The Joomla! Forum ™

It has come to our attention that the mosMedia Component can, under certain circumstances, allow a hacker to gain access to your website.

This email is being sent to all mosMedia Customers who purchased through http://www.phil-taylor.com and relates to several possible security holes in mosMedia component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.

We have attempted to contact the original author of the component yesterday but we have to now received no contact back from him. Phil-Taylor.com only sell this component from their site on behalf of the original developer, we are not responsible for thedevelopment, quality of the code or the support of the product.

We suspended sales of mosMedia while we tried to contact the author - we have still had no luck contacting him

As an added valuable service to those mosMedia customers who purchased through our website (http://www.phil-taylor.com) we are happy to release a non-official mosMedia 1.0.8 security patch to mosMedia 1.0.8 that resolves the know security issues. The patch download has been made public so other mosMedia customers who have purchased from the original author can also benefit.

If you have mosMedia 1.0.8 installed you should download our mosMedia 1.0.8 security patch and FTP the files into place, the mosMedia 1.0.8 security patch file contains nested directories so you can work out where the files need to go. There is no version number change as we are not the developers of mosMedia we cannot change the version number - but mosMedia 1.0.8 security patch should prevent you getting hacked through mosMedia files.

Please read about other components that may be hackable at our website’s Blog/Latest News http://blog.phil-taylor.com/

If you wish to attempt to contact the original author please try his website at: http://www.ag-solutions.net/

Phil Taylor - Looking out for you and your site!

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/

Once again, thanks Phil for the time and effort you put in, to assist the OS community.

_________________
Joomla! - enjoying every minute of the journey!

hmmm, slight problem, i still have mosmedia release 1.05 and havent managed to contact brian for the latest updates, it seems my username or password has been changed (or account deleted) since i last visited about 5-6 -odd months ago.
have had absolutely no reply in any form from him despite many many mails.

this security patch you speak of, can i use this for the 1.05 release?

if not im talking to paypal to try to get my dosh back, its a shame because its quite a neat little component. Cant anyone else just take the code and continue it? its obvious that brian isnt interested any more, either that or he`s either in hospital or jail that is..


steve0

_________________
http://www.media-hunter.com - a complete waste of time

The patch I created is for mosmedia 1.0.8 but should work on older versions, possibly, but never tried.  It overwrites whole files so may infact be more of a pain.

_________________
Phil Taylor - Full Time Joomla/PHP Expert
Blue Flame IT Ltd.
-- http://myjoomla.com/ Joomla Security/Hack fix Auditing Service
-- http://www.phil-taylor.com/

Thanks again Phil

_________________
.: http://www.Web-Design.gr :. .: http://www.Travel365.gr :.

just tried the patch, it doesnt work if you have the 1.05 release, no video is shown.

CAN SOMEONE PLEASE SEND ME AN UPDATED VERSION - PATCH TO GET ME TO 1.08
I have 400+ media on my site and i need this security patch asap.

thanx

steve0

_________________
http://www.media-hunter.com - a complete waste of time

I have a very quick question, I've heard that mosmedia overwrite some core files, so by clicking uninstall in Joomla admin interface, do I completely remove MosMedia? Is there anything that I have to do manually to remove it?

Thank you,

It seems that Mosmedia is totaly abandoned. The site http://www.ag-solutions.net is down for a few months now.

i have since stopped using mosmedia as i noticed this vulenerability and removed it, i am working on a replacement now.

_________________
smile