[FIX AVAIL.] Very Important mosMedia Security risks
Moderator: General Support Moderators
Forum rules
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1403
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
[FIX AVAIL.] Very Important mosMedia Security risks
It has come to our attention that the mosMedia Component can, under certain circumstances, allow a hacker to gain access to your website.
This email is being sent to all mosMedia Customers who purchased through http://www.phil-taylor.com and relates to several possible security holes in mosMedia component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.
We have attempted to contact the original author of the component yesterday but we have to now received no contact back from him. Phil-Taylor.com only sell this component from their site on behalf of the original developer, we are not responsible for thedevelopment, quality of the code or the support of the product.
We suspended sales of mosMedia while we tried to contact the author - we have still had no luck contacting him
As an added valuable service to those mosMedia customers who purchased through our website (http://www.phil-taylor.com) we are happy to release a non-official mosMedia 1.0.8 security patch to mosMedia 1.0.8 that resolves the know security issues. The patch download has been made public so other mosMedia customers who have purchased from the original author can also benefit.
If you have mosMedia 1.0.8 installed you should download our mosMedia 1.0.8 security patch and FTP the files into place, the mosMedia 1.0.8 security patch file contains nested directories so you can work out where the files need to go. There is no version number change as we are not the developers of mosMedia we cannot change the version number - but mosMedia 1.0.8 security patch should prevent you getting hacked through mosMedia files.
Please read about other components that may be hackable at our website’s Blog/Latest News http://blog.phil-taylor.com/
If you wish to attempt to contact the original author please try his website at: http://www.ag-solutions.net/
Phil Taylor - Looking out for you and your site!
This email is being sent to all mosMedia Customers who purchased through http://www.phil-taylor.com and relates to several possible security holes in mosMedia component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.
We have attempted to contact the original author of the component yesterday but we have to now received no contact back from him. Phil-Taylor.com only sell this component from their site on behalf of the original developer, we are not responsible for thedevelopment, quality of the code or the support of the product.
We suspended sales of mosMedia while we tried to contact the author - we have still had no luck contacting him
As an added valuable service to those mosMedia customers who purchased through our website (http://www.phil-taylor.com) we are happy to release a non-official mosMedia 1.0.8 security patch to mosMedia 1.0.8 that resolves the know security issues. The patch download has been made public so other mosMedia customers who have purchased from the original author can also benefit.
If you have mosMedia 1.0.8 installed you should download our mosMedia 1.0.8 security patch and FTP the files into place, the mosMedia 1.0.8 security patch file contains nested directories so you can work out where the files need to go. There is no version number change as we are not the developers of mosMedia we cannot change the version number - but mosMedia 1.0.8 security patch should prevent you getting hacked through mosMedia files.
Please read about other components that may be hackable at our website’s Blog/Latest News http://blog.phil-taylor.com/
If you wish to attempt to contact the original author please try his website at: http://www.ag-solutions.net/
Phil Taylor - Looking out for you and your site!
Last edited by RobS on Sun Jul 23, 2006 8:07 pm, edited 1 time in total.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- Chinaman
- Joomla! Guru
- Posts: 575
- Joined: Sun Aug 21, 2005 8:46 am
- Location: Perth, Western Australia
- Contact:
Re: [Fix Avail] Very Important mosMedia Security risks
Once again, thanks Phil for the time and effort you put in, to assist the OS community.
Joomla! - enjoying every minute of the journey!
-
- I've been banned!
- Posts: 102
- Joined: Thu Oct 06, 2005 12:59 pm
Re: [Fix Avail] Very Important mosMedia Security risks
hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.
this security patch you speak of, can i use this for the 1.05 release?
if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..
steve0
have had absolutely no reply in any form from him despite many many mails.
this security patch you speak of, can i use this for the 1.05 release?
if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..
steve0
http://www.media-hunter.com - a complete waste of time
- PhilTaylor-Prazgod
- Joomla! Ace
- Posts: 1403
- Joined: Sat Aug 20, 2005 12:32 pm
- Location: Jersey, Channel Islands
- Contact:
Re: [FIX AVAIL.] Very Important mosMedia Security risks
The patch I created is for mosmedia 1.0.8 but should work on older versions, possibly, but never tried. It overwrites whole files so may infact be more of a pain.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
- gewre
- Joomla! Apprentice
- Posts: 14
- Joined: Sat Feb 11, 2006 8:13 am
- Contact:
Re: [FIX AVAIL.] Very Important mosMedia Security risks
Thanks again Phil
.: http://www.Web-Design.gr :. .: http://www.Travel365.gr :.
-
- I've been banned!
- Posts: 102
- Joined: Thu Oct 06, 2005 12:59 pm
Re: [Fix Avail] Very Important mosMedia Security risks
just tried the patch, it doesnt work if you have the 1.05 release, no video is shown.steve0 wrote: hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.
this security patch you speak of, can i use this for the 1.05 release?
if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..
steve0
CAN SOMEONE PLEASE SEND ME AN UPDATED VERSION - PATCH TO GET ME TO 1.08
I have 400+ media on my site and i need this security patch asap.
thanx
steve0
http://www.media-hunter.com - a complete waste of time
-
- Joomla! Apprentice
- Posts: 16
- Joined: Sun Jan 14, 2007 5:05 pm
Re: [FIX AVAIL.] Very Important mosMedia Security risks
I have a very quick question, I've heard that mosmedia overwrite some core files, so by clicking uninstall in Joomla admin interface, do I completely remove MosMedia? Is there anything that I have to do manually to remove it?
Thank you,
Thank you,
- Last BoyScout
- Joomla! Intern
- Posts: 51
- Joined: Thu Aug 18, 2005 10:19 pm
- Location: Netherlands
- Contact:
Re: [FIX AVAIL.] Very Important mosMedia Security risks
It seems that Mosmedia is totaly abandoned. The site http://www.ag-solutions.net is down for a few months now.
-
- I've been banned!
- Posts: 21
- Joined: Wed Dec 19, 2007 10:36 pm
Re: [FIX AVAIL.] Very Important mosMedia Security risks
i have since stopped using mosmedia as i noticed this vulenerability and removed it, i am working on a replacement now.
smile