Advertisement

Known security breach in Joomla 5?

Discussion regarding Joomla! 5.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
MartenJ
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Sat Jun 11, 2011 5:52 am

Known security breach in Joomla 5?

Post by MartenJ » Thu Oct 31, 2024 3:38 pm

Yesterday My host told me that My mail account was suspended since there was a large amount of emails sent from us. And we where able to trace the sender to a script in our jomla 5 site:

/home/s102710/domains/arelavincenter.se/public_html/libraries/vendor/phpmailer/phpmailer/src/PHPMailer.php:881,
A malware scan does not find any malware? is there any known way for spammers to use a jomla site for mass mail?
Forum Post Assistant (v1.6.7) : 31-Oct-2024 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 5.1.4-Stable (Kudumisha) 27-August-2024
Joomla! Configured :: Yes | Read-Only (444) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: false | Cache: true | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: N/A | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 1 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: Public | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 5.1.4: Yes | Database Supports J! 5.1.4: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 4.18.0-372.9.1.1.lve.el8.x86_64 | Technology: x86_64 | Web Server: LiteSpeed | Encoding: gzip, deflate, br, zstd | System TMP Writable: Yes | Free Disk Space : 646.51 GiB |

PHP Configuration :: Version: 8.2.24 | PHP API: litespeed | Session Path Writable: No | Display Errors: 0 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 512M

Database Configuration :: Version: 10.6.19-MariaDB-cll-lve (Client:mysqlnd 8.2.24) | Database Size: 48.61 MiB | #of Tables with config prefix:  204 | #of other Tables:  529 | User Privileges : GRANT ALL
Detailed Environment :: wrote:PHP Extensions :: Core (8.2.24) | date (8.2.24) | libxml (8.2.24) | openssl (8.2.24) | pcre (8.2.24) | sqlite3 (8.2.24) | zlib (8.2.24) | bz2 (8.2.24) | calendar (8.2.24) | ctype (8.2.24) | curl (8.2.24) | hash (8.2.24) | filter (8.2.24) | ftp (8.2.24) | gettext (8.2.24) | json (8.2.24) | iconv (8.2.24) | SPL (8.2.24) | pcntl (8.2.24) | random (8.2.24) | readline (8.2.24) | Reflection (8.2.24) | session (8.2.24) | standard (8.2.24) | mbstring (8.2.24) | shmop (8.2.24) | SimpleXML (8.2.24) | tokenizer (8.2.24) | xml (8.2.24) | litespeed () | i360 (8.2.2) | bcmath (8.2.24) | dom (20031129) | fileinfo (8.2.24) | gd (8.2.24) | igbinary (3.2.15) | intl (8.2.24) | exif (8.2.24) | msgpack (2.2.0) | PDO (8.2.24) | mysqlnd (mysqlnd 8.2.24) | mysqli (8.2.24) | pdo_sqlite (8.2.24) | Phar (8.2.24) | posix (8.2.24) | redis (5.3.7) | soap (8.2.24) | sockets (8.2.24) | sodium (8.2.24) | xmlreader (8.2.24) | xmlwriter (8.2.24) | xsl (8.2.24) | zip (1.21.1) | Zend OPcache (8.2.24) | Zend Engine (4.2.24) |
Potential Missing Extensions :: pdo_mysql |
Disabled Functions :: exec | system | passthru | shell_exec | escapeshellarg | escapeshellcmd | proc_close | dl | popen | show_source | posix_kill | posix_mkfifo | posix_getpwuid | posix_setpgid | posix_setsid | posix_setuid | posix_setgid | posix_seteuid | posix_setegid | posix_uname |

Switch User Environment :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (---) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) | api/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 1855917 | Threads: 267 | Questions: 5367086291 | Slow queries: 28512 | Opens: 8357972 | Open tables: 32000 | Queries per second avg: 2891.878 |
Extensions Discovered :: wrote:Components :: Site ::
Core ::
3rd Party:: os_authnet (5.0.1) ? | os_eway (5.0.1) ? | os_offline (5.0.1) ? | os_paypal (5.0.1) ? | os_worldpay (5.0.1) ? |

