Advertisement
Joomdonation.com hacked - all details out
-
- Joomla! Apprentice
- Posts: 22
- Joined: Sat May 23, 2009 4:21 am
- Location: Perth, Australia
- Contact:
Joomdonation.com hacked - all details out
Hi guys, received following email (as well as a lot of others I suppose).
I am using Event Booking.
Any ideas??
============================================
Hello Alan Stuart
How the hell are you? No need to ask, I’m fine!
I’m the one who has hacked all of your sites, emails, accounts etc. that has been using JoomDonation.com site/components. Scaring? Hell Yea :-)
About 15 months ago, I was able to penetrate into several Joomla sites. One of these luckies was JoomDonation.com After a while I realised that their crappy components were used by other Joomla developers too so I injected my shells into JoomDonation.com components. As per result, I’ve a list of 300000+ Joomla users+emails and you’re just one of them, lucky thing :-)
Don’t you believe? Follow me on twitter.com/joomleaks or #joomleaks hashtag and you’ll see the database of JoomDonation.com as a beginning.
Yea Yea I know you all have scanners, firewalls, admin tools etc installed on your server/site but you what? F*ck em all. They’re just noob tools. Think about, I’ve injected my own shells into 10000+ Joomla sites and none of you or your magic tools have been awared of.
WARNING: You have 5 days to clean up your sites then my bot will start putting your sites down. If your site was not so valuable for me, removing the components would be enough. If so, then I will most probably blackmail you soon :-)
Want an advice from a hacker? Don’t use any script from Thailand/Vietnam developers, their code is so crappy :-) Try Indian quality.
This email was sent to all JoomDonation.com users. We’ll meet again if you have accounts registered to other Joomla developers :-)
This was my thanksgiving gift, keep yourself safe ;-)
JnLiau
I am using Event Booking.
Any ideas??
============================================
Hello Alan Stuart
How the hell are you? No need to ask, I’m fine!
I’m the one who has hacked all of your sites, emails, accounts etc. that has been using JoomDonation.com site/components. Scaring? Hell Yea :-)
About 15 months ago, I was able to penetrate into several Joomla sites. One of these luckies was JoomDonation.com After a while I realised that their crappy components were used by other Joomla developers too so I injected my shells into JoomDonation.com components. As per result, I’ve a list of 300000+ Joomla users+emails and you’re just one of them, lucky thing :-)
Don’t you believe? Follow me on twitter.com/joomleaks or #joomleaks hashtag and you’ll see the database of JoomDonation.com as a beginning.
Yea Yea I know you all have scanners, firewalls, admin tools etc installed on your server/site but you what? F*ck em all. They’re just noob tools. Think about, I’ve injected my own shells into 10000+ Joomla sites and none of you or your magic tools have been awared of.
WARNING: You have 5 days to clean up your sites then my bot will start putting your sites down. If your site was not so valuable for me, removing the components would be enough. If so, then I will most probably blackmail you soon :-)
Want an advice from a hacker? Don’t use any script from Thailand/Vietnam developers, their code is so crappy :-) Try Indian quality.
This email was sent to all JoomDonation.com users. We’ll meet again if you have accounts registered to other Joomla developers :-)
This was my thanksgiving gift, keep yourself safe ;-)
JnLiau
Regards,
Moby
Moby
Advertisement
- sgagner
- Joomla! Ace
- Posts: 1302
- Joined: Wed Sep 27, 2006 8:40 pm
- Location: Norrköping, Sweden
- Contact:
Re: Joomdonation.com hacked - all details out
I have got the same message too
But I don't use any extensions from JoomDonation
But I don't use any extensions from JoomDonation
Stefan Gagner, CMS Universal - http://www.mei-ya.se
Coordinator of Swedish Joomla Translator group.
We make the impossible while you wait. Wonders may take a little longer.
Coordinator of Swedish Joomla Translator group.
We make the impossible while you wait. Wonders may take a little longer.
-
- Joomla! Fledgling
- Posts: 2
- Joined: Thu Apr 14, 2011 3:01 pm
Re: Joomdonation.com hacked - all details out
I just received the same mail. Using edocman on one site..
