Users password changing bySelf!??

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
ineteye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Oct 23, 2014 12:29 pm

Users password changing bySelf!??

Post by ineteye » Thu Oct 23, 2014 12:47 pm

Hi!

Have Joomla! 2.5.11 and MijoShop running about a year... and just getting problem that somehow all users password changing in database to different.... Still did not find why this happens ... Maybe some one have same problem or at least know how to get what plugin,module,extension or just code injection making that??????

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14844
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Users password changing bySelf!??

Post by mandville » Thu Oct 23, 2014 1:02 pm

You have an out of date vulnerable joomla .
please update and run the fpa
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

ineteye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Oct 23, 2014 12:29 pm

Re: Users password changing bySelf!??

Post by ineteye » Thu Oct 23, 2014 1:04 pm

But how Forum Post Assistant can help??????????????????????

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14844
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Users password changing bySelf!??

Post by mandville » Thu Oct 23, 2014 1:08 pm

It will tell what extension you have and any out of date vulnerable ones
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22347
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Users password changing bySelf!??

Post by pe7er » Thu Oct 23, 2014 3:37 pm

ineteye wrote:But how Forum Post Assistant can help??????????????????????
Forum Post Assistant itself cannot help,
but it gives us the necessary information that we can use to advice you.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

ineteye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Oct 23, 2014 12:29 pm

Re: Users password changing bySelf!??

Post by ineteye » Sun Dec 28, 2014 10:59 pm

OK... I update Joomla to latest version and all other componments... .and still have same problem ... FPA REPORT
You do not have the required permissions to view the files attached to this post.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14844
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Users password changing bySelf!??

Post by mandville » Sun Dec 28, 2014 11:43 pm

the screenshot doesnt give us all the required info . follow the instructions please..http://forum.joomla.org/viewtopic.php?f=621&t=582860
the green area marked "show forum post assistant" then generate then copy and paste
but i can tell you now you have many out of date extensions .
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

ineteye
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Thu Oct 23, 2014 12:29 pm

Re: Users password changing bySelf!??

Post by ineteye » Mon Dec 29, 2014 6:53 am

The problem not in out of date extensions at all... it works in same build couple of years and no problem... so install updates and think that it resolve a problem not a good idea at all... as i wrote earlier..... So is any idea to know why this happen??? Maybe someone know how to stat all request to mysql database?? to know what change password field in joomla user table?????????????????????

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22347
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Users password changing bySelf!??

Post by pe7er » Mon Dec 29, 2014 8:27 am

ineteye wrote:The problem not in out of date extensions at all... it works in same build couple of years and no problem...
Outdated software works without any problems until a hacker (hackerscript) finds a security issue on your site in that outdated software...
See also https://docs.joomla.org/Security_Checklist

Side note: Joomla switched from md5 paswords to a safer methods (from PHP's md5() hashing to crypt()).
On newer Joomla versions, the old md5 style password will be converted automatically
to a newer Joomla "crypt" style password for individual users when they login into the website.

With phpMyAdmin you can see the encrypted passwords:
md5-hash:salt = old md5 style password
$1$ in password = new Joomla "crypt" style password
$2y$ or $2a$ = new BlowFish "crypt" style password
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content


Locked

Return to “Security in Joomla! 2.5”