Help with security issues. Please see code

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
bvrettski
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 197
Joined: Mon Jan 15, 2007 3:15 pm
Location: Utah
Contact:

Help with security issues. Please see code

Post by bvrettski » Sun Feb 17, 2008 7:40 pm

I have been experiencing a number of attacks and hacks on my joomla sites. I have been trying to follow security guidelines here and implement them as best I can. One thing I have done is to watch my logs to see who is visiting. I found a number (7) of the following yesterday all from different host numbers. They all happened seconds apart:

Host: [RussW: Removed, irrelevant to discussion or resolution]

//administrator/components/com_securityimages/lang.php?mosConfig_absolute_path=[RussW: Removed, irrelevant to discussion or resolution] ?
Http Code: 403 Date: Feb 17 06:49:44 Http Version: HTTP/1.1 Size in Bytes: 581
Referer: -
Agent: libwww-perl/5.803

When I went to http://[RussW: Removed, irrelevant to discussion or resolution] ? I found the following script.

[RussW: References to Exploit, Country, Names or Detail have been removed, these are irrelevant to the discussion and offer nothing to assist with issue resolution.]

Can someone tell me what this is trying to do?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14809
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Help with security issues. Please see code

Post by mandville » Tue Feb 19, 2008 2:44 am

its scanning your site for vulnerabilities

http://cyberphob1a.wordpress.com/2008/0 ... -networks/
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
bvrettski
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 197
Joined: Mon Jan 15, 2007 3:15 pm
Location: Utah
Contact:

Re: Help with security issues. Please see code

Post by bvrettski » Tue Feb 19, 2008 3:45 am

Thanks..that was my suspicion. How do I report and fight against this sort of thing?

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14809
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Help with security issues. Please see code

Post by mandville » Tue Feb 19, 2008 4:02 am

report it to the host or domain registrar, enable the htaccess and read the security faq
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

Geoff
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3193
Joined: Sun Apr 16, 2006 12:20 am
Location: 127.0.0.1

Re: Help with security issues. Please see code

Post by Geoff » Thu Feb 21, 2008 11:01 pm

Backup, backup, backup!
The "Master" .htacess file by Nicholas http://snipt.net/nikosdion/the-master-htaccess

User avatar
bvrettski
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 197
Joined: Mon Jan 15, 2007 3:15 pm
Location: Utah
Contact:

Re: Help with security issues. Please see code

Post by bvrettski » Thu Feb 21, 2008 11:10 pm

I'm well aware of the security FAQ but thanks. Its a bit overwhelming trying to understand the ins and out of security so when I post its usually becasue I'm looking for something more specific, that i haven't been able to find.

In this case understanding the code I posted above and what sort of attack this might be, if it was an attack. So the security FAQ wasnt much help.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Help with security issues. Please see code

Post by RussW » Tue Feb 26, 2008 5:33 am

@bvrettski

I believe that if you spend time working through the Security FAQ's, Stickies and the many many posts with similar if not the same information you will find that your questions are answered in great detail, also as a learning experience you will start to develop a better understanding of the requirements of running a secure site and learn more regarding what the attempted exploit was doing. Some PHP experience will assist you greatly also.

We do understand the FAQ's are large and contain a lot of information, of which is very new to many folks, but working through the FAQ's one by one and point by point, rather than trying to attack the complete document in one session will ease the learning process and provide for a better overall understanding of security techniques and measures.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/


Locked

Return to “Security in Joomla! 1.5”