Correct me if I'm wrong, but doesn't JoomSuite use ion-cube and have some files encoded? If that's the case, it's easy for someone to get very frustrated if support tickets aren't answered. You pay for the product, then can't even fix it yourself.

Official statement regading site been hacked
Monday, 06 July 2009


The site was recently hacked. There is however no need for concern: You can still trust to our components.

Here is what we found in our investigation:

Let me be very clear on this issue: THERE IS NO VULNERABILITY IN OUR COMPONENTS, NONE WHATSOEVER!

Here is the complete story:

Approximately 5-6 month ago I found strange code in the Joomla authorization plugin that sent login data of everyone who logs into the backend (ONLY BACKEND NOT FRONTEND).

From our investigation we found out that a hacker came in through Joomla 1.5.8. The security release 1.5.10 was out but we did not update the same day.

I deleted the code, updated all the files, found a few backdoor scripts and deleted them and wrote to the email adress of the person who was trying to blackmail us.

That was PS (Persian Service). This person was blackmailing us and threatened to destroy our site if we would not provide him with the source code of all our components.

This was one of the reason that we changed our server, moving to more secure one.

Then we moved to the new server, on the new server we logically so installed new files. We did not copy any old files or folders.

However, the affiliate manager JAM we copied it as is. There in the backups folder was an old backdoor script which had been there all the time from the old server.

The hack came from there because the backups folder had permissions set to 777 access.

After an examination of our logs we found that PS started accessesing that backdoor on July the second. PS had never done that before the 2nd of July on the new server.

Using this backdoor PS read the configuration.php file and that provided him with FTP access. Then he changed our index.php.

All necessary steps to protect our server have now been taken. Nothing was done or has been done to our components.

Unfortunately PS stated in an email that he has obtained our customer Database. We are not sure what he means, either he has accessed our DB or he made a copy. However, the only valuable information in there are our customer’s their emails and nothing else!

For that we humbly apologize, that this information got in hacker’s hand.

And do not forget to block IP 94.241.144.9, or block Iran totally as we did.

Hello,

I am the person who is behind the DDOS attack against your website.
My demand is 600 euros to stop the attack.
I am willing to negotiate this amount to a lower figure if you show your willingness to cooperate with us.
You were attacked by a 3000 node botnet,that is just 4,5% of the capacity available at our disposal.
We can knock offline the datacenter hosting you if need be.
Failure to pay will also result in spam containing child pornography videos to be mass emailed to over 3 million e-mail addresses along with your phone number and customer care e-mail as a solicitation to sell child pornography.
All the spam will appear as originating from your domain name.
Mass submissions will be made to google and other search engines soliciting sales of viagra and cialis linking back to your website,google really hates this will and will completely remove all results leading back to your site,effectively loosing you a shitload of traffic.
There is no need to keep this going,notify me of your response within 48 hours or the attack will resume.
Failure to pay will result in continued action against you for a period of 12 weeks.

PS: If you want some samples of the child porn we are going to be mass mailing out let me know,ill send you some.

Sincerely,
Adam Smith

Yest, It is, and it is big problem. I am looking for competitors of Member/User components not encoded, but... Rocket team abandoned "Club" product before launch.