Spamming Script. Cannot get rid of it

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
chikagoh
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Dec 11, 2014 3:27 pm

Spamming Script. Cannot get rid of it

Post by chikagoh » Thu Dec 11, 2014 3:32 pm

Greetings,

Someone keeps uploading a spammer script (php). I find it, I delete it, and then another is uploaded in it's place. The upload locations is always in a different directory.

How can I find where the hole is that is allowing these php scripts to be uploaded?

Running: Joomla! 2.5.27 Stable [ Ember ] 30-September-2014 14:00 GMT

Thank you

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Spamming Script. Cannot get rid of it

Post by itoctopus » Thu Dec 11, 2014 4:10 pm

It seems that you are addressing the consequences, but not the cause. Either you have a vulnerable extension or there is a script that was uploaded previously to your site that allows control over your filesystem.

Check your logs and see if you can find a suspicious call to a php file around the same time where that spam PHP script was uploaded/created.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14781
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spamming Script. Cannot get rid of it

Post by mandville » Thu Dec 11, 2014 4:28 pm

Also check . Cron jobs and follow checklist 7=
Post your fpa
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

chikagoh
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Dec 11, 2014 3:27 pm

Re: Spamming Script. Cannot get rid of it

Post by chikagoh » Thu Dec 11, 2014 5:01 pm

Problem Description :: Forum Post Assistant (v1.2.4) : 11th December 2014 wrote:Someone uploading php spamming script
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 11th December 2014 wrote:Cannot find anything in my logfiles
Forum Post Assistant (v1.2.4) : 11th December 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.27-Stable (Ember) 30-September-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (644) | Owner: 10000 (uid: /gid: ) | Group: 505 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-431.29.2.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/XXX/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.3 | PHP API: apache2handler | Session Path Writable: No | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: 0 | Open Base: /var/www/vhosts/XXX/:/tmp/ | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 60 | Memory Limit: 128M

MySQL Configuration :: Version: 5.1.73 (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 3.78 MiB | #of Tables: 125
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.3) | date (5.3.3) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | session () | iconv () | Reflection ($Revision: 300393 $) | standard (5.3.3) | shmop () | SPL (0.2) | SimpleXML (0.1) | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tokenizer (0.1) | xml () | apache2handler () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | imap () | json (1.2.1) | mbstring () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | sqlite3 (0.7-dev) | wddx () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: mcrypt | suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Apache Modules :: core | prefork | http_core | mod_so | mod_auth_basic | mod_auth_digest | mod_authn_file | mod_authn_alias | mod_authn_anon | mod_authn_dbm | mod_authn_default | mod_authz_host | mod_authz_user | mod_authz_owner | mod_authz_groupfile | mod_authz_dbm | mod_authz_default | util_ldap | mod_authnz_ldap | mod_include | mod_log_config | mod_logio | mod_env | mod_ext_filter | mod_mime_magic | mod_expires | mod_deflate | mod_headers | mod_usertrack | mod_setenvif | mod_mime | mod_dav | mod_status | mod_autoindex | mod_info | mod_dav_fs | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_substitute | mod_rewrite | mod_proxy | mod_proxy_balancer | mod_proxy_ftp | mod_proxy_http | mod_proxy_ajp | mod_proxy_connect | mod_cache | mod_suexec | mod_disk_cache | mod_cgi | mod_version | mod_aclr2 | mod_fcgid | mod_perl | mod_php5 | mod_python | mod_rpaf-2 | mod_ssl | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: CB ProfileBook (1.3) | Yanc Integration (1.2) | CB Mamblog Tab (1.2) | Rating Field (1.2) | CB Profile Gallery (1.2) | CB Mambo Author Tab (1.2) | CB Captcha (1.3) | com_mailto (2.5.0) | com_wrapper (2.5.0) | WF_ANCHOR_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_TEXTCASE_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) |
Components :: ADMIN :: com_users (2.5.0) | com_search (2.5.0) | com_languages (2.5.0) | COM_K2 (2.6.8) | mod_k2_comments (-) | mod_k2_comments (-) | com_installer (2.5.0) | com_redirect (2.5.0) | com_xmap (2.3.2) | comprofiler (1.9.1) | comprofiler (1.9.1) | com_newsfeeds (2.5.0) | COM_CONTACTENHANCED (2.5.17) | com_cache (2.5.0) | com_plugins (2.5.0) | com_cpanel (2.5.0) | com_messages (2.5.0) | eXtplorer (2.1.0) | com_admin (2.5.0) | com_categories (2.5.0) | com_banners (2.5.0) | RokGallery (2.22) | com_config (2.5.0) | com_login (2.5.0) | com_content (2.5.0) | com_media (2.5.0) | Gantry (4.1.26) | com_joomlaupdate (2.5.0) | com_modules (2.5.0) | com_checkin (2.5.0) | JCE (2.3.4.4) | Unknown (-) | Akeeba (3.6.9) | com_finder (2.5.0) | com_menus (2.5.0) | com_templates (2.5.0) | com_weblinks (2.5.0) | RokSprocket (2.1.2) |

