My Joomla 1.5RC Being Hacked

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
tingtong
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 157
Joined: Wed Aug 02, 2006 11:23 am

My Joomla 1.5RC Being Hacked

Post by tingtong » Thu Aug 30, 2007 12:43 pm

Below is the information when visiting my test site:-

Hacked By [mod edit - no need to provide credit]
Thanx = [mod edit - no need to provide credit]


Fatal error: Cannot instantiate non-existent class: jconfig in /hsphere/local/home/myusername/mydomain.com/administrator/includes/framework.php on line 47


I just setup it and not much worry, shall I reinstall Joomla or there is method to fix it?
Last edited by dhuelsmann on Thu Aug 30, 2007 1:40 pm, edited 1 time in total.

AmyStephen
Joomla! Champion
Joomla! Champion
Posts: 7056
Joined: Wed Nov 22, 2006 3:35 pm
Location: Nebraska
Contact:

Re: My Joomla 1.5RC Being Hacked

Post by AmyStephen » Thu Aug 30, 2007 1:03 pm

tingtong -

It would be very helpful if you would read You think you're site got hacked? Read this first, please!!! and provide good diagnostic data on this situation. If some of the questions don't make sense, see if your web host can help fill in the information you don't understand.

What version of J! v 1.5 are you using?

Thanks for reporting this,
Amy

tingtong
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 157
Joined: Wed Aug 02, 2006 11:23 am

Re: My Joomla 1.5RC Being Hacked

Post by tingtong » Thu Aug 30, 2007 1:26 pm

Thanks for the guideline. I use latest Joomla 1.5 RC 1.

User avatar
Stickymaddness
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Wed Mar 14, 2007 10:35 am

Re: My Joomla 1.5RC Being Hacked

Post by Stickymaddness » Mon Sep 03, 2007 8:16 am

There is a sql injection vunerability for Joomla 1.5 Beta1/Beta2/RC1 and this is probably how you've been hacked. Either change to RC2, although I don't know if RC2 is vunerable to this attack, or change down to Joomla! 1.0.13  ;)
"lmao...yeah..right...like there will ever be a market for personal computing...."

AmyStephen
Joomla! Champion
Joomla! Champion
Posts: 7056
Joined: Wed Nov 22, 2006 3:35 pm
Location: Nebraska
Contact:

Re: My Joomla 1.5RC Being Hacked

Post by AmyStephen » Mon Sep 03, 2007 2:02 pm

Stickymaddness -

A vulnerability with Beta has been confirmed but to my knowledge, that is not true for RC 1 or RC 2. Would you please provide more detail regarding your comments?

Thanks!
Amy :)

User avatar
Stickymaddness
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Wed Mar 14, 2007 10:35 am

Re: My Joomla 1.5RC Being Hacked

Post by Stickymaddness » Mon Sep 03, 2007 2:16 pm

AmyStephen,

I have pm'd you the details, since it is against the forum rules to post any exploit details :/
"lmao...yeah..right...like there will ever be a market for personal computing...."

AmyStephen
Joomla! Champion
Joomla! Champion
Posts: 7056
Joined: Wed Nov 22, 2006 3:35 pm
Location: Nebraska
Contact:

Re: My Joomla 1.5RC Being Hacked

Post by AmyStephen » Mon Sep 03, 2007 9:11 pm

StickyMaddness -

Appreciate your response. I need to read the "Please read" instructions that they post for us.  :-[

From the RC 2 Announcement:
Important, you need to upgrade! In the current RC1 we found three security issues, one SQL injection, one XSS, and a few full path disclosure vulnerabilities. Those security issues are solved in the new release.
Thanks for your sensitivity in PMing me. That is much appreciated. Letting people know to upgrade due to security measures is important and I am now better aware. RC 2 is a must since these security vulnerabilities reported in RC 1 have been addressed.

Amy :)


Locked

Return to “Security in Joomla! 1.5”