I'll uninstall edocman for now, but I'm not completely convinced he's telling the truth: Could also be a scam.. It's no problem to find my real name name on the internet, when you have the email address, this mail was sent to..
The mail itself has two external tracking images. One from acymailing leading to a site called "pascaljarry2.freesite.host" - I guess this is, where he sent his mail from. And one from mandrillapp.com..
I'ld love to hear from others what they think about all that...
I'll uninstall edocman for now, but I'm not completely convinced he's telling the truth: Could also be a scam.. It's no problem to find my real name name on the internet, when you have the email address, this mail was sent to..
The mail itself has two external tracking images. One from acymailing leading to a site called "pascaljarry2.freesite.host" - I guess this is, where he sent his mail from. And one from mandrillapp.com..
I'ld love to hear from others what they think about all that...
- brian
- Joomla! Master
- Posts: 12813
- Joined: Fri Aug 12, 2005 7:19 am
- Location: Leeds, UK
- Contact:
Re: Joomdonation.com hacked - all details out
Happy to do a free audit of the extension you have
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
-
- Joomla! Fledgling
- Posts: 1
- Joined: Wed Nov 26, 2014 1:32 pm
Re: Joomdonation.com hacked - all details out
Hi,
Me too but I never use a plugin from Joomdonation.com.
It's a Hoax?
Me too but I never use a plugin from Joomdonation.com.
It's a Hoax?
-
- Joomla! Apprentice
- Posts: 22
- Joined: Sat May 23, 2009 4:21 am
- Location: Perth, Australia
- Contact:
Re: Joomdonation.com hacked - all details out
Post from Tuan Pham Ngoc over at JoomDonation.com
Hi All
I believe this is not security issues in our components/extensions. Someone hacked our server (we are using bluehost VPS server for hosting our website) somehow and uses the email systems to send this spam emails to all of you.
They want to destroy our business (and they mentioned India somehow in the email). Just the quick update from us, we will provide more information when we found something !
We are really sorry for this trouble
Hi All
I believe this is not security issues in our components/extensions. Someone hacked our server (we are using bluehost VPS server for hosting our website) somehow and uses the email systems to send this spam emails to all of you.
They want to destroy our business (and they mentioned India somehow in the email). Just the quick update from us, we will provide more information when we found something !
We are really sorry for this trouble
Regards,
Moby
Moby
-
- Joomla! Fledgling
- Posts: 1
- Joined: Wed Apr 09, 2014 9:30 am
Re: Joomdonation.com hacked - all details out
The really sad thing and thing that makes me angry . I do use Joomdonation and its for our charity.
just got the email
So this person has no ethics as he has attacked a component used by Charities to help vulnerable people often who don't have funds to pay for mega protected sites just trying to exist at a low cost to help people .
Makes me sick to the core .
just got the email
So this person has no ethics as he has attacked a component used by Charities to help vulnerable people often who don't have funds to pay for mega protected sites just trying to exist at a low cost to help people .
Makes me sick to the core .
- brianpeat
- Joomla! Apprentice
- Posts: 27
- Joined: Tue Jul 10, 2007 3:04 pm
- Location: Hendersonville, TN, USA
- Contact:
Re: Joomdonation.com hacked - all details out
I got this same email. I suspect if he's not bluffing that it's related to this coming out in the last few days:
https://foxitsecurity.files.wordpress.c ... srt-v4.pdf
I'm digging through the joomdonation extension now to see if I can spot anything nasty, but this isn't my field, so I have no idea if I'll find anything.
https://foxitsecurity.files.wordpress.c ... srt-v4.pdf
I'm digging through the joomdonation extension now to see if I can spot anything nasty, but this isn't my field, so I have no idea if I'll find anything.
- CelticWebs
- Joomla! Apprentice
- Posts: 10
- Joined: Sat May 28, 2011 9:16 am
- Location: Nr Cardiff South Wales UK
- Contact:
Re: Joomdonation.com hacked - all details out
I too just received the email, I have a web hosting and development business so it's quite possible some of my customers do in deed have components from joomdonation.com lets hope it's a hoax aimed at damaging their business rather than reality that is going to effect many websites in a few days!
