I have had my site suspended due to security issue

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

I have had my site suspended due to security issue

Post by fcoulter » Sat Dec 01, 2007 2:38 pm

Hi, my hosting company have suspended scripting on my site due a security problem with Joomla 1.5. I will repeat the message I received from them:-

Your site was disabled as it was found to be running a daemon, this appears to have been injected into your site using a security hole in one of your sites scripts. A couple of lines from the server logs that show how this was done are below. You will need to contact the scripts providers for assistance with securing them against this form of attack.

[EDIT MOD: details of hacking deleted. Forwarded to devs for checking]


This was a demo site that I was using for your template contest. I can't help wondering if this was deliberate sabotage.
Last edited by infograf768 on Sat Dec 01, 2007 2:54 pm, edited 1 time in total.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18886
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: I have had my site suspended due to security issue

Post by infograf768 » Sat Dec 01, 2007 2:56 pm

Please do not post details of hacks.
I forward this to devs to have a look.
What was exactly the SVN version used?
Jean-Marie Simonet / infograf · http://www.info-graf.fr
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: I have had my site suspended due to security issue

Post by fcoulter » Sat Dec 01, 2007 3:23 pm

The version was

1.5.0 Beta 2 Released [04-May-2007]

Sorry about posting the details of the hack - the trouble is that you don't seem to provide anywhere non-public to post these, and I wanted to make you aware of the problem as soon as possible, as it has caused major problems for my site and potentially could for others too I would guess.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18886
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: I have had my site suspended due to security issue

Post by infograf768 » Sat Dec 01, 2007 3:39 pm

It is a well know fact that vulnerabilities in beta2 have been solved in later releases and this was made VERY CLEAR in the 3 following RC announcements.
Sorry you have been hacked, but you, as a coder, should have followed with more attention 1.5 development status.

If you have some security issues with further releases, please pm to moderator with details.

You may overwrite your beta2 files with latest nightly build. Look at the upgrading board. There are some sql diff to run with phpmyadmin.
Jean-Marie Simonet / infograf · http://www.info-graf.fr
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 18886
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: I have had my site suspended due to security issue

Post by infograf768 » Sat Dec 01, 2007 3:46 pm

Moving to 1,5 security board
Jean-Marie Simonet / infograf · http://www.info-graf.fr
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: I have had my site suspended due to security issue

Post by fcoulter » Sun Dec 02, 2007 11:09 am

OK thanks,

pardon me for being a bit pissed off that I went to the trouble of producing a free Joomla template and someone used that as an opportunity to trash my site - sadly there seem to be some very unpleasant people on the internet these days. However I don't think any long term damage has been caused. You are right that I should have been more careful, I suppose I didn't think that that anyone would bother hacking a purely demonstration site. I can't really see the point myself, other than pure vandalism.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"


Locked

Return to “Security in Joomla! 1.5”