Before you post - read and action this

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14721
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Before you post - read and action this

Post by mandville » Sat Sep 29, 2012 12:49 am


Before you post your security/been hacked topic, it is suggested to do all of the following. Failure to follow the suggestions below may leave your site vulnerable to being hacked again in the future.


You must state what version of Joomla you were using when when the site first became hacked. This can make a difference as to how we approach your individual situation.

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.

[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files by
[*]Create a new database and install without sample data to it(make sure it the same version as previous site).
[*]Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
[*] Edit the configuration.php file of the new Joomla to connect to your original database.
[] In Joomla's User manager verify that all the users in Super User and Administrator (as well as any custom User Group with Admin access) are valid.
[] Make a backup and update to the current full version of Joomla

Only by deleting all files from the server and replacing them with the files in the installation (including extensions and templates) can you be sure to remove any backdoors inserted and hidden in various files and directories.
More detailed information can be found in the Security Checklist 7 document.
Paid security cleanup services can be found at http://resources.joomla.org/

Note: The forum post tool will work with all versions of Joomla. The FPA is written and maintained by the Joomla Security forum moderators.
Last edited by mandville on Sun Sep 06, 2015 5:18 pm, edited 4 times in total.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14721
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Forum Post Asstistant - FPA

Post by mandville » Sat Sep 29, 2012 12:50 am

The Joomla Forum Post Assistant

General Information

The Forum Post Assistant (FPA) script has been developed to assist forum posters to be able to post relevant system, instance, PHP and troubleshooting information directly in to a pre-formatted forum post. This will save a few hours of posting back and forth, asking for, and explaining how to acquire useful information in order for other forum users to help troubleshoot a problem.
This process also means that consistent information is gathered and presented in every case, enabling helpers to quickly target information relevant to the specific problem observed by the user.

Disclaimer
USE AT YOUR OWN RISK
Accuracy and completeness of this script and documentation is not assured and no responsibility will be accepted for any damage, issues or confusion caused by using any FPA versions contained within these branches.

Feedback and Discussion
A discussion topic on the FPA tool is at: http://forum.joomla.org/viewtopic.php?f=621&t=656394 Report any issues there.

Download:
Use these links to download the FPA:
Download .tar.gz version or Download the .zip version
NOTE: Do not download the FPA from any other links on the Internet.

Compatibility:
  • Apache 1.x, Apache 2.x, Apache 2.2.x, IIS6, IIS7, IIS7.5
  • PHP 4.0.x, PHP 4.1.x, PHP 5.x.x, PHP 6DEV
  • MySQL 3.2 - 5.5
  • MySQLi from 4.1 ( @ >=PHP 4.4.9)
  • Completely operating system independent

Joomla! Version Support:
  • - v 1.0.x
  • - v 1.5.x
  • - v 1.6.x
  • - v 1.7.x
  • - v 2.5.x
  • - v 3.x
IMPORTANT NOTES
  • In the given examples,
  • Replace example.com with your own domain details.
  • joomla_root/ refers to the directory(folder) where all the Joomla package files and directories are installed, and may not be the web_root/ of your server. You will have called the directory something else too.
  • web_root/ refers to the main Web directory of your server. It may be called something else in your particular situation. You must check with your host or the documentation for your server if you are at all uncertain. Examples are:
    • htdocs/
    • www/
    • public_html/
Known Issues:
FPA is not currently fully compatible with Joomla websites that have had their configuration.php file moved outside of the web_root/ directory.