Components :: Admin ::
Core :: com_config (4.0.0) 1 | com_checkin (4.0.0) 1 | com_wrapper (4.0.0) 1 | com_newsfeeds (4.0.0) 1 | com_associations (4.0.0) 1 | com_installer (4.0.0) 1 | com_templates (4.0.0) 1 | com_fields (4.0.0) 1 | com_banners (4.0.0) 1 | com_scheduler (4.1.0) 1 | com_plugins (4.0.0) 1 | com_ajax (4.0.0) 1 | com_users (4.0.0) 1 | com_mails (4.0.0) 1 | com_cpanel (4.0.0) 1 | com_postinstall (4.0.0) 1 | com_login (4.0.0) 1 | com_modules (4.0.0) 1 | com_actionlogs (3.9.0) 1 | com_cache (4.0.0) 1 | com_tags (4.0.0) 1 | com_contenthistory (4.0.0) 1 | com_finder (4.0.0) 1 | com_languages (4.0.0) 1 | com_joomlaupdate (4.0.3) 1 | com_redirect (4.0.0) 1 | com_privacy (3.9.0) 1 | com_messages (4.0.0) 1 | com_content (4.0.0) 1 | com_menus (4.0.0) 1 | com_admin (4.0.0) 1 | com_categories (4.0.0) 1 | com_media (3.0.0) 1 | com_workflow (4.0.0) 1 | com_guidedtours (4.3.0) 1 |
3rd Party:: COM_GURU (6.1.3) 1 | Guru Kunena Comments Plugin (1.0) 1 | Payment Processor [PayPal] (1.0.4) 1 | Guru Student Activity (1.0.6) ? | Guru Search Courses (1.0.5) 1 | Guru Courses (4.0.4) 1 | mod_guru_menus (2.0.1) 1 | System - Guru Cron (5.2.5) 1 | plg_user_guru_user_update (1.0.0) ? | iJoomla Teachers Events (1.0.0) ? | PLG_GURUUSERPOINTS_TITLE (4.7.3) ? | com_akeebabackup (9.9.9) 1 | com_admintools (7.6.1) 1 | COM_FFEXPLORER (1.0.6) 1 | com_eventbooking (5.0.1) 1 |

Modules :: Site ::
Core :: mod_breadcrumbs (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_articles_news (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_login (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_articles_popular (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_tags_similar (3.1.0) 1 |
3rd Party:: Guru Courses (4.0.4) 1 | Guru Search Courses (1.0.5) 1 | mod_guru_menus (2.0.1) 1 | Events Booking - Categories Slider (5.0.1) 1 | FavSlider Pro (1.1) 1 | Events Booking - Events By State (5.0.1) 1 | Events Booking - Search Events (5.0.1) 1 | Events Booking - Mini Calendar (5.0.1) 1 | Events Booking - Events By Location (5.0.1) 1 | Events Booking - Map (5.0.1) 1 | Events Booking - Upcoming Events (5.0.1) 1 | Events Booking - Easy View (5.0.1) 1 | Events Booking - Events By City (5.0.1) 1 | Events Booking - Event Categories (5.0.1) 1 | Events Booking - Cart Module (5.0.1) 1 | Events Booking - Advanced Events Sl (5.0.1) ? |

Modules :: Admin ::
Core :: mod_guidedtours (4.3.0) 1 | mod_post_installation_messages (4.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_login (3.0.0) 1 | mod_user (4.0.0) 1 | mod_latest (3.0.0) 1 | mod_title (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_frontend (4.0.0) 1 | mod_privacy_status (4.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_toolbar (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_version (3.0.0) 1 | mod_loginsupport (4.0.0) 1 | mod_menu (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_sampledata (3.8.0) 1 | mod_logged (3.0.0) 1 | mod_messages (4.0.0) 1 | mod_multilangstatus (3.0.0) 1 |
3rd Party:: Events Booking - Latest Registrants (5.0.1) 1 |

