[UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Moderator: General Support Moderators
Forum rules
- brian
- Joomla! Master
- Posts: 12787
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
Google is your friend
"Secunia
Provides security advisories and information about patches.
secunia.com/"
Honestly how hard is it to search
"Secunia
Provides security advisories and information about patches.
secunia.com/"
Honestly how hard is it to search
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
- muni
- Joomla! Apprentice
- Posts: 14
- Joined: Fri Sep 02, 2005 7:45 am
- Location: Luxembourg
Re: WARNING: Vulnerability in SIMPLEBOARD
Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:
modules/haluk.php
modules/web.php
I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??
So watch out.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:
modules/haluk.php
modules/web.php
I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??
So watch out.
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
I would suggest talking to your service provider and ask them to check it out just to make sure nothing else funny has been added. It is much easier to do those things from a shell prompt than from a ftp session. Also, try getting them to turn of Register Globals for PHP while you have their attention as this tends to facilitate a lot of bugs making their effects once exploited much more damaging.
Changing your passwords might be a good idea too.
I don't suppose you kept a copy of those files for investigatory purposes? I would be interested in taking a look at them. I will add them to my collection. If you still have them you can PM them to me or email them to me, my email address is in my profile.
Changing your passwords might be a good idea too.
I don't suppose you kept a copy of those files for investigatory purposes? I would be interested in taking a look at them. I will add them to my collection. If you still have them you can PM them to me or email them to me, my email address is in my profile.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Explorer
- Posts: 374
- Joined: Thu Aug 18, 2005 8:54 pm
Re: WARNING: Vulnerability in SIMPLEBOARD
Besides the modified configuration.php we had these hacker tools and files after the simpleboard defacing:muni wrote: Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:
modules/haluk.php
modules/web.php
I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??
So watch out.
- cache/index.htm: Hacker message
- media/index.htm: Hacker message
- modules/mod_access.php: A backdoor program
- modules/www.bankofamerica.com.zip: fraud software archive
- modules/www.bankofamerica.com: fraud software installation
- templates/3.php: Read out system information
Thats why I have blocked all IP's of the provider who is hosting these people.
Last edited by Anonymous on Fri Jul 14, 2006 11:54 am, edited 1 time in total.
- muni
- Joomla! Apprentice
- Posts: 14
- Joined: Fri Sep 02, 2005 7:45 am
- Location: Luxembourg
Re: WARNING: Vulnerability in SIMPLEBOARD
Found other backdoor software that had been inserted through ext_calendar.(r57shell 1.31 and c99shell v1.0 pre-release build #16)
No, I have no backup copy.
I informed my service provider.
No, I have no backup copy.
I informed my service provider.
-
- Joomla! Apprentice
- Posts: 18
- Joined: Sat Jun 24, 2006 12:18 am
Re: WARNING: Vulnerability in SIMPLEBOARD
I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago. Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?Elpie wrote: Anybody that changed from simpleboard to Joomlaboard needs to make sure they have removed all simpleboard files from the site.
Simpleboard can be exploited even if it is unpublished and not showing on the site.
-
- Joomla! Apprentice
- Posts: 12
- Joined: Thu Jul 13, 2006 7:39 pm
Re: WARNING: Vulnerability in SIMPLEBOARD
If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?
Or would it be wise just to start all over again?
Or would it be wise just to start all over again?
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: WARNING: Vulnerability in SIMPLEBOARD
1. back-up your database (always do that anyway when you touch up your site).Deighardt1 wrote: If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?
Or would it be wise just to start all over again?
2. do not uninstall simpleboard through Joomla back-end uninstaller, but by using ftp or CPanel and deleting the simpleboard folders (I do not know if uninstalling simpleboard through joomla may or may not delete your data, so this is a secure way not to, applicable to other extensions like ext_calendar)
3. Install joomlaboard and when asked to upgrade the database, just say OK.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
- Elpie
- Joomla! Guru
- Posts: 903
- Joined: Wed Aug 17, 2005 11:26 pm
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.pdstein wrote: I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago. Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info
Open Source Research & Best Practice: http://osprojects.info
-
- Joomla! Apprentice
- Posts: 18
- Joined: Sat Jun 24, 2006 12:18 am
Re: WARNING: Vulnerability in SIMPLEBOARD
Thanks for your reply. What I'm asking, though is whether removing those two directories and their contents will eliminate this security risk or are there other things that need to be done?Elpie wrote:Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.pdstein wrote: I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago. Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?
-
- Joomla! Intern
- Posts: 79
- Joined: Sun Oct 02, 2005 8:05 am
Re: WARNING: Vulnerability in SIMPLEBOARD
Can someone just clarify for me - In regard to Simpleboard/Joomlaboard - Is this JUST A Simpleboard exploit or also Joomlaboard?
As normal, the information on TSMF is very vague and unhelpful.
