The Joomla! Forum ™





Post new topic Reply to topic  [ 9 posts ] 
Author Message
PostPosted: Thu Jul 20, 2006 9:55 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1114
Location: Weymouth, UK
It has come to our attention that the mosMedia Component can, under certain circumstances, allow a hacker to gain access to your website.

This email is being sent to all mosMedia Customers who purchased through http://www.phil-taylor.com and relates to several possible security holes in mosMedia component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.

We have attempted to contact the original author of the component yesterday but we have to now received no contact back from him. Phil-Taylor.com only sell this component from their site on behalf of the original developer, we are not responsible for thedevelopment, quality of the code or the support of the product.

We suspended sales of mosMedia while we tried to contact the author - we have still had no luck contacting him

As an added valuable service to those mosMedia customers who purchased through our website (http://www.phil-taylor.com) we are happy to release a non-official mosMedia 1.0.8 security patch to mosMedia 1.0.8 that resolves the know security issues. The patch download has been made public so other mosMedia customers who have purchased from the original author can also benefit.

If you have mosMedia 1.0.8 installed you should download our mosMedia 1.0.8 security patch and FTP the files into place, the mosMedia 1.0.8 security patch file contains nested directories so you can work out where the files need to go. There is no version number change as we are not the developers of mosMedia we cannot change the version number - but mosMedia 1.0.8 security patch should prevent you getting hacked through mosMedia files.

Please read about other components that may be hackable at our website’s Blog/Latest News http://blog.phil-taylor.com/

If you wish to attempt to contact the original author please try his website at: http://www.ag-solutions.net/

Phil Taylor - Looking out for you and your site!

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/


Last edited by RobS on Sun Jul 23, 2006 8:07 pm, edited 1 time in total.

Top
 Profile  
 
PostPosted: Fri Jul 21, 2006 4:10 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Sun Aug 21, 2005 8:46 am
Posts: 575
Location: Perth, Western Australia
Once again, thanks Phil for the time and effort you put in, to assist the OS community.

_________________
Joomla! - enjoying every minute of the journey!


Top
 Profile  
 
PostPosted: Sun Jul 23, 2006 4:44 pm 
I've been banned!

Joined: Thu Oct 06, 2005 12:59 pm
Posts: 102
hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.

this security patch you speak of, can i use this for the 1.05 release?

if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..


steve0

_________________
http://www.media-hunter.com - a complete waste of time


Top
 Profile  
 
PostPosted: Mon Jul 24, 2006 8:30 am 
User avatar
Joomla! Ace
Joomla! Ace

Joined: Sat Aug 20, 2005 12:32 pm
Posts: 1114
Location: Weymouth, UK
The patch I created is for mosmedia 1.0.8 but should work on older versions, possibly, but never tried.  It overwrites whole files so may infact be more of a pain.

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/


Top
 Profile  
 
PostPosted: Mon Jul 24, 2006 8:40 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Feb 11, 2006 8:13 am
Posts: 14
Thanks again Phil

_________________
.: http://www.Web-Design.gr :. .: http://www.Travel365.gr :.


Top
 Profile  
 
PostPosted: Tue Aug 08, 2006 10:00 am 
I've been banned!

Joined: Thu Oct 06, 2005 12:59 pm
Posts: 102
steve0 wrote:
hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.

this security patch you speak of, can i use this for the 1.05 release?

if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..


steve0


just tried the patch, it doesnt work if you have the 1.05 release, no video is shown.

CAN SOMEONE PLEASE SEND ME AN UPDATED VERSION - PATCH TO GET ME TO 1.08
I have 400+ media on my site and i need this security patch asap.

thanx

steve0

_________________
http://www.media-hunter.com - a complete waste of time


Top
 Profile  
 
PostPosted: Sun Jan 21, 2007 12:11 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Jan 14, 2007 5:05 pm
Posts: 16
I have a very quick question, I've heard that mosmedia overwrite some core files, so by clicking uninstall in Joomla admin interface, do I completely remove MosMedia? Is there anything that I have to do manually to remove it?

Thank you,


Top
 Profile  
 
PostPosted: Tue Sep 18, 2007 11:36 pm 
User avatar
Joomla! Intern
Joomla! Intern

Joined: Thu Aug 18, 2005 10:19 pm
Posts: 51
Location: Netherlands
It seems that Mosmedia is totaly abandoned. The site http://www.ag-solutions.net is down for a few months now.


Top
 Profile  
 
PostPosted: Thu Dec 20, 2007 8:07 am 
I've been banned!

Joined: Wed Dec 19, 2007 10:36 pm
Posts: 21
i have since stopped using mosmedia as i noticed this vulenerability and removed it, i am working on a replacement now.

_________________
smile


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 



Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group