Joomdonation.com hacked - all details out

Relax and enjoy The Lounge. For all Non-Joomla! topics or ones that don't fit anywhere else. Normal forum rules apply.
Moby58
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat May 23, 2009 4:21 am
Location: Perth, Australia
Contact:

Joomdonation.com hacked - all details out

Post by Moby58 » Wed Nov 26, 2014 1:14 pm

Hi guys, received following email (as well as a lot of others I suppose).

I am using Event Booking.

Any ideas??
============================================

Hello Alan Stuart

How the hell are you? No need to ask, I’m fine!

I’m the one who has hacked all of your sites, emails, accounts etc. that has been using JoomDonation.com site/components. Scaring? Hell Yea :-)

About 15 months ago, I was able to penetrate into several Joomla sites. One of these luckies was JoomDonation.com After a while I realised that their crappy components were used by other Joomla developers too so I injected my shells into JoomDonation.com components. As per result, I’ve a list of 300000+ Joomla users+emails and you’re just one of them, lucky thing :-)

Don’t you believe? Follow me on twitter.com/joomleaks or #joomleaks hashtag and you’ll see the database of JoomDonation.com as a beginning.

Yea Yea I know you all have scanners, firewalls, admin tools etc installed on your server/site but you what? F*ck em all. They’re just noob tools. Think about, I’ve injected my own shells into 10000+ Joomla sites and none of you or your magic tools have been awared of.

WARNING: You have 5 days to clean up your sites then my bot will start putting your sites down. If your site was not so valuable for me, removing the components would be enough. If so, then I will most probably blackmail you soon :-)

Want an advice from a hacker? Don’t use any script from Thailand/Vietnam developers, their code is so crappy :-) Try Indian quality.

This email was sent to all JoomDonation.com users. We’ll meet again if you have accounts registered to other Joomla developers :-)

This was my thanksgiving gift, keep yourself safe ;-)

JnLiau
Regards,

Moby

User avatar
sgagner
Joomla! Ace
Joomla! Ace
Posts: 1248
Joined: Wed Sep 27, 2006 8:40 pm
Location: Norrköping, Sweden
Contact:

Re: Joomdonation.com hacked - all details out

Post by sgagner » Wed Nov 26, 2014 1:33 pm

I have got the same message too
But I don't use any extensions from JoomDonation
Stefan Gagner, Web8 Universal - http://www.mei-ya.se
Coordinator of Swedish Joomla Translator group.
We make the impossible while you wait. Wonders may take a little longer.

stimpy23
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Thu Apr 14, 2011 3:01 pm

Re: Joomdonation.com hacked - all details out

Post by stimpy23 » Wed Nov 26, 2014 1:43 pm

I just received the same mail. Using edocman on one site..
I'll uninstall edocman for now, but I'm not completely convinced he's telling the truth: Could also be a scam.. It's no problem to find my real name name on the internet, when you have the email address, this mail was sent to..

The mail itself has two external tracking images. One from acymailing leading to a site called "pascaljarry2.freesite.host" - I guess this is, where he sent his mail from. And one from mandrillapp.com..

I'ld love to hear from others what they think about all that...

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11828
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomdonation.com hacked - all details out

Post by brian » Wed Nov 26, 2014 1:46 pm

Happy to do a free audit of the extension you have
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

guillaumepdm
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Nov 26, 2014 1:32 pm

Re: Joomdonation.com hacked - all details out

Post by guillaumepdm » Wed Nov 26, 2014 1:47 pm

Hi,
Me too but I never use a plugin from Joomdonation.com.
It's a Hoax?

Moby58
Joomla! Apprentice
Joomla! Apprentice
Posts: 22
Joined: Sat May 23, 2009 4:21 am
Location: Perth, Australia
Contact:

Re: Joomdonation.com hacked - all details out

Post by Moby58 » Wed Nov 26, 2014 1:49 pm

Post from Tuan Pham Ngoc over at JoomDonation.com

Hi All

I believe this is not security issues in our components/extensions. Someone hacked our server (we are using bluehost VPS server for hosting our website) somehow and uses the email systems to send this spam emails to all of you.

They want to destroy our business (and they mentioned India somehow in the email). Just the quick update from us, we will provide more information when we found something !