Installation:
  1. Download the preferred FPA archive from the above links.
  2. Uncompress (unzip/unarchive) the downloaded package file on to your own computer (using WinZip or another decompression tool).
  3. READ the included README file for any special Release notes.
  4. READ the included Documentation file for detailed usage instructions.
  5. Upload the fpa-en.php script to your joomla_root / directory.
  6. Run the script through your browser by entering: http://example.com/fpa-en.php. See examples below.
Installation Examples:
  • Joomla! is installed in your web_root/ folder:
    1. Upload the fpa-en.php script to: <your_domain-name.com>/web_root/
    2. To run the script: http://example.com/fpa-en.php
  • Joomla! is installed in a sub-directory named cms:
    1. Upload the fpa-en.php script to: <your_domain-name.com>/web_root/cms/
    2. To run the script: http://example.com/cms/fpa-en.php
Usage:
When called from your browser, the FPA will run and display the information it has gathered about your Joomla site and the server environment that your site is installed on.
You can use the information displayed by the FPA to assist you in troubleshooting your site or you you can continue with this instructions to post the information to the Joomla Forums.
Image
Using the FPA to make a post to a forum topic:
  1. CLICK the Show the Forum Post Assistant link to open the Post Tool for generating the code that you need to add into your forum post.
  2. Image
  3. Enter a brief description of your problem.
  4. Enter any error messages you have received. (Copying and pasting these into this panel is the most accurate way to achieve this)
  5. Enter a brief description of any actions you have taken to resolve the issue (optional). (You may leave this information blank if desired, but providing what you can will usually help figure out the issue.)
    • Security options are best left at their default for posting in the forum.
    Image
  6. Select the Run Time Options Detail Level for the report
  7. Select the Information Privacy Level of the report (optional). (You may leave this information at the defaults, but providing additional information about installed extensions can usually help resolve your issue more successfully.)
Image

Generating the Post:
  1. CLICK the Click Here To Generate Post button to build the forum post content using the information and options you selected above.
  2. CLICK the Reset button to reset all the information and options selections displayed in Figures 1 and 2 to their default values.
  3. If you get an Out of Memory or Execution Time Error when generating the post information:
    1. SELECT the Seeing PHP Out of Memory or Execution Time Errors? check box to temporarily
      increase PHP memory and execution times and
    2. CLICK the Click Here To Generate Post button to try generating the post again.
Image

Copying the Generated Information:
  1. Place your computer cursor into the Post Detail box. It does not matter where within the code the cursor is.
  2. Select all of the content by using the key combination CTRL(cmd) + A to select all of the code within the box.
  3. Copy the contents selected to your computers clipboard by using the key combination CTRL(cmd) + C
Image

Inserting the information into a New Forum Posting:
If you have not made a posting in the appropriate Joomla forum for your version of Joomla about your particular issue, then take the steps below:
  1. CLICK on the New Topic button.
  2. Enter a descriptive subject for your topic. Avoid the phrase I was hacked! Or HELP!
  3. In the message body, enter any additional information you think may be helpful in assisting with the issue your having.
    • Do not post any direct links to any infected sites, assumed nationality, hacker links or hacker names you found displaying on your site.
    • Do not post any additional personal security information that relates to your Web or database server
  4. Paste the information from the FPA into the message body area using the CTRL(cmd) + V keyboard command. The correct forum format codes are already included in the post generation so there is no additional formatting needed of the generated code.
  5. If you need to add pictures for clarity, use the attachment upload section of the forum post editor to add them now.
  6. If you wish to preview the message before posting it, then CLICK the Preview button below the message body area.
  7. When satisfied with your message, CLICK the Submit button that is below the message body area.
Inserting the information into an Existing Forum Thread:
  • CLICK the Reply button to open the full forum post editor.
    OR
  • At the bottom of an existing forum thread there is a Quick Reply message body area.
    You can use either method to post the FPA information into your existing forum thread:
    1. In the message body area, enter any additional information you think may be helpful in assisting with the issue you are having.
      • Do not post any direct links to any infected sites, assumed nationality, hacker links or hacker names you found displaying on your site.
      • Do not post any additional personal security information that relates to your Web or database server
    2. Paste the information from the FPA into the message body area using the CTRL(cmd) + V keyboard command. The correct forum format codes are already included in the post generation so there is no additional formatting needed of the generated code.
      NOTE: To add pictures to your post, for clarity, you must be using the Full Editor.
    3. If you decide you want to work in the full forum message editor instead:
      • CLICK the Full Editor button below the message body area (if working in the Quick Reply panel)
    4. To preview the message at any point before posting it:
      • CLICK the Preview button.
    5. When satisfied with your message:
      • CLICK the Submit button that is below the message body area.
Image

Please remove the FPA script from your website or otherwise change the name once the script has generated the Site Data and the message has been prepared and posted to the forum. This is so outsiders can't take a look at how your site is structured and possibly utilize any flaws that may be present.

Discussion Topic Reminder

Discussion topic on the FPA tool is at: http://forum.joomla.org/viewtopic.php?f=621&t=656394. Post any questions on the use of the FPA, bugs, and suggestions there.
Last edited by mandville on Tue Mar 08, 2016 4:04 pm, edited 2 times in total.
Reason: updated version control


Locked

Return to “Security in Joomla! 3.x”