Modules :: SITE :: CB Login (1.9.1) | mod_articles_categories (2.5.0) | CB Online (1.9) | mod_footer (2.5.0) | CB Workflows (1.9) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | RokNavMenu (2.0.7) | K2 User (2.6.8) | mod_login (2.5.0) | mod_articles_category (2.5.0) | Contact Information Module (2.5) | Latestweet (4.3) | RokTwittie (1.8) | RokSprocket Module (2.1.2) | Contact Enhanced Alpha Index (3.0) | mod_search (2.5.0) | mod_syndicate (2.5.0) | Rapid Contact (1.2) | CB Gallery Module (1.2.2) | mod_feed (2.5.0) | mod_ce_category (2.5.12) | mod_menu (2.5.0) | K2 Content (2.6.8) | mod_languages (2.5.0) | mod_custom (2.5.0) | mod_wrapper (2.5.0) | mod_random_image (2.5.0) | RokGallery Module (2.22) | mod_articles_archive (2.5.0) | K2 Tools (2.6.8) | mod_articles_news (2.5.0) | Contact Enhanced Form (2.5.15) | mod_finder (2.5.0) | CB Activity (2.4.1) | mod_users_latest (2.5.0) | K2 Comments (2.6.8) | Contact Enhanced Latest Submit (3.0) | Contact Enhanced Search (2.5.10) | CB PB Latest (1.3) | mod_whosonline (2.5.0) | mod_related_items (2.5.0) | Contact Enhanced Slideshow (2.5.10) | Contact Enhanced Birthday (3.0) | mod_weblinks (2.5.0) | mod_breadcrumbs (2.5.0) | K2 Users (2.6.8) | mod_articles_latest (2.5.0) | CB GroupJive (2.7.0) | mod_stats (2.5.0) |
Modules :: ADMIN :: K2 Quick Icons (admin) (2.6.8) | K2 Stats (admin) (2.6.8) | Contact Enhanced Latest Submit (3.0) | mod_login (2.5.0) | mod_toolbar (2.5.0) | mod_feed (2.5.0) | mod_menu (2.5.0) | mod_submenu (2.5.0) | mod_logged (2.5.0) | mod_custom (2.5.0) | mod_status (2.5.0) | Contact Enhanced Statistics (3.0) | mod_popular (2.5.0) | mod_multilangstatus (2.5.0) | Community Builder Admin menu (1.0) | mod_quickicon (2.5.0) | mod_latest (2.5.0) | mod_title (2.5.0) | mod_version (2.5.0) |

Plugins :: SITE :: Contact Enhanced - Custom Code (3.1.0) | Josetta - K2 Items (2.6.8) | Josetta - K2 Categories (2.6.8) | User - K2 (2.6.8) | plg_user_joomla (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_ce_contactcreator (3.0.0) | plg_user_profile (2.5.0) | plg_search_contactenhanced (2.5.12) | Search - GroupJive (2.7.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_categories (2.5.0) | plg_search_newsfeeds (2.5.0) | Search - Community Builder (1.1.0) | Search - K2 (2.6.8) | plg_search_weblinks (2.5.0) | Content - Contact Enhanced For (2.5.15) | plg_content_pagebreak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_vote (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - Community Builder Au (1.0.1) | Content - RokInjectModule (1.6) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_finder (2.5.0) | Button - Contact Enhanced Form (2.5.10) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_readmore (2.5.0) | Button - RokGallery (2.22) | plg_quickicon_jcefilebrowser (2.3.4.4) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | Xmap - Content Plugin (2.0.4) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - Virtuemart Plugin (2.0.1) | Xmap - Kunena Plugin (2.0.3) | Xmap - SobiPro Plugin (2.0.2) | Xmap - WebLinks Plugin (2.0.1) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_editors_jce (2.3.4.4) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | PLG_SYSTEM_MODALS (4.12.3FREE) | plg_system_sef (2.5.0) | System - Contact Enhanced (CE) (3.1) | plg_system_languagecode (2.5.0) | System - RokCommon (3.1.11) | plg_system_highlight (2.5.0) | System - CB Core Redirect (1.0.0) | PLG_SYSTEM_NNFRAMEWORK (14.8.6) | System - RokSprocket (2.1.2) | PLG_ECC (2.5-8) | Google Maps (2.20) | System - Gantry (4.1.26) | plg_system_logout (2.5.0) | plg_system_p3p (2.5.0) | System - RokExtender (2.0.0) | System - Mail Links to Contact (2.5.10) | System - K2 (2.6.8) | plg_system_languagefilter (2.5.0) | System - Autologin (2.5.0) | System - Contact Enhanced (CE) (2.5.16) | System - RokGallery (2.22) | plg_system_remember (2.5.0) | plg_system_redirect (2.5.0) | plg_system_log (2.5.0) | plg_system_cache (2.5.0) | System - iSeKeywords (2.5.10) | plg_system_debug (2.5.0) | plg_captcha_recaptcha (2.5.0) | Captcha - SecurImage (3.2.2) | plg_finder_contactenhanced (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_k2 (2.6.8) | plg_finder_weblinks (2.5.0) | plg_extension_joomla (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: beez_20 (2.5.0) | beez5 (2.5.0) | rt_metropolis (1.1) | atomic (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Last edited by mandville on Fri Dec 12, 2014 10:22 am, edited 1 time in total.
Reason: disbled smilies for clarity

chikagoh
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Dec 11, 2014 3:27 pm

Re: Spamming Script. Cannot get rid of it

Post by chikagoh » Thu Dec 11, 2014 5:16 pm

Not finding anything in the logs related to an FTP upload.