Thanks,
As normal, the information on TSMF is very vague and unhelpful.
Thanks,
- RobS
- Joomla! Ace
- Posts: 1366
- Joined: Mon Dec 05, 2005 10:17 am
- Location: New Orleans, LA, USA
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
At first we thought it was just SimpleBoard but it turns out that older versions of Joomlaboard were vulnerable <=1.1.1. JoomlaBoard 1.1.2 should be safe.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions
-
- Joomla! Intern
- Posts: 95
- Joined: Tue Jul 18, 2006 11:04 pm
Re: WARNING: Vulnerability in SIMPLEBOARD
Hi!
I am reading all this scary stuff. My site was hacked the 17 july. The indexfile was changed for some turkey page...
I did get it to work again but now when i am writing something in the forum it says "Youre file did not upload. Please try again".
I do believa that there is a file somewhere, but where sould i look?
My site is "www.mx-skane.net"
Regards...
Peter
I am reading all this scary stuff. My site was hacked the 17 july. The indexfile was changed for some turkey page...
I did get it to work again but now when i am writing something in the forum it says "Youre file did not upload. Please try again".
I do believa that there is a file somewhere, but where sould i look?
My site is "www.mx-skane.net"
Regards...
Peter
- infograf768
- Joomla! Master
- Posts: 19133
- Joined: Fri Aug 12, 2005 3:47 pm
- Location: **Translation Matters**
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
You are using simpleboard 1.1.0 version.
Move to Joomlaboard 1.1.2.
Backup your db.
Delete all simpleboard related files by ftp.
Install Joomlaboard.
Update db if asked to.
Move to Joomlaboard 1.1.2.
Backup your db.
Delete all simpleboard related files by ftp.
Install Joomlaboard.
Update db if asked to.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group
-
- Joomla! Intern
- Posts: 95
- Joined: Tue Jul 18, 2006 11:04 pm
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
I can do this even that i am using Mambo and not Joomla? Maybe a stupid question but i want to be shure..
Thanx in advance!!!!!
Thanx in advance!!!!!
-
- Joomla! Intern
- Posts: 95
- Joined: Tue Jul 18, 2006 11:04 pm
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be??
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be??
-
- Joomla! Intern
- Posts: 95
- Joined: Tue Jul 18, 2006 11:04 pm
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Btw...MX-Skane wrote: 2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be??
It ask the same question 2 times... first it ask for a img-file and second for a file it does that 2 times...
-
- Joomla! Intern
- Posts: 95
- Joined: Tue Jul 18, 2006 11:04 pm
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Sorry to "spam".
But, after my hacked site i did install, joomlaboard. That was no problem at all. But, as i wrote there comes this alert that the file did not load.
I do have "Little Snitch" installed and that application checks the connections.
Now when i log in on my profile i do get this mess from Little Snitch http://mx-skane.net/img_from_site/img.gif
I have no idea what this is but my guess is that the file that the forum asks for is on tis site.
Please help me. Should i look in the scriptings for this or what???
Maybe its placed in the CB-files.
When i copy the html-code an paste it in a Dremweaver doc the same mess from Little snitch shows up.
But, after my hacked site i did install, joomlaboard. That was no problem at all. But, as i wrote there comes this alert that the file did not load.
I do have "Little Snitch" installed and that application checks the connections.
Now when i log in on my profile i do get this mess from Little Snitch http://mx-skane.net/img_from_site/img.gif
I have no idea what this is but my guess is that the file that the forum asks for is on tis site.
Please help me. Should i look in the scriptings for this or what???
Maybe its placed in the CB-files.
When i copy the html-code an paste it in a Dremweaver doc the same mess from Little snitch shows up.
-
- Joomla! Apprentice
- Posts: 32
- Joined: Sat Apr 01, 2006 3:57 am
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
just re-instal the Joomlaboard aftert many problems..now is working ok but..........the pretty icons/images from it..has disapear!
I instal the orange template and still nothing shows...tale a look.
I instal the orange template and still nothing shows...tale a look.
You do not have the required permissions to view the files attached to this post.
- zuze
- Joomla! Explorer
- Posts: 290
- Joined: Sat Feb 11, 2006 9:43 pm
- Location: Birmingham, USA
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
Where can I get to download the upgrade, please point me the right direction.vokaldesign wrote: I've installed joomlaboard and was surprised how easy it all went - all of my forums and settings from simpleboard were integrated right away! :-*
Now I've removed the simpleboard component + modules and tjecked via ftp that every thing has gone...
Thank you!
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
- ot2sen
- Joomla! Master
- Posts: 10381
- Joined: Thu Aug 18, 2005 9:58 am
- Location: Hillerød - Denmark
- Contact:
Re: WARNING: Vulnerability in SIMPLEBOARD
Have a look at the forge project for joomlaboard:zuze wrote: Where can I get to download the upgrade, please point me the right direction.