Libraries ::
Core ::
3rd Party::

Plugins ::
Core :: plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_actionlog_joomla (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_media-action_crop (4.0.0) 1 | plg_media-action_resize (4.0.0) 1 | plg_media-action_rotate (4.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_workflow_featuring (4.0.0) 1 | plg_workflow_publishing (4.0.0) 1 | plg_workflow_notification (4.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_token (3.9.0) 1 | plg_user_contactcreator (3.0.0) 0 | plg_user_terms (3.9.0) 0 | plg_user_joomla (3.0.0) 1 | plg_webservices_messages (4.0.0) 1 | plg_webservices_banners (4.0.0) 1 | plg_webservices_languages (4.0.0) 1 | plg_webservices_users (4.0.0) 1 | plg_webservices_privacy (4.0.0) 1 | plg_webservices_plugins (4.0.0) 1 | plg_webservices_templates (4.0.0) 1 | plg_webservices_media (4.1.0) 1 | plg_webservices_content (4.0.0) 1 | plg_webservices_tags (4.0.0) 1 | plg_webservices_newsfeeds (4.0.0) 1 | plg_webservices_redirect (4.0.0) 1 | plg_webservices_installer (4.0.0) 1 | plg_webservices_config (4.0.0) 1 | plg_webservices_menus (4.0.0) 1 | plg_webservices_modules (4.0.0) 1 | plg_filesystem_local (4.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_vote (3.0.0) 0 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_task_demo_tasks (4.1) 0 | plg_task_check_files (4.1) 1 | plg_task_site_status (4.1) 1 | plg_task_requests (4.1) 1 | plg_task_rotatelogs (5.0.0) 1 | plg_task_privacyconsent (5.0.0) 1 | plg_task_sessiongc (5.0.0) 1 | plg_task_updatenotification (5.0.0) 1 | plg_task_globalcheckin (5.0.0) 1 | plg_task_deleteactionlogs (5.0.0) 1 | plg_sampledata_multilang (4.0.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_subform (4.0.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_extension_finder (4.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_extension_namespacemap (4.0.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_installer_override (4.0.0) 1 | plg_installer_webinstaller (4.0.0) 1 | plg_installer_folderinstaller (3.6.0) 1 | plg_installer_urlinstaller (3.6.0) 1 | plg_api-authentication_token (4.0.0) 1 | plg_api-authentication_basic (4.0.0) 0 | plg_finder_content (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_system_guidedtours (4.3.0) 1 | plg_system_jooa11y (4.2.0) 1 | plg_system_log (3.0.0) 1 | plg_system_logrotation (3.9.0) 0 | plg_system_cache (3.0.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_sessiongc (3.8.6) 0 | plg_system_task_notification (4.1) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_logout (3.0.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_httpheaders (4.0.0) 1 | plg_system_stats (3.5.0) 0 | plg_system_actionlogs (3.9.0) 1 | plg_system_updatenotification (3.5.0) 0 | plg_system_accessibility (4.0.0) 0 | plg_system_skipto (4.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_fields (3.7.0) 1 | plg_system_schedulerunner (4.1) 1 | plg_system_webauthn (4.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_shortcut (4.2.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_schemaorg (5.0.0) 1 | plg_multifactorauth_fixed (4.2.0) 0 | plg_multifactorauth_totp (3.2.0) 1 | plg_multifactorauth_email (4.2.0) 1 | plg_multifactorauth_yubikey (3.2.0) 1 | plg_multifactorauth_webauthn (4.2.0) 1 | plg_captcha_recaptcha (3.4.0) 0 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_quickicon_eos (4.4.0) 1 | plg_quickicon_overridecheck (4.0.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_downloadkey (4.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_schemaorg_blogposting (5.0.0) 1 | plg_schemaorg_organization (5.0.0) 1 | plg_schemaorg_jobposting (5.0.0) 1 | plg_schemaorg_recipe (5.0.0) 1 | plg_schemaorg_book (5.0.0) 1 | plg_schemaorg_person (5.0.0) 1 | plg_schemaorg_event (5.0.0) 1 | plg_schemaorg_article (5.1.0) 1 | plg_schemaorg_custom (5.1.0) 1 | plg_behaviour_compat (5.0.0) 1 | plg_behaviour_taggable (4.0.0) 1 | plg_behaviour_versionable (4.0.0) 1 |
