0
Welcome Guest! Login
0 items Join Now

Has anyone here had their joomla site hacked?

Last Post
Search Topic

  • Re: Has anyone here had their joomla site hacked?

    Posted 17 years 8 months ago
    • I have a daily backup going that emails to an account I setup, so a backup isnt really my worry. Problem is, this is an online retail site, so if this happens, and say it takes me an hour to log on and see it, how many customers just saw it and refuse to do business with me now because the site is not secure? I was reading somewhere on the joomla.org forums about how to find where they got in, something about checking your access logs? HEre is a bit of the post:

      gocchin: your site was hacked? Trust me I know this oh too well, it seems to happen as Brad said best, 3PD code that was written correctly or they forgot to add the famous "defined('_VALID_MOS') or die('Direct access to this location is not allowed.');" tag to the top of the file in that component, mambot or module. Check your access logs to see what strings were passed and what they hacked. YOu will typlically see a POST (the GETs you can typically ignore) and some being passed. Here is an example from a site I found:

      IP_ADDRESS_HERE - - [11/Jul/2006:01:38:16 -0700] "POST /JOOMLA/absolute_path=SOMETHING_PASS_HERE? HTTP/1.0" 200 25010 "http://YOUR_SITE.com/JOOMLA/absolute_path=SOMETHING_PASS_HERE?" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7"


      Question is, does anyone know how I can look at these logs?:) Sure would like to know where the hole that needs patching is:)

      as for the 3rd party bad list, I think he was refering to this thread:

      http://forum.joomla.org/index.php/topic,79477.0.html

      It has a list of 3rd party stuff and their vulnerabilities
    #44223
    • Dave Goodwin's Avatar
    • Dave Goodwin
    • Elite Rocketeer
    • Posts: 1472
    • Thanks: 4
    • Howdy!!

    Re: Has anyone here had their joomla site hacked?

    Posted 17 years 8 months ago
    • William E Dooley wrote:
      as for the 3rd party bad list, I think he was refering to this thread:

      http://forum.joomla.org/index.php/topic,79477.0.html

      It has a list of 3rd party stuff and their vulnerabilities

      I thought it was some article I've read. It's been a while and that brain cell is dead. Thanks Wm!

      dave
    • "I'm an individual, just like everyone else."
    #44245
    • stonelotus's Avatar

    Re: Has anyone here had their joomla site hacked?

    Posted 17 years 8 months ago
    • Is there a specific link for that list of evil extensions ?

      http://nvd.nist.gov/nvd.cfm

      Type 'joomla' into their search.

      There are other sites that list vulnerabilities but I was too lazy to look them back up for you, sorry.


      I forgot to mention... I believe Phil Taylor offers security auditing for Joomla although I have no idea what his fees are.
    • Last Edit: 17 years 8 months ago by .
    #44265
    • Dave Goodwin's Avatar
    • Dave Goodwin
    • Elite Rocketeer
    • Posts: 1472
    • Thanks: 4
    • Howdy!!

    Re: Has anyone here had their joomla site hacked?

    Posted 17 years 8 months ago
    • stonelotus wrote:
      Is there a specific link for that list of evil extensions ?

      http://nvd.nist.gov/nvd.cfm

      Type 'joomla' into their search.

      There are other sites that list vulnerabilities but I was too lazy to look them back up for you, sorry.


      I forgot to mention... I believe Phil Taylor offers security auditing for Joomla although I have no idea what his fees are.

      Wow! Didn't know that DHS was tracking Joomla. I guess that would be reasonable since the popularity of Joomla.
    • "I'm an individual, just like everyone else."
    #44268

Time to create page: 0.052 seconds