-
- Joomla! Apprentice
- Posts: 29
- Joined: Wed May 01, 2013 6:56 am
Re: Joomdonation.com hacked - all details out
Received this to. Have event booking installed. Hope the devloper can confirm it is hoax, or at least distribute files to remove hack
-
- Joomla! Apprentice
- Posts: 8
- Joined: Wed May 04, 2011 5:15 pm
Re: Joomdonation.com hacked - all details out
And when I try and login to the JoomDonation website, its down for maintenance ![Sad :(](./images/smilies/icon_sad.gif)
Pretty sure I don't use any of these components across all of the sites I have built
![Sad :(](./images/smilies/icon_sad.gif)
Pretty sure I don't use any of these components across all of the sites I have built
-
- Joomla! Apprentice
- Posts: 6
- Joined: Sun Mar 20, 2011 1:24 pm
Re: Joomdonation.com hacked - all details out
I'm glad I found this thread.
I have Event Booking on one of my client's site. It is a first to me that a hacker announced his intentions before acting.
I have Event Booking on one of my client's site. It is a first to me that a hacker announced his intentions before acting.
- lancert
- Joomla! Enthusiast
- Posts: 133
- Joined: Thu Sep 01, 2005 8:18 pm
- Location: Des Moines, Iowa
- Contact:
Re: Joomdonation.com hacked - all details out
I too received this email and found this thread. I uninstalled Event Booking for the time being (I love the extension, just wasn't currently using it), just to be safe.
Please keep us all posted as to what is found out about this. I don't think we can ever take security too seriously.
Thanks everyone for your work on this.
Please keep us all posted as to what is found out about this. I don't think we can ever take security too seriously.
Thanks everyone for your work on this.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Sun Dec 14, 2008 4:14 pm
Re: Joomdonation.com hacked - all details out
I got it too.
I maintain 6 sites for nonprofits, and just purchased Edocman last night. I recieved the email at around 9:45AM in the USA.
Any suggestions would be greatly appreciated,
Dale
I maintain 6 sites for nonprofits, and just purchased Edocman last night. I recieved the email at around 9:45AM in the USA.
Any suggestions would be greatly appreciated,
Dale
- xbonize
- Joomla! Apprentice
- Posts: 10
- Joined: Tue Feb 28, 2012 3:04 pm
Re: Joomdonation.com hacked - all details out
I think JoomDonation server was hacked not our websites. Maybe attacker have our details from JoomDonation database?
You do not have the required permissions to view the files attached to this post.
- brianpeat
- Joomla! Apprentice
- Posts: 27
- Joined: Tue Jul 10, 2007 3:04 pm
- Location: Hendersonville, TN, USA
- Contact:
Re: Joomdonation.com hacked - all details out
Payment details? This really makes me mad.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Sun Dec 14, 2008 4:14 pm
Re: Joomdonation.com hacked - all details out
xbonize wrote:I think JoomDonation server was hacked not our websites. Maybe attacker have our details from JoomDonation database?
Should that be the case, might I suggest that anyone who has set up temp accounts with Joomdonation in regard to Joomla site access and/or FTP access in order to facilitate any tech support by Joomdonation, that they delete those user names/accounts.
- sapromo
- Joomla! Explorer
- Posts: 403
- Joined: Thu Sep 07, 2006 5:46 pm
- Contact:
Re: Joomdonation.com hacked - all details out
Same thing here, anybody who also got it or want to help PLEASE PLEASE go to @joomleaks on twitter and report it as sharing private information. They have already posted links where you can download the first 1000 peoples email addresses and the second posts their financial / payment details and they are going through the entire database. IF you can PLEASE go to the twitter page and REPORT it... they won't know you did it but the more people who report that account the faster Twitter will react.
