[UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by brian » Thu Jul 13, 2006 10:02 pm

Google is your friend

"Secunia
Provides security advisories and information about patches.
secunia.com/"


Honestly how hard is it to search
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

User avatar
muni
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Sep 02, 2005 7:45 am
Location: Luxembourg

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by muni » Fri Jul 14, 2006 9:51 am

Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:

modules/haluk.php
modules/web.php

I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??

So watch out.

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by RobS » Fri Jul 14, 2006 9:57 am

I would suggest talking to your service provider and ask them to check it out just to make sure nothing else funny has been added.  It is much easier to do those things from a shell prompt than from a ftp session.  Also, try getting them to turn of Register Globals for PHP while you have their attention as this tends to facilitate a lot of bugs making their effects once exploited much more damaging. 

Changing your passwords might be a good idea too.

I don't suppose you kept a copy of those files for investigatory purposes?  I would be interested in taking a look at them.  I will add them to my collection.  :laugh:  If you still have them you can PM them to me or email them to me, my email address is in my profile. 
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

Peter Koch
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Thu Aug 18, 2005 8:54 pm

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by Peter Koch » Fri Jul 14, 2006 10:02 am

muni wrote: Two of my sites had been hacked. Config.php had been replaced by a political message from the kurds/turks I think.
Thought that was all. But the next day I ralized two backdoor software had been installed in the modules folder of one site:

modules/haluk.php
modules/web.php

I deleted both. Is that enough? Now I don't know what I should do next. Replace all pwd's. Alert my service provider???? Chekc all folders??

So watch out.
Besides the modified configuration.php we had these hacker tools and files after the simpleboard defacing:
  • cache/index.htm: Hacker message
  • media/index.htm: Hacker message
  • modules/mod_access.php: A backdoor program
  • modules/www.bankofamerica.com.zip: fraud software archive
  • modules/www.bankofamerica.com: fraud software installation
  • templates/3.php: Read out system information
There were some more files I dont remember right now.

Thats why I have blocked all IP's of the provider who is hosting these people.
Last edited by Anonymous on Fri Jul 14, 2006 11:54 am, edited 1 time in total.

User avatar
muni
Joomla! Apprentice
Joomla! Apprentice
Posts: 14
Joined: Fri Sep 02, 2005 7:45 am
Location: Luxembourg

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by muni » Fri Jul 14, 2006 10:41 am

Found other backdoor software that had been inserted through ext_calendar.(r57shell 1.31 and c99shell v1.0 pre-release build #16)
No, I have no backup copy.
I informed my service provider.

pdstein
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Sat Jun 24, 2006 12:18 am

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by pdstein » Fri Jul 14, 2006 2:57 pm

Elpie wrote: Anybody that changed from simpleboard to Joomlaboard needs to make sure they have removed all simpleboard files from the site.
Simpleboard can be exploited even if it is unpublished and not showing on the site.
I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?

Deighardt1
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Thu Jul 13, 2006 7:39 pm

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by Deighardt1 » Fri Jul 14, 2006 4:01 pm

If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?

Or would it be wise just to start all over again?

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by infograf768 » Fri Jul 14, 2006 4:13 pm

Deighardt1 wrote: If I were to upgrade from simpleboard to joomlaboard how would I keep from losing all my current posts?

Or would it be wise just to start all over again?
1. back-up your database (always do that anyway when you touch up your site).
2. do not uninstall simpleboard through Joomla back-end uninstaller, but by using ftp or CPanel and deleting the simpleboard folders (I do not know if uninstalling simpleboard through joomla may or may not delete your data, so this is a secure way not to, applicable to other extensions like ext_calendar)
3. Install joomlaboard and when asked to upgrade the database, just say OK.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by Elpie » Sat Jul 15, 2006 3:21 am

pdstein wrote: I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?
Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

pdstein
Joomla! Apprentice
Joomla! Apprentice
Posts: 18
Joined: Sat Jun 24, 2006 12:18 am

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by pdstein » Mon Jul 17, 2006 1:51 pm

Elpie wrote:
pdstein wrote: I upgraded from Simpleboard to Joomlaboard 1.1.2 a while ago.  Do I just need to remove /components/com_simpleboard and /administrator/components/com_simpleboard to eliminate the security issue?
Yes, ALL old unused simpleboard files must be removed. Having them sitting on your server is a security risk.
Thanks for your reply.  What I'm asking, though is whether removing those two directories and their contents will eliminate this security risk or are there other things that need to be done?

