0
Welcome Guest! Login
0 items Join Now

Joomla Security Holes?

Last Post
Search Topic

  • Joomla Security Holes?

    Posted 17 years 9 months ago
    • Hey all... I have people sending out spam through my domain at www.betougher.com

      Seems they got in through joomla somehow, and they can mask my domain and send out mail using This email address is being protected from spambots. You need JavaScript enabled to view it.

      My question is, how do i locate the hole and more importantly, HOW DO I STOP IT!!!

      Thanks so much, has anyone else had these problems?

      F$%$in SPAMMERS! I HATE THEM!

      -- moderator removed ALL CAPS from title --
    • Last Edit: 17 years 9 months ago by Andy Miller.
    • http://www.robertruppconsulting.com
      "Our truest life is when we are in dreams awake" - Henry David Thoreau
    #78291

  • Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    • Do you have an spf record associated with your domain? They could be spoofing.

      It may be that they are not sending through your site, rather using your domain as a reply to.

      Steve
    #78294

  • Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    • SPF record? No, they are sending through my site... In my VPS backend, I constantly am deleting their mails from my server mail queue.
    • http://www.robertruppconsulting.com
      "Our truest life is when we are in dreams awake" - Henry David Thoreau
    #78295
    • GollumX's Avatar
    • GollumX
    • Elite Rocketeer
    • Posts: 2817
    • Thanks: 0

    Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    • What forms (eg. contact form) are you using on your site?
    • Say no to Internet Explorer 6.
      twitter.com/mark_up
    #78343

  • Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    • havent developed it for awhile now, but the smf integrated login/register form i found on here, SMF forum with bridge, Virtuemart, and thats about it for now, not too many plugins goin on. Register Globals is off, the store runs in SSL. I thought I took all precautions, but I guess an avid joomla person could easily revert to shady behaviors if they knew the plugins and the system well enough? Their crappy spam, which is pretty much horrid junk, cloaks a fake user on my system and blasts out emails to cloaked junk users on other domain names... So I deal with that, and all the incoming "delivery failure" messages that get routed to my main account through my server...

      Any advice on iron-gating joomla, secure extensions, crap extensions, etc? Hopefully this will help me, and others who may have this issue or give them some prevention from my mishaps...

      thanks guys!
    • http://www.robertruppconsulting.com
      "Our truest life is when we are in dreams awake" - Henry David Thoreau
    #78401
    • GollumX's Avatar
    • GollumX
    • Elite Rocketeer
    • Posts: 2817
    • Thanks: 0

    Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    • A moderator on the security subforum (rliskey) was a member here too but i guess he hasn't renewed as I haven't seen him around in a while.

      The best source of info on Joomla security is the joomla.org security sub-forum.

      There are lists of vulnerable extensions there. I recommend you go through the security checklist.

      Everything you need is in the stickies.
    • Say no to Internet Explorer 6.
      twitter.com/mark_up
    #78402

  • Re: Joomla Security Holes?

    Posted 17 years 9 months ago
    #78405

Time to create page: 0.065 seconds