Site hacking

Moderator: imanickam

Locked
User avatar
alamgir99
Joomla! Explorer
Joomla! Explorer
Posts: 324
Joined: Sat Aug 20, 2005 1:44 pm
Location: Melbourne, Australia

Site hacking

Post by alamgir99 » Tue Jul 11, 2006 6:49 am

Vish
I took it seriously and so posting it here for your immediate attention.
My own site has been hacked last night in front of me!
They first changed the admin password and did lot more.

I have weekly backup but I am not an expert in restoration so, still waiting for a friend's hand.

Please take notice.
Also, I sent you one or two PM long time ago, no reply yet.

alamgir

 
User avatar
romit
Joomla! Explorer
Joomla! Explorer
Posts: 413
Joined: Tue Nov 22, 2005 5:39 pm
Location: Calcutta - India
Contact:

Re: Site hacking

Post by romit » Tue Jul 11, 2006 7:02 am

I think you should make a post on the security forums about this.. :-\

Were you running the latest version of Joomla i.e. 1.0.10.. ??
Was your configuration.php writable or unwritable.. ??
Was all your extra extensions/components/modules updated to the latest version ??

Do you have access to the log files of the server.. ??
Then It can be found out how they hacked the site..

On a side note: Most of the Joomla hackings occur due to weaknesses with the server software..
tell your host about this.. see what they have to say.
Last edited by romit on Tue Jul 11, 2006 7:05 am, edited 1 time in total.
Romit Chatterjee
× Joomla! Web Developer - http://www.RomitChat.com
× IndicJoomla! Translation Coordinator - http://www.JoomlaIndia.org/bengali/

User avatar
alamgir99
Joomla! Explorer
Joomla! Explorer
Posts: 324
Joined: Sat Aug 20, 2005 1:44 pm
Location: Melbourne, Australia

Re: Site hacking

Post by alamgir99 » Tue Jul 11, 2006 10:09 am

romit
i read some posts of hacking joomla site on this forum. there are lots of them.
i had joomla 1.0.9.

who has the time to read the logs! they are just IPs.
Joomla team has been swamped with logs of hacked site.

i take it was my fault, i used to use a single password on all accounts, from forum to my own :(

alamgir

User avatar
Vish
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Mon Aug 22, 2005 5:43 pm
Contact:

Re: Site hacking

Post by Vish » Tue Jul 11, 2006 4:00 pm

I always fail to understand hackers phyche, what do they accomplish ?
But anyways, I got this email from phil-taylor last night
Dear Joomla friends,

It is not often I write a personal plea in an email, but if I could give you
guys one bit of advice for today it would be this.

IF YOU ARE RUNNING ANY OF THE FOLLOWING JOOMLA COMPONENTS THEN PLEASE
CONTACT ME ASAP! (Or research using the links at the bottom of this letter)

* Simpleboard
* ExtCalendar
* Any version of Joomla less than version 1.0.10

## IF YOU ARE RUNNING THESE YOUR WHOLE SITE CAN BE HACKED! ##

(NOTE: None of these products are created by Phil Taylor, there are no known
security issues of this type in Phil Taylor components)

Today I have had the enduring task of fixing five hacked websites, all the
hacks were using well (now) know security holes (Which are just plain bad
programming on the part of the developers) in the above two Joomla
Components.  Also running any version of Joomla less that the latest v1.0.10
version can also allow other attack attempts to be made.

If you need assistance in upgrading to Joomla 1.0.10 we would be happy to
help - we do loads of these a week!

Else, if you are running SimpleBoard or ExtCalendar then you should
remove/replace/fix/patch the files to stop hackers gaining access to your
server.

Here are some links to help you research:
You were running 1.0.9, that was one pitfall, but now, make sure you are not running the other two components mentioned....

I upgraded to 1.0.10 in the weekend next to its release....all of my sites...

I did not get any PMs from you  !!! What were they about?
Last edited by Vish on Tue Jul 11, 2006 4:03 pm, edited 1 time in total.
--Vish "Still Learning"

User avatar
alamgir99
Joomla! Explorer
Joomla! Explorer
Posts: 324
Joined: Sat Aug 20, 2005 1:44 pm
Location: Melbourne, Australia

Re: Site hacking

Post by alamgir99 » Wed Jul 12, 2006 1:29 am

Vish
My thinking is different. It does NOT really matter which version you use. They are human products and so likely to have errros which are exploited by others. What you would have said if this has happened before the release of 1.0.10? It's just consolation. "Update to the latest versions" is NOT a good suggestion, that you can follow. How would you update, PHP, MySQL and other server side software? You live on mercy of hosting provider.

