hack Team ' Neuromancer '
}
td
{
font: 8pt verdana, geneva, lucida, 'lucida grande', arial, helvetica, sans-serif;
}
.alt1
{
background-color: #F7F7F7;
color: #41444C;
}
</STYLE>
<meta http-equiv="Content-Language" content="tr">
</head>
<BODY bgColor=#000000 onload=teclear();>
<p align="center"></p>
<p align="center"><font face="Times New Roman"><b>
<font color="#FFFFFF" size="7">Hacked By
Neuromancer</font></b></font></p>
<p align="center"><b><font face="Times New Roman" size="7" color="#FF0000">
<span lang="en-us"> </span>"<span lang="en-us"> </span><span lang="en-us"></span>Maviates Hack Team "
<span lang="en-us"></span></font></b></p>
<p align="center"><b><font color="#FFFFFF" size="5" face="Times New Roman">
Tim : Neuromancer ,OsSie ,CyBeR-HiJacKeR ,NeGaTiFf ,Anatolian_Hacker
</font></b></p>
<P align=center><SPAN class=style1><img src="http://home.earthlink.net/~monsterbox/newsite/Images/jpgs/skeletonwitch%20copy.jpg" width="350" height="255"></SPAN>
<p align="center">
<b><font color="#FFFFFF" face="Times New Roman" size="6">
Turkish Hackers Group ' Maviates Hack Team '</font></b></p>
<p align="center">
<b><font color="#FFFFFF" face="Times New Roman" size="6">
Benim Ülkemde Ezan Susmaz ,Bayrak İnmez</font></b></p>
<EMBED src=http://www.ulkuocaklari.org.tr/muzik/mehter/14.asf width=20 height=15 hidden=true type=audio/mpeg true autostart="true" loop="-1">
<br />
<b>Warning</b>: main(): open_basedir restriction in effect. File(/includes/version.php) is not within the allowed path(s): (/home/bertie/:/usr/lib/php:/usr/local/lib/php:/tmp) in <b>/home/bertie/public_html/includes/joomla.php</b> on line <b>71</b><br />
<br />
<b>Warning</b>: main(/includes/version.php): failed to open stream: Operation not permitted in <b>/home/bertie/public_html/includes/joomla.php</b> on line <b>71</b><br />
<br />
<b>Fatal error</b>: main(): Failed opening required '/includes/version.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in <b>/home/bertie/public_html/includes/joomla.php</b> on line <b>71</b><br />
-
- Joomla! Intern
- Posts: 80
- Joined: Fri Oct 07, 2005 11:45 am
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
On further investigation it looks like I was hacked via an exploit in the ExtCalendar component. This replaced the configuration.php as listed above and added a ... directory to the component. This directory contained avi files for 5 films and a number of files (xh, http and error_log) which are idenitified by Symantec as hacking tools.
-
- Joomla! Apprentice
- Posts: 12
- Joined: Sat May 27, 2006 11:28 pm
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
Hi I have been hacked during the weekend, and today, and im still receiving attacks
its curious because the only affected is http://www.rinconconsolas.net which is joomla 1.0.10
in rinconportatil.net which is joomla 1.0.4 i havent received attack ... yet
any1 can help?
i hace deleted com_weblinks and dont have ext_calendar
plkease help
its curious because the only affected is http://www.rinconconsolas.net which is joomla 1.0.10
in rinconportatil.net which is joomla 1.0.4 i havent received attack ... yet
any1 can help?
i hace deleted com_weblinks and dont have ext_calendar
plkease help
-
- Joomla! Explorer
- Posts: 374
- Joined: Thu Aug 18, 2005 8:54 pm
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
You are running phpBB which is also targeted by the current attacks.oplaza wrote: Hi I have been hacked during the weekend, and today, and im still receiving attacks
its curious because the only affected is http://www.rinconconsolas.net which is joomla 1.0.10
in rinconportatil.net which is joomla 1.0.4 i havent received attack ... yet
any1 can help?
i hace deleted com_weblinks and dont have ext_calendar
plkease help
-
- Joomla! Apprentice
- Posts: 12
- Joined: Sat May 27, 2006 11:28 pm
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
yes, but is versio 21 of phpbb which is latest so i dont understandPeter Koch wrote:You are running phpBB which is also targeted by the current attacks.oplaza wrote: Hi I have been hacked during the weekend, and today, and im still receiving attacks
its curious because the only affected is http://www.rinconconsolas.net which is joomla 1.0.10
in rinconportatil.net which is joomla 1.0.4 i havent received attack ... yet
any1 can help?