Thank you!
http://forge.joomla.org/sf/frs/do/viewS ... eboard/frs
Ole Bang Ottosen
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org
- zuze
- Joomla! Explorer
- Posts: 290
- Joined: Sat Feb 11, 2006 9:43 pm
- Location: Birmingham, USA
- Contact:
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
I just want to clarify this, since there are different mentions of it: to replace Simpleboard I need to FTP the unzipped com_Joomlaboard 1.2 in components directory, correct?
Or should I use uninstall/instal from the back end admin?
Or should I use uninstall/instal from the back end admin?
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
- globule
- Joomla! Guru
- Posts: 551
- Joined: Tue Aug 30, 2005 9:11 pm
- Location: Aix-En-Provence, France
- Contact:
Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?
Uninstall old version and install the new the upgrade the table from the JoomlaBoard backend...
Uninstall old version and install the new the upgrade the table from the JoomlaBoard backend...
- zuze
- Joomla! Explorer
- Posts: 290
- Joined: Sat Feb 11, 2006 9:43 pm
- Location: Birmingham, USA
- Contact:
Re: Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
I did...3 x...it forwards to a blank page here http://jigsnet.net/suspended.page/globule wrote: Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
- globule
- Joomla! Guru
- Posts: 551
- Joined: Tue Aug 30, 2005 9:11 pm
- Location: Aix-En-Provence, France
- Contact:
Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Is Jigsnet your hoster?
- zuze
- Joomla! Explorer
- Posts: 290
- Joined: Sat Feb 11, 2006 9:43 pm
- Location: Birmingham, USA
- Contact:
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
no. we have our own server.
Does that site opens up for you? I went to it through the JoomlaBoard as well as SimpleBoard control panel. seems that their account has been suspended.
I uploaded Joomla Board, but I still get the same issue as with Simple Board. Can not add a post. When I click on "Post New Topic"
page opens, showing only the following links:
Forum Name
Home | My profile | help | rools
footer
Nothing else.
Does that site opens up for you? I went to it through the JoomlaBoard as well as SimpleBoard control panel. seems that their account has been suspended.
I uploaded Joomla Board, but I still get the same issue as with Simple Board. Can not add a post. When I click on "Post New Topic"
page opens, showing only the following links:
Forum Name
Home | My profile | help | rools
footer
Nothing else.
Last edited by zuze on Tue Aug 08, 2006 8:43 pm, edited 1 time in total.
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org
- globule
- Joomla! Guru
- Posts: 551
- Joined: Tue Aug 30, 2005 9:11 pm
- Location: Aix-En-Provence, France
- Contact:
Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
If you want to go to the website of JoomlaBoard editor ( http://www.tsmf.net ) you will see the same screen.
Is there any moderator to tell us what's happening with TSMF and its Joomlaboard?
Coming back to your problem, I hope you have a backup because ...
Is there any moderator to tell us what's happening with TSMF and its Joomlaboard?
Coming back to your problem, I hope you have a backup because ...
-
- Joomla! Enthusiast
- Posts: 213
- Joined: Thu Aug 18, 2005 7:34 pm
- Location: Belgium
- Contact:
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
it's up again, see http://forum.joomla.org/index.php/topic ... #msg431073
See joomlaboard in action: http://www.tsmf.net/component/option,co ... /Itemid,32
More information: http://www.tsmf.net/content/view/24/38/
More information: http://www.tsmf.net/content/view/24/38/
-
- Joomla! Fledgling
- Posts: 3
- Joined: Thu Aug 17, 2006 12:16 pm
Re: WARNING: Vulnerability in SIMPLEBOARD
This code should be in all files installed by com_simpleboard and com_extcalender. Basically, everything in /path/to/Joomla/components/com_extcalender, /path/to/Joomla/administrator/components/com_extcalender, /path/to/Joomla/components/com_simpleboard, and /path/to/Joomla/administrator/components/com_simpleboard
Code: Select all
// no direct access
defined( '_VALID_MOS' ) or die( 'Restricted access' );
Refer to this link for more information about extCalender: http://forum.joomla.org/index.php/topic,75390.0.html
Just checking to see if I get this right: every single file in those folders +subfolders have to be opened and edited..? (really hoping that I'm wrong on this..!)
I am using Mambo 454 with Simpleboard 1.1.0 stable and this proceedure does not work. It just crashes SB. Besides, almost all the files already have this:
// MOS Intruder Alerts
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
Any other suggestions?
- Tonie
- Joomla! Master
- Posts: 16553
- Joined: Thu Aug 18, 2005 7:13 am
Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD
Isn't Mamboboard a better option for you? That is supposed to be (I never used it) the Mambo offshoot of Simpleboard. Simpleboard development has been stopped, so sooner or later you will run into troubles.