The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 13 posts ] 
Author Message
PostPosted: Sat Jun 11, 2011 4:10 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Apr 19, 2011 6:09 am
Posts: 4
I often observe the <url of hackers listing>. There, a hacker named <someone> always attack the Joomla Beez template. Are developers already anticipating joomla joomla Beez security hole?
:'(


Last edited by mandville on Sun Jun 12, 2011 12:00 am, edited 1 time in total.
removed hacker kudos, broke site link


Top
 Profile  
 
PostPosted: Sat Jun 11, 2011 9:06 pm 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
it just happens that these sort of people know that this template is present by default, so it is a 'known' starting point to search for permissions or extension vulnerabilities, nothing more than that.

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 3:08 am 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 2:42 pm
Posts: 78
RussW wrote:
it just happens that these sort of people know that this template is present by default, so it is a 'known' starting point to search for permissions or extension vulnerabilities, nothing more than that.

even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 8:35 am 
Joomla! Master
Joomla! Master

Joined: Mon Oct 27, 2008 9:27 pm
Posts: 17192
Location: Akershus, Norway
The template can always be viewed by adding "&template=Beez" to the url


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 9:18 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12392
Location: The Girly Side of Joomla in Sussex
ghandil wrote:
even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?

they use it to "fingerprint" a joomla site
if you dont use a template, delete it

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 7:42 pm 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 2:42 pm
Posts: 78
mandville wrote:
ghandil wrote:
even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?

they use it to "fingerprint" a joomla site
if you dont use a template, delete it

what do you mean they "fingerprint" a joomla site exactly? it means they may understand that site has been built by joomla? If so there are many easier way to know this. aren't there?
Also most of the hack files on my site located on templates/bezz folder and sub folders. the topic is here and you reply to it too, mandville: Joomla Version 1.5.15 site was hacked; source recognition


Top
 Profile  
 
PostPosted: Sun Jun 12, 2011 8:29 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12392
Location: The Girly Side of Joomla in Sussex
ghandil wrote:
.

your issue is unrelated to this topic.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Jun 13, 2011 10:24 pm 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 2:42 pm
Posts: 78
mandville wrote:
your issue is unrelated to this topic.

Thanks you mandville.
But would you mind explain "fingerprint" a joomla site please? I think it's related to this topic.
ghandil wrote:
what do you mean they "fingerprint" a joomla site exactly? it means they may understand that site has been built by joomla? If so there are many easier way to know this. aren't there?


Also I thought my site maybe was hacked by fingerprint joomla site first and then other actions. that's why I mentioned its topic here. excuse me.

Thanks in advance


Top
 Profile  
 
PostPosted: Mon Jun 13, 2011 10:48 pm 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
Most commonly, the template folder needs to be writable to install templates and update them. On poorly configured servers and sites, this might mean the user has set the permissions to 777, which is extremely dangerous and exposes you to compromise quite readily. So targeting the templates folder, with a known default template, is quite a handy way of determining what's installed, at what version and to some degree , maybe even how to access. OK?

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
PostPosted: Mon Jun 13, 2011 10:56 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10475
Location: Leeds, UK
fingerprint - a tell tale sign identifying the site as running joomla. Joomla like ALL cms has many fingerprints

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Mon Jun 13, 2011 11:03 pm 
Joomla! Intern
Joomla! Intern

Joined: Fri Oct 23, 2009 2:42 pm
Posts: 78
Thanks dear RussW and dear brian
RussW wrote:
with a known default template, is quite a handy way of determining what's installed

Thanks You a lot.
what kind of stuff they could be determine with this method? just joomla or even its extension? how?

P.s: Excuse me for many questions but I really want to learn something :-[


Top
 Profile  
 
PostPosted: Mon Jun 13, 2011 11:10 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Fri Aug 12, 2005 7:19 am
Posts: 10475
Location: Leeds, UK
If you know what you are doing then you can determine the exact version of joomla that is installed and possibly the extensions that are installed and their versions.

_________________
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Top
 Profile  
 
PostPosted: Tue Jun 14, 2011 1:22 am 
User avatar
Joomla! Exemplar
Joomla! Exemplar

Joined: Sun Oct 22, 2006 4:42 am
Posts: 9352
Location: Sunshine Coast, Queensland, Australia
unfortunately, we don't openly discuss exploit types or details, so you will need to do some research yourself for this type of information. But think a little broader. If for the stated reasons, of miss-configuration of permissions because a poorly configured server requires the use of 777 for a folder to be writable to the user, then access is granted to many other people as well as the owner, hence there is a vulnerability caused, potentially allowing for the upload of a malicious script, gaining access to the complete hosting account, if not (considering the server is already determined to be poorly configured) other peoples accounts on the same machine, MySQL and worse, the server itself.

_________________
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
Network SMARTS, Systems Engineering http://www.networksmarts.com.au/


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 



Who is online

Users browsing this forum: No registered users and 16 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group