3rd Party:: Payment Processor [PayPal] (1.0.4) 1 | Search - Events Booking (5.0.1) 0 | Events Booking SMS - Textlocal (5.0.1) 0 | Events Booking SMS - Clockwork (5.0.1) 0 | Events Booking SMS - Clickatell (5.0.1) 0 | Events Booking - Group Member Accou (5.0.1) ? | Events Booking - Auto Event Data (5.0.1) 0 | Events Booking - Checked-in Notific (5.0.1) ? | Events Booking - Auto Group Members (5.0.1) ? | Events Booking - Webhook (5.0.1) 0 | Events Booking - Prevent Overlap Re (5.0.1) ? | Events Booking - Auto Membership (5.0.1) 0 | Events Booking - Zoom App (5.0.1) 0 | Events Booking - Related Events (5.0.1) 0 | Events Booking - Zoom (4.4.5) 0 | Events Booking - Waiting List (5.0.1) 0 | Events Booking - Userprofile (5.0.1) 0 | Events Booking - Ticket Types (5.0.1) 0 | Events Booking - System (DO NOT UNP (5.0.1) ? | Events Booking - Sponsors (5.0.1) 0 | Events Booking - Speakers (5.0.1) 0 | Events Booking - Registrant List (5.0.1) 0 | Events Booking - New Event Notifica (5.0.1) ? | Events Booking - Move Registrants (5.0.1) 0 | Events Booking - Membership Pro (5.0.1) 0 | Events Booking - Map (5.0.1) 1 | Events Booking - Mailchimp (5.0.1) 0 | Events Booking - Joomla Groups (5.0.1) 0 | Events Booking - Joomsocial (5.0.1) 0 | Events Booking - Jcomments (5.0.1) 0 | Events Booking - Google Structured (5.0.1) ? | Events Booking - Gallery (5.0.1) 0 | Events Booking - Fields Assignment (5.0.1) 0 | Events Booking - Fee Fields Generat (5.0.1) ? | Events Booking - Full Event Notific (5.0.1) ? | Events Booking - Failure Payment No (5.0.1) ? | Events Booking - Easysocial (5.0.1) 0 | Events Booking - Easy Profile (5.0.1) 0 | Events Booking - Event Dependencies (5.0.1) 0 | Events Booking - Additional Dates (5.0.1) 0 | Events Booking - Contact Enhanced (5.0.1) 0 | Events Booking - Assign Checked In (5.0.1) ? | Events Booking - CB (5.0.1) 0 | Events Booking - Auto Register (5.0.1) 0 | Events Booking - Auto Coupon Genera (5.0.1) ? | Events Booking - Attachments (5.0.1) 0 | Events Booking - Agendas (5.0.1) 0 | Events Booking - AcyMailing (5.0.1) 0 | EB Registration History (5.0.1) 0 | Button - Individual Registration Fo (5.0.1) ? | Button - Event (5.0.1) 0 | PLG_ACTIONLOG_ADMINTOOLS (7.6.1) 0 | Action Log - Events Booking (5.0.1) 0 | User - Events Booking (5.0.1) 0 | Content - Events Booking Stip Easy (4.9.4) ? | Content - Events Booking Speakers (5.0.1) 0 | Content - Events Booking Content Re (5.0.1) ? | Content - Events Booking Registrati (5.0.1) ? | Content - Events Booking Event (5.0.1) 0 | Content - Events Booking Category (5.0.1) 0 | plg_editors_codemirror (6.0.0) 1 | plg_editors_tinymce (6.8.4) 1 | Installer - Events Booking (5.0.1) 1 | Smart Search - Events Booking (-) 0 | System - Incomplete Payment Registr (5.0.1) ? | PLG_SYSTEM_ADMINTOOLS (7.6.1) 1 | System - Events Booking SMS (5.0.1) 0 | System - Events Booking Reminder (5.0.1) 0 | System - Email Registrants (5.0.1) 0 | System - Events Booking Offline Pay (5.0.1) ? | System - Events Booking Payment Rem (5.0.1) ? | System - Events Booking Clean Email (5.0.1) ? | Guru Kunena Comments Plugin (1.0) 1 | iJoomla Teachers Events (1.0.0) ? | System - Guru Cron (5.2.5) 1 | plg_system_t4 (2.4.2) 1 | Captcha - Aimy Captcha-Less Form Gu (16.0) ? | Captcha CK (1.0.1) 1 | PLG_QUICKICON_AKEEBABACKUP (9.9.9) 1 |
Templates Discovered :: wrote:Templates :: Site :: t4_lavida (4.3) 1 | cassiopeia (1.0) 1 |
Templates :: Admin :: atum (1.0) 1 |
Last edited by toivo on Thu Oct 31, 2024 8:39 pm, edited 2 times in total.
Reason: mod note: disabled smillies, typos in subject