The only thing I can find is the script by putting a wrapper on postfix and logging it
Everytime I find the script and remove it, a new script gets used to spam Same script though:

X-Additional-Header: /var/www/vhosts/XXX/httpdocs/cache/Gantry
To: jose7190@hotmail.com
Subject: Lol She's a Screamer
X-PHP-Originating-Script: 48:model.php
From: "Lacy Bray" <lacy_bray@XXX.com>
Reply-To:"Lacy Bray" <lacy_bray@XXX.com>
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Spamming Script. Cannot get rid of it

Post by itoctopus » Thu Dec 11, 2014 5:36 pm

Which logs are you checking? Are you checking the Apache access logs? These are the logs that I'm talking about. The file doesn't have to be uploaded through FTP, it can be uploaded using the malicious file that you possibly have on your server. The Apache logs will probably tell you which one it is.

Also, don't forget to change all the passwords.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

chikagoh
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Dec 11, 2014 3:27 pm

Re: Spamming Script. Cannot get rid of it

Post by chikagoh » Thu Dec 11, 2014 5:58 pm

I'm looking at all logs (apache, ftp, etc..). I am pretty certain the script is being uploaded via http, I just cannot find anything in the apache logs.

I've changed the password, and have even deployed a brand new server where the only thing that wasn't new was the web content and mysql database.

chikagoh
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Dec 11, 2014 3:27 pm

Re: Spamming Script. Cannot get rid of it

Post by chikagoh » Sat Dec 13, 2014 6:14 pm

So I think I have narrowed this down, but I don't know enough about php to determine which script has the security issue.

I removed the latest spam script, and as usual, within 24 hours, a new script has been uploaded elsewhere within the site.

I searched through the http access logfile for the first instance of the spam script, and then greped for the IP associated.

The spam script in question: ---------- 1 apache apache 64890 Dec 13 09:53 view.php

The 09:53 time associated with the first instance (a GET) in my apache log:

91.121.160.169 - - [13/Dec/2014:09:53:12 +0000] "GET /libraries/gantry/core/params/view.php HTTP/1.0" 200 207 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"

But the IP associated has some activity right before the GET:

91.121.160.169 - - [13/Dec/2014:07:13:05 +0000] "POST /plugins/quickicon/index.php HTTP/1.0" 200 3349 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
91.121.160.169 - - [13/Dec/2014:07:13:05 +0000] "POST /libraries/gantry/facets/menu/themes/touch/general.php HTTP/1.0" 200 3349 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
91.121.160.169 - - [13/Dec/2014:07:13:06 +0000] "POST /modules/mod_ce_form/language/code.php HTTP/1.0" 200 3349 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
91.121.160.169 - - [13/Dec/2014:07:13:06 +0000] "POST /libraries/gantry/core/gantryfeature.class.php HTTP/1.0" 200 3349 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
91.121.160.169 - - [13/Dec/2014:08:24:18 +0000] "POST /libraries/gantry/core/renderers/gantryfeaturerenderer.class.php HTTP/1.0" 200 226 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"
91.121.160.169 - - [13/Dec/2014:09:53:12 +0000] "POST /modules/mod_contactinfo/mod_contactinfo.php HTTP/1.0" 200 602 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0"


This is where I get lost. I do not have the skills to determine how these scripts work together (if at all), and/or which one could be the issue.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14781
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Spamming Script. Cannot get rid of it

Post by mandville » Sat Dec 13, 2014 8:26 pm

well contact enhanced is several versio n out of date. whats your cron jobs like? whyt has your host said
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37152
Joined: Sat Apr 05, 2008 9:58 pm

Re: Spamming Script. Cannot get rid of it

Post by Webdongle » Sat Dec 13, 2014 8:35 pm

chikagoh wrote:...
Someone keeps uploading a spammer script (php). I find it, I delete it, and then another is uploaded in it's place. ...
You only find what they want you to find. You need to delete all the folders/files on the server and http://forum.joomla.org/viewtopic.php?f=621&t=582854
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
Slackervaara
Joomla! Guru
Joomla! Guru
Posts: 994
Joined: Sat Aug 13, 2011 6:27 am

Re: Spamming Script. Cannot get rid of it

Post by Slackervaara » Thu Dec 18, 2014 9:26 pm

The free security extension JHackGuard has an option to disable file upload for guests.


Locked

Return to “Security in Joomla! 2.5”