Page 1 of 1

Users password changing bySelf!??

Posted: Thu Oct 23, 2014 12:47 pm
by ineteye
Hi!

Have Joomla! 2.5.11 and MijoShop running about a year... and just getting problem that somehow all users password changing in database to different.... Still did not find why this happens ... Maybe some one have same problem or at least know how to get what plugin,module,extension or just code injection making that??????

Re: Users password changing bySelf!??

Posted: Thu Oct 23, 2014 1:02 pm
by mandville
You have an out of date vulnerable joomla .
please update and run the fpa

Re: Users password changing bySelf!??

Posted: Thu Oct 23, 2014 1:04 pm
by ineteye
But how Forum Post Assistant can help??????????????????????

Re: Users password changing bySelf!??

Posted: Thu Oct 23, 2014 1:08 pm
by mandville
It will tell what extension you have and any out of date vulnerable ones

Re: Users password changing bySelf!??

Posted: Thu Oct 23, 2014 3:37 pm
by pe7er
ineteye wrote:But how Forum Post Assistant can help??????????????????????
Forum Post Assistant itself cannot help,
but it gives us the necessary information that we can use to advice you.

Re: Users password changing bySelf!??

Posted: Sun Dec 28, 2014 10:59 pm
by ineteye
OK... I update Joomla to latest version and all other componments... .and still have same problem ... FPA REPORT

Re: Users password changing bySelf!??

Posted: Sun Dec 28, 2014 11:43 pm
by mandville
the screenshot doesnt give us all the required info . follow the instructions please..http://forum.joomla.org/viewtopic.php?f=621&t=582860
the green area marked "show forum post assistant" then generate then copy and paste
but i can tell you now you have many out of date extensions .

Re: Users password changing bySelf!??

Posted: Mon Dec 29, 2014 6:53 am
by ineteye
The problem not in out of date extensions at all... it works in same build couple of years and no problem... so install updates and think that it resolve a problem not a good idea at all... as i wrote earlier..... So is any idea to know why this happen??? Maybe someone know how to stat all request to mysql database?? to know what change password field in joomla user table?????????????????????

Re: Users password changing bySelf!??

Posted: Mon Dec 29, 2014 8:27 am
by pe7er
ineteye wrote:The problem not in out of date extensions at all... it works in same build couple of years and no problem...
Outdated software works without any problems until a hacker (hackerscript) finds a security issue on your site in that outdated software...
See also https://docs.joomla.org/Security_Checklist

Side note: Joomla switched from md5 paswords to a safer methods (from PHP's md5() hashing to crypt()).
On newer Joomla versions, the old md5 style password will be converted automatically
to a newer Joomla "crypt" style password for individual users when they login into the website.

With phpMyAdmin you can see the encrypted passwords:
md5-hash:salt = old md5 style password
$1$ in password = new Joomla "crypt" style password
$2y$ or $2a$ = new BlowFish "crypt" style password