Is this a security problem?

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
TwoHoot
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 152
Joined: Thu Apr 09, 2009 11:10 pm
Location: Brady, Texas
Contact:

Is this a security problem?

Post by TwoHoot » Mon Aug 27, 2012 2:41 pm

When other websites link to www.betterbradynow.org, I try to check out the link to us.

http://www.webitch4u.com/ has a link in the first line of their 8-26-2012 -- 5:05 AM posting. When I use their link on the computer I use to administer BetterBradyNow.org, the LogIn form is filled in with username PollAdm and a password. (There is no such User as PollAdm). Logging in from another computer shows a blank Login form.

Is this a security problem for me? Does the webitch4u site have a security problem?

Cordially,
TwoHoot

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39970
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is this a security problem?

Post by Webdongle » Mon Aug 27, 2012 2:50 pm

Check your Browser settings, it will be saving passwords.
PollAdm and the password is one someone entered on your PC. As it was remembered by the Browser then at at one time it was a working user/pass for somewhere.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

TwoHoot
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 152
Joined: Thu Apr 09, 2009 11:10 pm
Location: Brady, Texas
Contact:

Re: Is this a security problem?

Post by TwoHoot » Mon Aug 27, 2012 4:24 pm

Thank you for the prompt reply. Your are correct. The PollAdm username and Password were in the Firefox Browser.

The problem is that I am absolutely certain they were not entered from my computer keyboard. I work at home alone. There has never been any such Username on this computer anywhere, anytime.

The first time they appeared was when I checked out the link on the other website. When I clicked the link to see if I had a security problem, they were saved by Firefox.

Should I turn off the Remember Passwords feature on the Security Tab of Firefox preferences? I believe most of my passwords are saved in KDE Wallet (?) anyway.

Again, Thank you for the prompt reply.
Cordially,
TwoHoot

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39970
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is this a security problem?

Post by Webdongle » Mon Aug 27, 2012 4:29 pm

TwoHoot wrote:...
The problem is that I am absolutely certain they were not entered from my computer keyboard. I work at home alone. There has never been any such Username on this computer anywhere, anytime.

The first time they appeared was when I checked out the link on the other website. When I clicked the link to see if I had a security problem, they were saved by Firefox.
...
It is possible that someone has remote control over your PC but it could be a pre-filled in form on the site. What is the url where the login is ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

TwoHoot
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 152
Joined: Thu Apr 09, 2009 11:10 pm
Location: Brady, Texas
Contact:

Re: Is this a security problem?

Post by TwoHoot » Mon Aug 27, 2012 9:10 pm

A little voice in the back of my head said "you are going to have to eat that" when I reread my post and saw the words, "absolutely certain".

Now, I eat the words and apologize. I am NOT absolutely certain it was not entered from my keyboard. I don't want to think it was but it might have happened without my knowledge. There is also a login to a yahoo account that I don't know anything about at the same time, so it probably was entered from my computer. Just how and by whom, I don't know.

Also, I don't understand how it could appear when betterbradynow is accessed from webitch4u but never when it is accessed from here. Or why the extraneous username shows up on only one computer - the one I use to administer the site.

I am very ignorant about website security and leave most settings at default. What should I do next? I already changed passwords on everything.

Is it safe to use the Remember Passwords feature in Firefox?

Cordially,
TwoHoot

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39970
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is this a security problem?

Post by Webdongle » Mon Aug 27, 2012 9:16 pm

What is the exact url of the page with the login form ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

TwoHoot
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 152
Joined: Thu Apr 09, 2009 11:10 pm
Location: Brady, Texas
Contact:

Re: Is this a security problem?

Post by TwoHoot » Mon Aug 27, 2012 11:35 pm

Webdongle wrote:What is the exact url of the page with the login form ?
www.betterbradynow.org

Cordially,
TwoHoot

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39970
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is this a security problem?

Post by Webdongle » Mon Aug 27, 2012 11:47 pm

The login form I see has empty fields so either you or someone else typed in the user/pass or your computer has been hacked.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

TwoHoot
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 152
Joined: Thu Apr 09, 2009 11:10 pm
Location: Brady, Texas
Contact:

Re: Is this a security problem?

Post by TwoHoot » Tue Aug 28, 2012 1:57 pm

How do I determine if the computer has been hacked?

Some way, an invalid username and password left my Firefox password list and came back to me from a third party website (webitch4u.com) link. It was invalid, but other usernames and passwords stored in the same Firefox list were very important.

This seemed odd enough to me that I raised the question here so experts could look into whether this is a security issue in openSUSE Linux 12.1, Firefox or Joomla!. I believe in OpenSource so I am reporting something that seems strange to me.

One other thing is that there have been a number of accounts created at betterbradynow.org recently that have a .ru suffix. This is a small local website that might be interesting to a few hundred people in McCulloch County, Texas. There is absolutely nothing there that would attract international interest.

If it is just my local computer, I can change the passwords and start administering the websites from another one.

With my limited knowledge about the technical details of security, sometimes the quickest, easiest thing to do is format the hard drive and start over whenever something suspicious happens. My ignorance tends to frustrate experts who try to help me. If it is just my own little local problem caused by my own ignorance, then there is very little you can do to fix it.

I am not trying to be troublesome. I will give you any information that might help you investigate further if you wish.

Cordially,
TwoHoot

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39970
Joined: Sat Apr 05, 2008 9:58 pm

Re: Is this a security problem?

Post by Webdongle » Tue Aug 28, 2012 4:04 pm

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".


Locked

Return to “Security in Joomla! 2.5”