We are really sorry for this trouble
Regards,

Moby

neilcw303
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Wed Apr 09, 2014 9:30 am

Re: Joomdonation.com hacked - all details out

Post by neilcw303 » Wed Nov 26, 2014 2:03 pm

The really sad thing and thing that makes me angry . I do use Joomdonation and its for our charity.

just got the email

So this person has no ethics as he has attacked a component used by Charities to help vulnerable people often who don't have funds to pay for mega protected sites just trying to exist at a low cost to help people .

Makes me sick to the core .

User avatar
brianpeat
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Tue Jul 10, 2007 3:04 pm
Location: Hendersonville, TN, USA
Contact:

Re: Joomdonation.com hacked - all details out

Post by brianpeat » Wed Nov 26, 2014 2:47 pm

I got this same email. I suspect if he's not bluffing that it's related to this coming out in the last few days:

https://foxitsecurity.files.wordpress.c ... srt-v4.pdf

I'm digging through the joomdonation extension now to see if I can spot anything nasty, but this isn't my field, so I have no idea if I'll find anything.
Brian Peat,
Owner, Peat Creative
https://peatcreative.com

User avatar
CelticWebs
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Sat May 28, 2011 9:16 am
Location: Nr Cardiff South Wales UK
Contact:

Re: Joomdonation.com hacked - all details out

Post by CelticWebs » Wed Nov 26, 2014 2:50 pm

I too just received the email, I have a web hosting and development business so it's quite possible some of my customers do in deed have components from joomdonation.com lets hope it's a hoax aimed at damaging their business rather than reality that is going to effect many websites in a few days!

Corrall
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Wed May 01, 2013 6:56 am

Re: Joomdonation.com hacked - all details out

Post by Corrall » Wed Nov 26, 2014 3:02 pm

Received this to. Have event booking installed. Hope the devloper can confirm it is hoax, or at least distribute files to remove hack

digitalsoda
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Wed May 04, 2011 5:15 pm

Re: Joomdonation.com hacked - all details out

Post by digitalsoda » Wed Nov 26, 2014 3:05 pm

And when I try and login to the JoomDonation website, its down for maintenance :(

Pretty sure I don't use any of these components across all of the sites I have built

blackvx
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Sun Mar 20, 2011 1:24 pm

Re: Joomdonation.com hacked - all details out

Post by blackvx » Wed Nov 26, 2014 3:09 pm

I'm glad I found this thread.
I have Event Booking on one of my client's site. It is a first to me that a hacker announced his intentions before acting.

User avatar
lancert
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 133
Joined: Thu Sep 01, 2005 8:18 pm
Location: Des Moines, Iowa
Contact:

Re: Joomdonation.com hacked - all details out

Post by lancert » Wed Nov 26, 2014 3:10 pm

I too received this email and found this thread. I uninstalled Event Booking for the time being (I love the extension, just wasn't currently using it), just to be safe.

Please keep us all posted as to what is found out about this. I don't think we can ever take security too seriously.

Thanks everyone for your work on this.
Lance Thompson
Business Growth Strategist
Idea Rocket Labs Marketing
http://www.IdeaRocketLabs.com

DaleRG
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Sun Dec 14, 2008 4:14 pm

Re: Joomdonation.com hacked - all details out

Post by DaleRG » Wed Nov 26, 2014 3:12 pm

I got it too.

I maintain 6 sites for nonprofits, and just purchased Edocman last night. I recieved the email at around 9:45AM in the USA.

Any suggestions would be greatly appreciated,

Dale

User avatar
xbonize
Joomla! Apprentice
Joomla! Apprentice
Posts: 10
Joined: Tue Feb 28, 2012 3:04 pm

Re: Joomdonation.com hacked - all details out

Post by xbonize » Wed Nov 26, 2014 3:16 pm

I think JoomDonation server was hacked not our websites. Maybe attacker have our details from JoomDonation database?
You do not have the required permissions to view the files attached to this post.

User avatar
brianpeat
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Tue Jul 10, 2007 3:04 pm
Location: Hendersonville, TN, USA
Contact:

Re: Joomdonation.com hacked - all details out

Post by brianpeat » Wed Nov 26, 2014 3:18 pm

Payment details? This really makes me mad.
Brian Peat,
Owner, Peat Creative
https://peatcreative.com

DaleRG
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Sun Dec 14, 2008 4:14 pm

Re: Joomdonation.com hacked - all details out

Post by DaleRG » Wed Nov 26, 2014 3:21 pm

xbonize wrote:I think JoomDonation server was hacked not our websites. Maybe attacker have our details from JoomDonation database?