i hace deleted com_weblinks and dont have ext_calendar
plkease help
i think is something related with error_log exploit
-
- Joomla! Apprentice
- Posts: 6
- Joined: Mon Jul 10, 2006 10:00 pm
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
"On further investigation it looks like I was hacked via an exploit in the ExtCalendar component. This replaced the configuration.php as listed above and added a ... directory to the component. This directory contained avi files for 5 films and a number of files (xh, http and error_log) which are idenitified by Symantec as hacking tools."
Speleo,
One of my clients' sites was attacked over the weekend as well, and it appears to be the same exploit. Unfortunately, the client's host lied to them about doing backups and they don't have redundant servers. Have you figured out how to solve the problem? I've been able to remove at least some of the malicious code, but I haven't been able to fully restore the configuration.php or get the site back up and running yet.
Any ideas would be greatly appreciated by me and my client.
Thank you in advance.
Speleo,
One of my clients' sites was attacked over the weekend as well, and it appears to be the same exploit. Unfortunately, the client's host lied to them about doing backups and they don't have redundant servers. Have you figured out how to solve the problem? I've been able to remove at least some of the malicious code, but I haven't been able to fully restore the configuration.php or get the site back up and running yet.
Any ideas would be greatly appreciated by me and my client.
Thank you in advance.
-
- Joomla! Apprentice
- Posts: 16
- Joined: Wed Sep 28, 2005 11:56 am
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
==>oplaza
It's not phpbb but the attachment-mod in the component.
See here:
http://www.joomlastuff.org/component/op ... ic/t,2937/
OM
It's not phpbb but the attachment-mod in the component.
See here:
http://www.joomlastuff.org/component/op ... ic/t,2937/
OM
-
- Joomla! Apprentice
- Posts: 12
- Joined: Sat May 27, 2006 11:28 pm
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
thanks !!
I have receibed today the error_log from my host...
and the error is in download.php as the post u sent says,
I have deleted the forum waiting for a solution.
thanks!!
I have receibed today the error_log from my host...
and the error is in download.php as the post u sent says,
I have deleted the forum waiting for a solution.
thanks!!
- ahwoogamac
- Joomla! Apprentice
- Posts: 23
- Joined: Mon Sep 12, 2005 9:41 pm
- Location: Atlanta, GA
- Contact:
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
I design sites and I have had 3 clients attacked this weekend. All three had ExtCalendar on them. Two of them didn't have the "Direct Access Denied" fix added to them, but one did. However, none of them had the .htaccess fix mentioned in another thread about hacking Extcalendar, so this may solve the problem. I have added both of these fixes on all my sites that use ExtCalendar.
For gaspero1:
It wasn't too hard at at all to restore the config file. I just used one from anther one of my sites and changed the information (or there should be a configuration.php-dist file in your root folder that has a list of empty settings for you to fill in) . As for the database info, I couldn't remember it, so I logged into cpanel, deleted the user, created a new username and password, and then gave them full permissions to the database. This allowed me to copy the new info into the config file. With all those changes made, the config file worked as good as new.
For gaspero1:
It wasn't too hard at at all to restore the config file. I just used one from anther one of my sites and changed the information (or there should be a configuration.php-dist file in your root folder that has a list of empty settings for you to fill in) . As for the database info, I couldn't remember it, so I logged into cpanel, deleted the user, created a new username and password, and then gave them full permissions to the database. This allowed me to copy the new info into the config file. With all those changes made, the config file worked as good as new.
http://www.planetbobstudios.com
Akima: You can't call a planet "Bob."
Cale: So now you're the boss. You're the King of Bob.... No one said you have to live on Bob.
Akima: You can't call a planet "Bob."
Cale: So now you're the boss. You're the King of Bob.... No one said you have to live on Bob.
-
- Joomla! Fledgling
- Posts: 1
- Joined: Wed Aug 13, 2008 11:30 am
Re: [NOT JOOMLA VULNERABILITY] JoomlaFrance.org Hacked
I have been hacked by this during the night and am not experienced at web hosting and wondering what to do. Can anybody guide me through this?