Edenapple
Joomla! Intern
Joomla! Intern
Posts: 79
Joined: Sun Oct 02, 2005 8:05 am

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by Edenapple » Tue Jul 18, 2006 5:01 am

Can someone just clarify for me - In regard to Simpleboard/Joomlaboard - Is this JUST A Simpleboard exploit or also Joomlaboard?

As normal, the information on TSMF is very vague and unhelpful.

Thanks,

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by RobS » Tue Jul 18, 2006 5:43 am

At first we thought it was just SimpleBoard but it turns out that older versions of Joomlaboard were vulnerable <=1.1.1.  JoomlaBoard 1.1.2 should be safe.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

MX-Skane
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Tue Jul 18, 2006 11:04 pm

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by MX-Skane » Tue Jul 18, 2006 11:08 pm

Hi!
I am reading all this scary stuff. My site was hacked the 17 july. The indexfile was changed for some turkey page...
I did get it to work again but now when i am writing something in the forum it says "Youre file did not upload. Please try again".
I do believa that there is a file somewhere, but where sould i look?
My site is "www.mx-skane.net"

Regards...
Peter

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by infograf768 » Wed Jul 19, 2006 5:50 am

You are using simpleboard 1.1.0 version.

Move to Joomlaboard 1.1.2.
Backup your db.
Delete all simpleboard related files by ftp.
Install Joomlaboard.
Update db if asked to.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

MX-Skane
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Tue Jul 18, 2006 11:04 pm

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by MX-Skane » Wed Jul 19, 2006 8:41 am

I can do this even that i am using Mambo and not Joomla? Maybe a stupid question but i want to be shure..

Thanx in advance!!!!!  :)

MX-Skane
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Tue Jul 18, 2006 11:04 pm

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by MX-Skane » Wed Jul 19, 2006 12:40 pm

2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be?? ??? ???

MX-Skane
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Tue Jul 18, 2006 11:04 pm

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by MX-Skane » Wed Jul 19, 2006 12:43 pm

MX-Skane wrote: 2 questions...
1. Is there any languagefiles for Joomla?
2. It is still asking for a file when i press "Post". Where can that be?? ??? ???
Btw...
It ask the same question 2 times... first it ask for a img-file and second for a file it does that 2 times...

MX-Skane
Joomla! Intern
Joomla! Intern
Posts: 95
Joined: Tue Jul 18, 2006 11:04 pm

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by MX-Skane » Wed Jul 19, 2006 10:46 pm

Sorry to "spam".

But, after my hacked site i did install, joomlaboard. That was no problem at all. But, as i wrote there comes this alert that the file did not load.
I do have "Little Snitch" installed and that application checks the connections.

Now when i log in on my profile i do get this mess from Little Snitch http://mx-skane.net/img_from_site/img.gif
I have no idea what this is but my guess is that the file that the forum asks for is on tis site.

Please help me. Should i look in the scriptings for this or what???
Maybe its placed in the CB-files.

When i copy the html-code an paste it in a Dremweaver doc the same mess from Little snitch shows up.

brasil.se
Joomla! Apprentice
Joomla! Apprentice
Posts: 32
Joined: Sat Apr 01, 2006 3:57 am

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by brasil.se » Thu Jul 20, 2006 9:32 pm

??? ??? ??? ???  just re-instal the Joomlaboard aftert many problems..now is working ok but..........the pretty icons/images from it..has disapear!
I instal the orange template and still nothing shows...tale a look.
You do not have the required permissions to view the files attached to this post.

User avatar
zuze
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Sat Feb 11, 2006 9:43 pm
Location: Birmingham, USA
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by zuze » Tue Aug 08, 2006 3:46 pm

vokaldesign wrote: I've installed joomlaboard and was surprised how easy it all went - all of my forums and settings from simpleboard were integrated right away!  :-*
Now I've removed the simpleboard component + modules and tjecked via ftp that every thing has gone...
Where can I get to download the upgrade, please point me the right direction.

Thank you!
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org

User avatar
ot2sen
Joomla! Master
Joomla! Master
Posts: 10381
Joined: Thu Aug 18, 2005 9:58 am
Location: Hillerød - Denmark
Contact:

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by ot2sen » Tue Aug 08, 2006 3:52 pm

zuze wrote: Where can I get to download the upgrade, please point me the right direction.

Thank you!
Have a look at the forge project for joomlaboard:
http://forge.joomla.org/sf/frs/do/viewS ... eboard/frs
Ole Bang Ottosen
Dansk frivillig Joomla! support websted - joomla.dk
OpenTranslators Core Team opentranslators.org

User avatar
zuze
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Sat Feb 11, 2006 9:43 pm
Location: Birmingham, USA
Contact:

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by zuze » Tue Aug 08, 2006 6:57 pm

I just want to clarify this, since there are different mentions of it: to replace Simpleboard I need to FTP the unzipped com_Joomlaboard 1.2 in components directory, correct?