I might share this piece of text:
Linux is insecure. Open source is insecure. Windows is insecure. All software is insecure. Deal with it. People keep having this delusion that security is a product. That, if you just buy some magic box, you'll have a program or an operating system that's as secure as Fort Knox. It doesn't work that way. Security is a process, not a product. Some systems are more secure than others. Linux, as anyone who pays any attention to security news knows, is a lot more secure than Windows. If we were talking cars, Linux would be a Volvo S80 and Windows would be a Ford "Hit here to blow up" Pinto. But, any car can be hit, and any car can be hit hard enough to destroy it. It's all about the odds and driving safely.
I read it somewhere in
https://www.hackinthebox.org/

thanks.

alamgir

User avatar
alamgir99
Joomla! Explorer
Joomla! Explorer
Posts: 324
Joined: Sat Aug 20, 2005 1:44 pm
Location: Melbourne, Australia

This time joomlashak

Post by alamgir99 » Tue Jul 18, 2006 2:06 am


rheo99
Joomla! Intern
Joomla! Intern
Posts: 69
Joined: Mon Feb 25, 2008 8:08 am

Re: Site hacking

Post by rheo99 » Sat Apr 19, 2008 12:01 pm

Hi wonder if anyone can help me.

Recently i setup a website and forum for a guy who does designing. I used Simpleboard forum. What happened was... the index.html file was changed to some text saying in BIG and bold letters.. this site has been hacked by **** and ****.

However the index.php files and other files were still intact and nothing was affected.

But cause my link from the website only gave the / and not to the specific file "index.php" It defaulted to index.html so that was seen.

I AM WONDERING, AFTER READING THIS THREAD, IS IT ADVISABLE TO USE SIMPLEBOARDS AT ALL?? Is that the cause of the hacking?

Rheo


Vish wrote:I always fail to understand hackers phyche, what do they accomplish ?
But anyways, I got this email from phil-taylor last night
Dear Joomla friends,

It is not often I write a personal plea in an email, but if I could give you
guys one bit of advice for today it would be this.

IF YOU ARE RUNNING ANY OF THE FOLLOWING JOOMLA COMPONENTS THEN PLEASE
CONTACT ME ASAP! (Or research using the links at the bottom of this letter)

* Simpleboard
* ExtCalendar
* Any version of Joomla less than version 1.0.10

## IF YOU ARE RUNNING THESE YOUR WHOLE SITE CAN BE HACKED! ##

(NOTE: None of these products are created by Phil Taylor, there are no known
security issues of this type in Phil Taylor components)

Today I have had the enduring task of fixing five hacked websites, all the
hacks were using well (now) know security holes (Which are just plain bad
programming on the part of the developers) in the above two Joomla
Components.  Also running any version of Joomla less that the latest v1.0.10
version can also allow other attack attempts to be made.

If you need assistance in upgrading to Joomla 1.0.10 we would be happy to
help - we do loads of these a week!

Else, if you are running SimpleBoard or ExtCalendar then you should
remove/replace/fix/patch the files to stop hackers gaining access to your
server.

Here are some links to help you research:
You were running 1.0.9, that was one pitfall, but now, make sure you are not running the other two components mentioned....

I upgraded to 1.0.10 in the weekend next to its release....all of my sites...

I did not get any PMs from you  !!! What were they about?

User avatar
Vish
Joomla! Explorer
Joomla! Explorer
Posts: 382
Joined: Mon Aug 22, 2005 5:43 pm
Contact:

Re: Site hacking

Post by Vish » Thu May 01, 2008 1:06 am

rheo99

I would recommend that you post this in the security forums. They will be in a better position to help you...
--Vish "Still Learning"

rheo99
Joomla! Intern
Joomla! Intern
Posts: 69
Joined: Mon Feb 25, 2008 8:08 am

Re: Site hacking

Post by rheo99 » Thu May 01, 2008 4:26 am

ok can thank you :D

dalypaty
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Nov 04, 2011 11:00 am

Re: Site hacking

Post by dalypaty » Fri Nov 04, 2011 11:06 am

I like this thread.thanks

 

Locked

Return to “Indic Languages Forum”