The Joomla! Forum ™





Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Jul 19, 2006 12:17 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 21, 2005 10:38 pm
Posts: 6
Yesterday, my Joomla 1.0.10 site was hacked. The hacker got through using a post method abusing extcalender 0.9.1. That post method accessed some .dat file.

As far as I can tell, the hacker put up an index.html file with an ugly picture and text bragging about the hack and some music. The image and music was hosted somewhere else.

Also another file, was placed on the server, r57.php, which was infected with a virus, PHP.RSTBackdoor.

I did not notice that any other files were affected, so I removed the links to extcalendar and renamed the extcalendar folders to something not easily guessed. I did not notice any weird sql entries. I deleted the 2 files the hacker put on the server.

Is there anything else I need to do or should be worried about?


Top
 Profile  
 
PostPosted: Thu Jul 20, 2006 3:54 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 21, 2005 10:38 pm
Posts: 6
Is there anything else I need to look out for or be worried about? Or did I take care of removing the problems already?


Top
 Profile  
 
PostPosted: Thu Jul 20, 2006 4:23 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Thu Aug 18, 2005 5:53 pm
Posts: 1958
Location: Washington D.C. & Baltimore, MD Metro
You may want to check out the recently updated extended calendar security fix that our devs have worked so hard on (but didn't have to)  ;)

http://forum.joomla.org/index.php/topic,75390.120.html

_________________
Thanks,
Roger Raymond
TECHNO PUZZLE :: http://technopuzzle.com :: Putting the technology pieces together for you
Unsolicited support requests via PM/email will be considered as your implicit solicitation of my services and you will be charged accordingly.


Top
 Profile  
 
PostPosted: Tue Jul 25, 2006 7:56 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Tue Jun 06, 2006 7:41 am
Posts: 828
Location: California, Germany, Norway
I think you should also change all passwords in case they were able to extract them from files or from dumps of the database. The virus they installed makes this possible.

_________________
Home: http://www.ronliskey.com
Business http://www.communitygrove.com


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 



Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group