Or should I use uninstall/instal from the back end admin?
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org

User avatar
globule
Joomla! Guru
Joomla! Guru
Posts: 551
Joined: Tue Aug 30, 2005 9:11 pm
Location: Aix-En-Provence, France
Contact:

Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by globule » Tue Aug 08, 2006 7:35 pm

Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?
Uninstall old version and install the new the upgrade the table from the JoomlaBoard backend...
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)

User avatar
zuze
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Sat Feb 11, 2006 9:43 pm
Location: Birmingham, USA
Contact:

Re: Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by zuze » Tue Aug 08, 2006 7:52 pm

globule wrote: Why on earth don't you search the forum or vivt the editor's site : tsmf.net ?
I did...3 x...it forwards to a blank page here http://jigsnet.net/suspended.page/
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org

User avatar
globule
Joomla! Guru
Joomla! Guru
Posts: 551
Joined: Tue Aug 30, 2005 9:11 pm
Location: Aix-En-Provence, France
Contact:

Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by globule » Tue Aug 08, 2006 8:03 pm

Is Jigsnet your hoster?
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)

User avatar
zuze
Joomla! Explorer
Joomla! Explorer
Posts: 290
Joined: Sat Feb 11, 2006 9:43 pm
Location: Birmingham, USA
Contact:

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by zuze » Tue Aug 08, 2006 8:20 pm

no. we have our own server.

Does that site opens up for you? I went to it through the JoomlaBoard as well as SimpleBoard control panel. seems that their account has been suspended.



I uploaded Joomla Board, but I still get the same issue as with Simple Board. Can not add a post. When I click on "Post New Topic"
page opens, showing only the following links:

Forum Name

Home | My profile | help | rools

footer

Nothing else.
Last edited by zuze on Tue Aug 08, 2006 8:43 pm, edited 1 time in total.
The key to your life is how well you deal with plan "B".
Latvian Project http://joomlacode.org/gf/project/joomla_latvian/ | http://www.joomlalv.org

User avatar
globule
Joomla! Guru
Joomla! Guru
Posts: 551
Joined: Tue Aug 30, 2005 9:11 pm
Location: Aix-En-Provence, France
Contact:

Re : [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by globule » Wed Aug 09, 2006 8:41 pm

If you want to go to the website of JoomlaBoard editor ( http://www.tsmf.net ) you will see the same screen.

Is there any moderator to tell us what's happening with TSMF and its Joomlaboard?

Coming back to your problem, I hope you have a backup because ...
May the forge be with you!
http://www.joomlation.eu (intl)
http://www.joomlation.org (fr)

progster
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 213
Joined: Thu Aug 18, 2005 7:34 pm
Location: Belgium
Contact:

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by progster » Wed Aug 09, 2006 11:10 pm


hfhs72
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Aug 17, 2006 12:16 pm

Re: WARNING: Vulnerability in SIMPLEBOARD

Post by hfhs72 » Thu Aug 17, 2006 12:23 pm

This code should be in all files installed by com_simpleboard and com_extcalender.  Basically, everything in /path/to/Joomla/components/com_extcalender,  /path/to/Joomla/administrator/components/com_extcalender, /path/to/Joomla/components/com_simpleboard, and /path/to/Joomla/administrator/components/com_simpleboard

Code: Select all

// no direct access
defined( '_VALID_MOS' ) or die( 'Restricted access' );
Refer to this link for more information about extCalender: http://forum.joomla.org/index.php/topic,75390.0.html

Just checking to see if I get this right: every single file in those folders +subfolders have to be opened and edited..? (really hoping that I'm wrong on this..!)  :'(

I am using Mambo 454 with Simpleboard 1.1.0 stable and this proceedure does not work. It just crashes SB. Besides, almost all the files already have this:

// MOS Intruder Alerts
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

Any other suggestions?

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16553
Joined: Thu Aug 18, 2005 7:13 am

Re: [UPGRADE AVAIL.] Vulnerability in SIMPLEBOARD

Post by Tonie » Thu Aug 17, 2006 1:45 pm

Isn't Mamboboard a better option for you? That is supposed to be (I never used it) the Mambo offshoot of Simpleboard. Simpleboard development has been stopped, so sooner or later you will run into troubles.


Locked

Return to “3rd Party/Non Joomla! Security Issues”