Advertisement
SharkyKZ
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3108
Joined: Fri Jul 05, 2013 10:35 am
Location: Parts Unknown

Re: known security breach in jomla5?

Post by SharkyKZ » Thu Oct 31, 2024 4:02 pm

It's possible to send spam using Contact component when "Send Copy to Submitter" option is enabled.

User avatar
AMurray
Joomla! Master
Joomla! Master
Posts: 10356
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Known security breach in Joomla 5?

Post by AMurray » Thu Oct 31, 2024 9:21 pm

I think that "flaw" has been in Joomla contact form since v1 or even since Mambo days. Are you using a decent anti-spam tool?

Extensions such as Hashcash, Cloudflare Turnstile, HCaptcha. Perhaps if you are using the built in contact form consider a third party one. (of course, they are not 100% foolproof).
Regards - A Murray
General Support Moderator

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44764
Joined: Sat Apr 05, 2008 9:58 pm

Re: Known security breach in Joomla 5?

Post by Webdongle » Thu Oct 31, 2024 9:38 pm

The problem with the contact form is allowing the 'send copy to sender' check box. If you allow 'send copy to sender' then a spammer will fill in many perhaps hundreds of email addresses in the 'From' field. Then Joomla will send a copy of the message to all in the 'From' field.


Session Path Writable: No ... should be yes and may cause other problems in the future.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

MartenJ
Joomla! Apprentice
Joomla! Apprentice
Posts: 33
Joined: Sat Jun 11, 2011 5:52 am

Re: Known security breach in Joomla 5?

Post by MartenJ » Thu Nov 14, 2024 9:52 am

For the Moment, We don´t even have a contactform, I unpublished it to se if that solved the problem. But we ´re still sending A Lot of spam! Do think We´re infected?

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2728
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Known security breach in Joomla 5?

Post by JAVesey » Thu Nov 14, 2024 7:42 pm

MartenJ wrote: Thu Nov 14, 2024 9:52 am For the Moment, We don´t even have a contactform, I unpublished it to se if that solved the problem. But we ´re still sending A Lot of spam! Do think We´re infected?
Take advantage of the mysites.guru free first scan - if you’re hacked then this will find it.
John V
Cardiff, Wales, UK
Joomla 5.2.2 "live" site on PHP 8.3.2 and MariaDB 10.11.10 (with b/c plugin enabled)
Joomla 5.2.2 on MAMP Pro 7.2 with PHP 8.3.14 and MySQL 8.0.40 (with b/c plugin enabled)

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15158
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Known security breach in Joomla 5?

Post by mandville » Sun Nov 17, 2024 9:39 pm

nearly all you 3pd extensions are out of date to.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/

Advertisement

Post Reply

Return to “Security in Joomla! 5.x”