Should that be the case, might I suggest that anyone who has set up temp accounts with Joomdonation in regard to Joomla site access and/or FTP access in order to facilitate any tech support by Joomdonation, that they delete those user names/accounts.

User avatar
sapromo
Joomla! Explorer
Joomla! Explorer
Posts: 403
Joined: Thu Sep 07, 2006 5:46 pm
Contact:

Re: Joomdonation.com hacked - all details out

Post by sapromo » Wed Nov 26, 2014 3:26 pm

Same thing here, anybody who also got it or want to help PLEASE PLEASE go to @joomleaks on twitter and report it as sharing private information. They have already posted links where you can download the first 1000 peoples email addresses and the second posts their financial / payment details and they are going through the entire database. IF you can PLEASE go to the twitter page and REPORT it... they won't know you did it but the more people who report that account the faster Twitter will react.
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"

User avatar
brianpeat
Joomla! Apprentice
Joomla! Apprentice
Posts: 27
Joined: Tue Jul 10, 2007 3:04 pm
Location: Hendersonville, TN, USA
Contact:

Re: Joomdonation.com hacked - all details out

Post by brianpeat » Wed Nov 26, 2014 3:27 pm

Yep, I just did that too. Not that it'll stop him.
Brian Peat,
Owner, Peat Creative
https://peatcreative.com

User avatar
maxelcat
Joomla! Explorer
Joomla! Explorer
Posts: 391
Joined: Fri Jul 18, 2008 9:25 am
Location: London
Contact:

Re: Joomdonation.com hacked - all details out

Post by maxelcat » Wed Nov 26, 2014 3:29 pm

I have had this too. As far as I know I don't use any of their extensions, but I guess I must have registered with them at some point when I was looking into plugins etc

Kinda scary though - never had an email like that before. I suspect its bluff though - do hackers normally give warnings???

Feel very sorry for the company.

Hope someone can put us all at rest!
Blog and web http://www.ee-web.co.uk/blog - lots of joomla tips!
Twitter https://twitter.com/#!/maxelcat

Radek Suski
Joomla! Explorer
Joomla! Explorer
Posts: 358
Joined: Sat Jan 07, 2006 6:51 pm
Location: /home/radek
Contact:

Re: Joomdonation.com hacked - all details out

Post by Radek Suski » Wed Nov 26, 2014 3:31 pm

People: there is an easy solution to find out what's going on. Brian Teeman proposed help if someone would provide the data to him. Please do it.

The explanation of JoomDonation's people is unfortunately very clumsy.

Regards,
Radek
Events Team Leader | JET Team Member | Joomla! Social Media Team Member | JED Team Member
SobiPro Developer.
Twitter | Facebook | Google+ | : http://radek.sigsiu.net
Blog: http://radeks.coffee

dan dares
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Nov 26, 2014 3:26 pm

Re: Joomdonation.com hacked - all details out

Post by dan dares » Wed Nov 26, 2014 3:33 pm

I'm pretty sure that Joomdonation payments were all handled by PayPal, and so therefore wouldn't have been held on the Joomdonation server? Can anyone from Joomnation confirm this?

When I brought a plugin last year, payment went to a company called Dang Dam or something.

User avatar
maxelcat
Joomla! Explorer
Joomla! Explorer
Posts: 391
Joined: Fri Jul 18, 2008 9:25 am
Location: London
Contact:

Re: Joomdonation.com hacked - all details out

Post by maxelcat » Wed Nov 26, 2014 3:37 pm

i reported him for spam, but how do you report him for leaking private information?
Blog and web http://www.ee-web.co.uk/blog - lots of joomla tips!
Twitter https://twitter.com/#!/maxelcat

User avatar
numinousmedia
Joomla! Ace
Joomla! Ace
Posts: 1558
Joined: Fri Dec 16, 2011 6:13 pm
Location: Millersburg, OH
Contact:

Re: Joomdonation.com hacked - all details out

Post by numinousmedia » Wed Nov 26, 2014 3:38 pm

It's a sub-point under "Abuse" on Twitter.
Ryan
Frontend Developer and Joomla Professional
Ethode Website Development: http://www.ethode.com
Personal Site: http://www.numinousmedia.com

User avatar
sapromo
Joomla! Explorer
Joomla! Explorer
Posts: 403
Joined: Thu Sep 07, 2006 5:46 pm
Contact:

Re: Joomdonation.com hacked - all details out

Post by sapromo » Wed Nov 26, 2014 3:39 pm

It could be that they only got in now, I cannot see IMHO that a hacker will wait around that long to claim his glory. Payments done via PayPal but then again you don't want to share your PayPal payments email I have had that problem before.

