1.0.10 site hacked via extcalender

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

brokengecko
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Aug 21, 2005 10:38 pm

1.0.10 site hacked via extcalender

Postby brokengecko » Wed Jul 19, 2006 12:17 pm

Yesterday, my Joomla 1.0.10 site was hacked. The hacker got through using a post method abusing extcalender 0.9.1. That post method accessed some .dat file.

As far as I can tell, the hacker put up an index.html file with an ugly picture and text bragging about the hack and some music. The image and music was hosted somewhere else.

Also another file, was placed on the server, r57.php, which was infected with a virus, PHP.RSTBackdoor.

I did not notice that any other files were affected, so I removed the links to extcalendar and renamed the extcalendar folders to something not easily guessed. I did not notice any weird sql entries. I deleted the 2 files the hacker put on the server.

Is there anything else I need to do or should be worried about?

brokengecko
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Aug 21, 2005 10:38 pm

Re: 1.0.10 site hacked via extcalender

Postby brokengecko » Thu Jul 20, 2006 3:54 am

Is there anything else I need to look out for or be worried about? Or did I take care of removing the problems already?

User avatar
technopuzzle
Joomla! Ace
Joomla! Ace
Posts: 1959
Joined: Thu Aug 18, 2005 5:53 pm
Location: Washington D.C. & Baltimore, MD Metro
Contact:

Re: 1.0.10 site hacked via extcalender

Postby technopuzzle » Thu Jul 20, 2006 4:23 am

You may want to check out the recently updated extended calendar security fix that our devs have worked so hard on (but didn't have to)  ;)

http://forum.joomla.org/index.php/topic,75390.120.html
Thanks,
Roger Raymond
Techno Puzzle

User avatar
rliskey
Joomla! Guru
Joomla! Guru
Posts: 828
Joined: Tue Jun 06, 2006 7:41 am
Location: California, Germany, Norway
Contact:

Re: 1.0.10 site hacked via extcalender

Postby rliskey » Tue Jul 25, 2006 7:56 am

I think you should also change all passwords in case they were able to extract them from files or from dumps of the database. The virus they installed makes this possible.


Return to “3rd Party/Non Joomla! Security Issues”

Who is online

Users browsing this forum: No registered users and 1 guest