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"
- brianpeat
- Joomla! Apprentice
- Posts: 27
- Joined: Tue Jul 10, 2007 3:04 pm
- Location: Hendersonville, TN, USA
- Contact:
Re: Joomdonation.com hacked - all details out
Yep, I just did that too. Not that it'll stop him.
- maxelcat
- Joomla! Explorer
- Posts: 391
- Joined: Fri Jul 18, 2008 9:25 am
- Location: London
- Contact:
Re: Joomdonation.com hacked - all details out
I have had this too. As far as I know I don't use any of their extensions, but I guess I must have registered with them at some point when I was looking into plugins etc
Kinda scary though - never had an email like that before. I suspect its bluff though - do hackers normally give warnings???
Feel very sorry for the company.
Hope someone can put us all at rest!
Kinda scary though - never had an email like that before. I suspect its bluff though - do hackers normally give warnings???
Feel very sorry for the company.
Hope someone can put us all at rest!
Blog and web http://www.ee-web.co.uk/blog - lots of joomla tips!
Twitter https://twitter.com/#!/maxelcat
Twitter https://twitter.com/#!/maxelcat
-
- Joomla! Explorer
- Posts: 358
- Joined: Sat Jan 07, 2006 6:51 pm
- Location: /home/radek
- Contact:
Re: Joomdonation.com hacked - all details out
People: there is an easy solution to find out what's going on. Brian Teeman proposed help if someone would provide the data to him. Please do it.
The explanation of JoomDonation's people is unfortunately very clumsy.
Regards,
Radek
The explanation of JoomDonation's people is unfortunately very clumsy.
Regards,
Radek
Events Team Leader | JET Team Member | Joomla! Social Media Team Member | JED Team Member
SobiPro Developer.
Twitter | Facebook | Google+ | : http://radek.sigsiu.net
Blog: http://radeks.coffee
SobiPro Developer.
Twitter | Facebook | Google+ | : http://radek.sigsiu.net
Blog: http://radeks.coffee
-
- Joomla! Fledgling
- Posts: 2
- Joined: Wed Nov 26, 2014 3:26 pm
Re: Joomdonation.com hacked - all details out
I'm pretty sure that Joomdonation payments were all handled by PayPal, and so therefore wouldn't have been held on the Joomdonation server? Can anyone from Joomnation confirm this?
When I brought a plugin last year, payment went to a company called Dang Dam or something.
When I brought a plugin last year, payment went to a company called Dang Dam or something.
- maxelcat
- Joomla! Explorer
- Posts: 391
- Joined: Fri Jul 18, 2008 9:25 am
- Location: London
- Contact:
Re: Joomdonation.com hacked - all details out
i reported him for spam, but how do you report him for leaking private information?
Blog and web http://www.ee-web.co.uk/blog - lots of joomla tips!
Twitter https://twitter.com/#!/maxelcat
Twitter https://twitter.com/#!/maxelcat
- numinousmedia
- Joomla! Ace
- Posts: 1567
- Joined: Fri Dec 16, 2011 6:13 pm
- Location: Barberton, OH
- Contact:
Re: Joomdonation.com hacked - all details out
It's a sub-point under "Abuse" on Twitter.
Ryan
Frontend Developer and Joomla Professional
Ethode Website Development: http://www.ethode.com
Personal Site: http://www.numinousmedia.com
Frontend Developer and Joomla Professional
Ethode Website Development: http://www.ethode.com
Personal Site: http://www.numinousmedia.com
- sapromo
- Joomla! Explorer
- Posts: 403
- Joined: Thu Sep 07, 2006 5:46 pm
- Contact:
Re: Joomdonation.com hacked - all details out
It could be that they only got in now, I cannot see IMHO that a hacker will wait around that long to claim his glory. Payments done via PayPal but then again you don't want to share your PayPal payments email I have had that problem before.
How would we even start checking. I have 8 clients with anything from pmform to event booking components with payment processors. I can provide someone with downloaded copies and they can check.
@Brian, how do I get this to you?
How would we even start checking. I have 8 clients with anything from pmform to event booking components with payment processors. I can provide someone with downloaded copies and they can check.
@Brian, how do I get this to you?
