My site got hacked through MYTUBE plugin

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Locked
grebeau
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Oct 04, 2009 3:42 pm
Location: Atlanta, GA
Contact:

My site got hacked through MYTUBE plugin

Post by grebeau » Sun Oct 04, 2009 4:05 pm

Some guy from Turkey, was able to exploit the mytube pluggin. I have since rebuilt the site and disconnewed use of mytube. just wanted to let all you guys know.

User avatar
muddauber
Joomla! Ace
Joomla! Ace
Posts: 1519
Joined: Thu Jun 08, 2006 11:26 pm

Re: My site got hacked through MYTUBE plugin

Post by muddauber » Sun Oct 04, 2009 4:13 pm

Did you mean [youtube]? I don't see any MYTUBE plugins for Joomla
in Extensions. Let me which plugin you are talking about.

grebeau
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Oct 04, 2009 3:42 pm
Location: Atlanta, GA
Contact:

Re: My site got hacked through MYTUBE plugin

Post by grebeau » Sun Oct 04, 2009 4:26 pm

i just checked and it looks like they took the extension off. I did report this issue to the joomla security strike team yesterday. it was Video Players & Gallery section.

grebeau
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Oct 04, 2009 3:42 pm
Location: Atlanta, GA
Contact:

Re: My site got hacked through MYTUBE plugin

Post by grebeau » Sun Oct 04, 2009 4:32 pm

found the info.
MyRemote Video Gallery Popular
This extension has been unpublished for the following reason: Security report

User avatar
muddauber
Joomla! Ace
Joomla! Ace
Posts: 1519
Joined: Thu Jun 08, 2006 11:26 pm

Re: My site got hacked through MYTUBE plugin

Post by muddauber » Sun Oct 04, 2009 4:35 pm

Ouch!! Thanks for the head's up. I use the standard media plugin
that works with JCE Editor and has not created any security issues
for me nor have I found any reports on this issue.

evelectric
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Oct 05, 2009 5:26 am

hacked through MYTUBE plugin | The FIX and how to resolve it

Post by evelectric » Mon Oct 05, 2009 5:50 am

HI all,

I dont normally go into forums and offer advice but I too have been hacked on 4 occasions over the last few days, But I am happy to say I have managed to stop them in their tracks (we will see how long ths lasts).

I have a very good understanding of how they get in and what they are doing so let me explain in the hope that this offers assistance to those having the same issues.

Firstly there is a website for hackers where they let eeryone know aout the exploits, the web address is [removed] this is where they tell everyone what sites have been hit so others can view their handy work. It also shows all of the exploits and how to obtain code to get in etc...

The exploit for the mytube plug in is as follows:

IHTILAL.IN | hack , hacking , hacked , ddos , phreaking , hack sitesi , msn hack , email hack , pc hack , site hack , ftp hack , domain hack > Hacking Life > Expl0its & Vulnerabilities > joomla component com_mytube (user_id) Blind SQL Injection Vulnerability
PDA

Orijinalini görmek için tiklayiniz : joomla component com_mytube (user_id) Blind SQL Injection Vulnerability
Mavi_Karanlik
09-27-2009, 02:54 PM
Dork Mevcut Degil Kendiniz Bisler Bulabilirsiniz :)

[removed]
--------------------------------------------------------------------------------------

This is what I have done to defend against this type of attack:

I have left a 2nd Super Administrator log in, so when they change my passwords I can get back in to fix it again ( I was hit every hour for 4 days, but have a site that is still active and not hacked ).

You will find that they have changed the following:

The template file would be changed to their Hacked code (what ever shows when you type in the site URL)

Upload your backup of the template (if you dont have a backup download it again and reinstall)

Change the Admin password (they would have changed this so that you cant access the site, so I assume if you havent done this that now is a good time to do so)

Go to the control panel and turn your site back on-line after removing their blab that they have put in the offline details)

Now download a Joomla IP Blacklist extension, install it and and search the net for IP Addresses for the countres you want to block - in my case [removed])

It has a nice redirect feature - I redirected all of the Blacklisted IP ranges to the CIA website in the states. It also displays a message that they are blacklisted, before it redirects the page.

I used IP Deny in CPANEL but they got past it very quickly, (that was the second hack after 3 days of no issues), so dont try CPANEL they can get past it very quickly.

There is more I could put here, but i have to run for an appointment, if you do the above you shouldnt have any issues until they work out a hack to get around the IP Blacklist, at this stage I havent had any issues since installing the BAN IP Joomla extension.

I hope that this offers some assistance to those out there like me that just want a site online without a bunch of kids playing with software that they could never put together themselves causing everyone irritation.

I did a quick search by the way 10,255 sites affected through the MYTUBE exploit as of 4th Oct 2009.

Michael (Australia)
Last edited by pe7er on Wed Oct 07, 2009 7:41 am, edited 1 time in total.
Reason: Hacker site & hack script & country of origin have been removed


Locked

Return to “3rd Party/Non Joomla! Security Issues”