Joomla 1.5 generating spam mail

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
mitjats
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Dec 05, 2013 6:12 pm

Joomla 1.5 generating spam mail

Post by mitjats » Sat Dec 07, 2013 7:48 am

I saw such kind of post often on this forum, but could someone give me some help to stop the spam mail generation?

Here is the transcription of the FPA.
If you need some others info just ask me.

TIA
Mitja
Forum Post Assistant (v1.2.3) : 7th December 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.21-Stable (senu takaa ama wepulai) 08-October-2010
Joomla! Configured :: Yes | Writable (755) | Owner: (uid: /gid: ) | Group: (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-371.1.2.el5PAE | Technology: i686 | Web Server: Apache/2.2 | Encoding: gzip,deflate,sdch | Doc Root: /web/htdocs/www.tirabora.it/home/ | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.27 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: 0 | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 25M | Max. POST Size: 30M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 64M

MySQL Configuration :: Version: 5.0.92-enterprise-gpl-log (Client:5.1.56) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.01 MiB | #of Tables:  53
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.27) | date (5.3.27) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.27) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | SQLite (2.0-dev) | exif (1.4 $Id$) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | cgi-fcgi () | imagick (3.0.1) | SourceGuardian (9.0) | ffmpeg (0.6.0-svn) | tidy (2.0) | mhash () | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: zip | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | User (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: Banners (1.5.0) | Cache Manager (1.5.0) | Configuration Manager (1.5.0) | Contact Items (1.0.0) | Content Page (1.5.0) | Control Panel (1.5.0) | Frontpage (1.5.0) | Installation Manager (1.5.0) | jea (1.0) | Language Manager (1.5.0) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Menus Manager (1.5.0) | Messaging (1.5.0) | Module Manager (1.5.0) | Newsfeeds (1.5.0) | Polls (1.5.0) | Plugin Manager (1.5.0) | Search (1.5.0) | Template Manager (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Weblinks (1.5.0) | Akeeba (3.2.7) |

Modules :: SITE :: Archived Content (1.5.0) | Banner (1.5.0) | Breadcrumbs (1.5.0) | Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.5.0) | JEA emphasis V1.4 (1.4) | Latest News (1.5.0) | Login (1.5.0) | Menu (1.5.0) | Most Read Content (1.5.0) | Newsflash (1.5.0) | Poll (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | Search (1.0.0) | Sections (1.5.0) | Statistics (1.5.0) | Syndicate (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.0.0) | Latest News (1.0.0) | Logged in Users (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Items Stats (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) | Akeeba Backup Notification Mod (3.2.7) |

Plugins :: SITE :: Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | Content - Vote (1.5) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Search - Categories (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Weblinks (1.5) | System - Backlinks (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - Legacy (1.5) | System - Log (1.5) | System - Mootools Upgrade (1.5) | System - Remember Me (1.5) | System - SEF (1.5) | redMIGRATOR - System plugin (1.0.0) | Akeeba Backup Lazy Scheduling (3.2.7) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | PLG_SYSTEM_REDMIGRATOR (1.0.0) | redMIGRATOR - System plugin (1.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: beez (1.0.0) | gra-template-01 (1.0.0) | JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | siteground-j15-136 (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla 1.5 generating spam mail

Post by mandville » Sat Dec 07, 2013 2:19 pm

please update your joomla.
please define "spm attempt"
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
User avatar
mitjats
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Dec 05, 2013 6:12 pm

Re: Joomla 1.5 generating spam mail

Post by mitjats » Sun Dec 08, 2013 12:04 am

Yes, I will update in the next few days to Joomla 3.2, but in the mean time I would like to understand what is happen with the actual installation.
I haven't checked by myself, but the email address registred in joomla 1.5 "seems" to send spam email back to the same address and probably to other addresses, but one more time, I haven't checked this, and probably when I will upgrade the problem will vanish, but I would like to understand if the mail is compromised and why.
Top
User avatar
Seahawk59
Joomla! Apprentice
Joomla! Apprentice
Posts: 19
Joined: Sat Aug 29, 2009 8:26 pm
Location: Pretoria

Re: Joomla 1.5 generating spam mail

Post by Seahawk59 » Fri Jan 03, 2014 10:26 am

Hi
run Joomla 1.5.26

Found the following suspicious files in my installation:

components/ com_akeeba/ getinfoyf78. php PHP. Trojan. Spambot
components/ com_mailto/ rssySm. php PHP. Trojan. Spambot

Put some spaces in to prevent link.

I ran Antivirus on the website after the site was blocked by provider for sending unsolicited emails.

All security settings is according to the suggested security 7. Did receive a warning from Marco's Interceptor, but it still went through.

Trust this will help a bit
Wynand
Top
Locked

Return to “Security in Joomla! 1.5”