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"
-
- Joomla! Fledgling
- Posts: 2
- Joined: Wed Nov 26, 2014 3:26 pm
Re: Joomdonation.com hacked - all details out
Thanks Brianbrian wrote:Happy to do a free audit of the extension you have
I have the Interspire Email plugin. How can I get it to you?
-
- Joomla! Fledgling
- Posts: 2
- Joined: Wed Nov 26, 2014 3:36 pm
Re: Joomdonation.com hacked - all details out
Yeh,
Got the same email, but curiously it came to my personal Paypal accounts' attached email that I used when paying for JoomDonation when setting up a donation system for a not-for-profit website.
Got the same email, but curiously it came to my personal Paypal accounts' attached email that I used when paying for JoomDonation when setting up a donation system for a not-for-profit website.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Sun Dec 14, 2008 4:14 pm
Re: Joomdonation.com hacked - all details out
I have the edocman zip that I DL'd last night, just let me know how to get it too you. It is the paid version, but apparently the demo version would have been hit as well?
Contact me and let me know.
Contact me and let me know.
-
- Joomla! Fledgling
- Posts: 3
- Joined: Wed Nov 26, 2014 3:26 pm
Re: Joomdonation.com hacked - all details out
Hey i agree with Radek. As a security consultant myself and having just received this email...i had to post something on here so I registered just for this thread. I have several joomla sites and fortunately only a couple use JoomDonation modules, however the threat could still exist for any Joomla site potentially. Its definitely not the end of the world if they have your name and email...most email systems these days like google and microsoft and yahoo, etc have great spam filters...and if you paid with paypal theres not a huge threat either...most people could guess that any email account has paypal...but good luck attacking paypal, watch what theyll do to you and your IP address if you do. My major concerns would be that they are able to in fact circumvent your own joomla sites to breach and get access, and also if there was any credit card info stored by people not using paypal. Clearly the JoomDonation developer is lying about it just being some email exploit via SMTP on his server...if that was the case, then when you go to JoomDonation.com you wouldnt see that the entire site was put into offline mode with a supposed message from the hacker (that i highly doubt JoomDonation would have humorously posted themselves). The message on the website temporarily went (before the site owner obviously corrected it), "Joomla Extensions by Joomdonation. This site has been HACKED. Don’t you believe? Follow me on twitter.com/joomleaks".
As for me, im going to taunt the loser who "hacked" the site (probably just some lame exploit a kid found) and see if he shows his cards...I have credit monitoring and dont care if he posts my email. Worst case he tries to attack my Joomla sites and Ill get back to all of you what, if anything happens and where he tried to get in from. Firewalls arent n00b tools, so this "hacker" is simply an idiot.
As for all you, Id watch my bank and credit card statements in case you may have paid for anything in the past with JoomDonations outside of using paypal...and Id most definitely backup every single Joomla site that you manage right now, just in case...a backup never hurt anybody. It also wouldnt hurt for you to find a free website uptime monitor online (just google it) which would send you an email if your site goes down or if the home page is severely modified.
Good luck to all of you and happy holidays.
As for me, im going to taunt the loser who "hacked" the site (probably just some lame exploit a kid found) and see if he shows his cards...I have credit monitoring and dont care if he posts my email. Worst case he tries to attack my Joomla sites and Ill get back to all of you what, if anything happens and where he tried to get in from. Firewalls arent n00b tools, so this "hacker" is simply an idiot.
As for all you, Id watch my bank and credit card statements in case you may have paid for anything in the past with JoomDonations outside of using paypal...and Id most definitely backup every single Joomla site that you manage right now, just in case...a backup never hurt anybody. It also wouldnt hurt for you to find a free website uptime monitor online (just google it) which would send you an email if your site goes down or if the home page is severely modified.
Good luck to all of you and happy holidays.
- sapromo
- Joomla! Explorer
- Posts: 403
- Joined: Thu Sep 07, 2006 5:46 pm
- Contact:
Re: Joomdonation.com hacked - all details out
Agree, the biggest concern is him being able to get into sites via the components/plugins/modules.
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"
Advertisement