How would we even start checking. I have 8 clients with anything from pmform to event booking components with payment processors. I can provide someone with downloaded copies and they can check.

@Brian, how do I get this to you?
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"

dan dares
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Nov 26, 2014 3:26 pm

Re: Joomdonation.com hacked - all details out

Post by dan dares » Wed Nov 26, 2014 3:42 pm

brian wrote:Happy to do a free audit of the extension you have
Thanks Brian

I have the Interspire Email plugin. How can I get it to you?

3DBob
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Nov 26, 2014 3:36 pm

Re: Joomdonation.com hacked - all details out

Post by 3DBob » Wed Nov 26, 2014 3:44 pm

Yeh,

Got the same email, but curiously it came to my personal Paypal accounts' attached email that I used when paying for JoomDonation when setting up a donation system for a not-for-profit website.

DaleRG
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Sun Dec 14, 2008 4:14 pm

Re: Joomdonation.com hacked - all details out

Post by DaleRG » Wed Nov 26, 2014 3:45 pm

I have the edocman zip that I DL'd last night, just let me know how to get it too you. It is the paid version, but apparently the demo version would have been hit as well?

Contact me and let me know.

d32134534
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Nov 26, 2014 3:26 pm

Re: Joomdonation.com hacked - all details out

Post by d32134534 » Wed Nov 26, 2014 3:49 pm

Hey i agree with Radek. As a security consultant myself and having just received this email...i had to post something on here so I registered just for this thread. I have several joomla sites and fortunately only a couple use JoomDonation modules, however the threat could still exist for any Joomla site potentially. Its definitely not the end of the world if they have your name and email...most email systems these days like google and microsoft and yahoo, etc have great spam filters...and if you paid with paypal theres not a huge threat either...most people could guess that any email account has paypal...but good luck attacking paypal, watch what theyll do to you and your IP address if you do. My major concerns would be that they are able to in fact circumvent your own joomla sites to breach and get access, and also if there was any credit card info stored by people not using paypal. Clearly the JoomDonation developer is lying about it just being some email exploit via SMTP on his server...if that was the case, then when you go to JoomDonation.com you wouldnt see that the entire site was put into offline mode with a supposed message from the hacker (that i highly doubt JoomDonation would have humorously posted themselves). The message on the website temporarily went (before the site owner obviously corrected it), "Joomla Extensions by Joomdonation. This site has been HACKED. Don’t you believe? Follow me on twitter.com/joomleaks".

As for me, im going to taunt the loser who "hacked" the site (probably just some lame exploit a kid found) and see if he shows his cards...I have credit monitoring and dont care if he posts my email. Worst case he tries to attack my Joomla sites and Ill get back to all of you what, if anything happens and where he tried to get in from. Firewalls arent n00b tools, so this "hacker" is simply an idiot.

As for all you, Id watch my bank and credit card statements in case you may have paid for anything in the past with JoomDonations outside of using paypal...and Id most definitely backup every single Joomla site that you manage right now, just in case...a backup never hurt anybody. It also wouldnt hurt for you to find a free website uptime monitor online (just google it) which would send you an email if your site goes down or if the home page is severely modified.

Good luck to all of you and happy holidays.

User avatar
sapromo
Joomla! Explorer
Joomla! Explorer
Posts: 403
Joined: Thu Sep 07, 2006 5:46 pm
Contact:

Re: Joomdonation.com hacked - all details out

Post by sapromo » Wed Nov 26, 2014 3:54 pm

Agree, the biggest concern is him being able to get into sites via the components/plugins/modules.
"... Yesterday is History, Tomorrow is a Mystery, Today is a gift, that's why we call it Present"


Locked

Return to “The Lounge”