Welcome Guest ( Log In | Register )

 Forum Rules Extensions Support
 
Reply to this topicStart new topic
> New Joomla 1.5.26 And Joomla 2.5 Exploit, latest joomla protection from exploits
Web Design Seo
post Aug 1 2012, 10:07 AM
Post #1


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



Seems that joomla 1.5.26 New exploit is released.

For the past few days we have some number of hacked Joomla's 1.5 that have been hacked in the same way:
- All joomla installs were with the latest joomla 1.5 version - joomla 1.5.26
- All sites were with unprotected folder /administrator

How exploit work?
A. Uploaded is one php shell file or several shell files in images/stories.
2. Hacker make POST requests to com_installer or com_templates

What makes this Joomla exploit:
Hacker modified .htaccess. As a result, website redirect to the one Russian website and google starts screaming that "this website may harm your computer".

How to clean your Joomla 1.5:
1. Typically, php files are uploaded to the folder images/stories. It is easy to recognize - there should not have php files. File name is something like cache.php or other name.
2. Remove redirects from htaccess file. Redirects are at start and in end of file. Or open one standart Joomla 1.5 htaccess and copy-paste the right parts of code.


The decision to not hack joomla 1.5:
1. Lock folder administrator. With password or by IP address.
2. Add to your htaccess file defense against RFI - Remote File Inclusion protection.

So, seems that latest joomla 1.5.26 is not well protected. Maybe this exploit is possible with latest Joomla 2.5 also - we have not tested. I recommend you to protect folder administrator by IP or with password.

More useful guides about exploits protection: more htaccess huides and guide Ultimate Security For Joomla


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Aug 1 2012, 01:12 PM
Post #2


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



Latest news about this exploit are:

Attacks come from IP: 91.202.244.73 (may be are many, this ip is one of them). One of doors that hacker use is JCE exploit - JCE Extension Remote File Upload. This exploit work with all versions of JCE before 2.0.10.

This mean that all versions of Joomla 2.5 are also vulnerable!

How is this possible?

Joomla 2.5 have your own update manager that check all extensions for new versions. But.... is not working with JCE. I have check about 10 joomla's 2.5 and always message is all extensions are up-to-date.



But... the problem is that on all checked from me joomla installs, version of JCE was older, not latest 2.2.4. May be the problem is in JCE, may be in Joomla 2.5 update manager, will see in next days.

For now, download from here latest version of JCE and install - package is only one for all joomla versions from 1.5 to 2.5 and will update your joomla site automatically to latest version.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
persmash
post Sep 10 2012, 10:01 PM
Post #3


Newbie
*

Group: Members
Posts: 1
Joined: 10-September 12
Member No.: 1,346



Can you please explain how can we use this vulnerability?
Go to the top of the page
 
+Quote Post
Web Design Seo
post Sep 11 2012, 06:38 AM
Post #4


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



Don't use it, just fix it smile.gif Problem was in older versions of JCE and is fixed in latest versions. Just update your JCE copy often - always install latest version!


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Jan 15 2014, 08:09 AM
Post #5


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



IP addreses of bots that try to hack joomla websites over this JCE exploit (Ip addresses are from logs from one of our firewalls)

Insert this code in your htaccess to deny access to your website from hacker's bots ip:
Код
deny from 2.228.105.131
deny from 31.131.31.183
deny from 46.32.227.68
deny from 64.34.165.204
deny from 66.55.72.82
deny from 79.143.186.120
deny from 85.214.26.171
deny from 85.214.122.33
deny from 87.126.158.82
deny from 88.255.89.55
deny from 91.121.1.179
deny from 91.121.85.219
deny from 91.121.115.186
deny from 123.242.173.1
deny from 132.248.160.9
deny from 176.28.8.81
deny from 176.223.123.143
deny from 198.27.85.51
deny from 202.129.185.250
deny from 206.167.88.7


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Jan 20 2014, 07:21 AM
Post #6


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



2 more ip's added.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Jan 24 2014, 11:23 AM
Post #7


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



2 more new ip, now are 10.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Jan 29 2014, 01:56 PM
Post #8


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



One more bot ip is added.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Jan 30 2014, 07:45 AM
Post #9


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



IP's of bots that try to login in joomla administration:

Turkish:
Код
213.238.175.29
213.238.175.32
213.238.175.34
213.238.175.35
213.238.175.37
213.238.175.38
213.238.175.40
213.238.175.41
213.238.175.42
213.238.175.50
213.238.175.51
213.238.175.52
213.238.175.53
213.238.175.55


Netherlands:
Код
146.0.73.155
146.0.73.156
146.0.74.202
146.0.74.204
146.0.74.208
146.0.74.28
146.0.78.9
146.0.79.23
5.39.218.37
5.39.219.25
5.39.219.27


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Feb 10 2014, 08:42 AM
Post #10


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



85.214.122.33 added - ip try to upload shell file over jce.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Feb 17 2014, 07:23 AM
Post #11


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



New IP's from this weekend are added to first post:

202.129.185.250 - try to upload files over JCE imgmanager.
88.255.89.55 - try to upload files over facile forms:
Код
/components/com_facileforms/libraries/jquery/uploadify.php


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Feb 25 2014, 01:36 PM
Post #12


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



Three more IP added in post 5.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post
Web Design Seo
post Mar 26 2014, 08:46 AM
Post #13


Web Design Seo
****

Group: Root Admin
Posts: 4,161
Joined: 29-April 09
From: Sofia
Member No.: 1



One more added.


--------------------
Правила на форума | Forum Rules | How to receive support. 3D Web Design: Уеб дизайн, Seo оптимизация, Web Site Extensions, Oscommerce Addons, Wordpress plugins and Joomla Extensions. Изработка на уеб сайтове и оптимизация на сайт за търсачки и Seo услуги.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Collapse

> Similar Topics

  Topic Replies Topic Starter Views Last Action
No new Pinned: Topic has attachmentsJoomla Scraper, Grabber For Joomla
Joomla Scraper Can Grab Any Content From Any Website
82 Web Design Seo 87,590 9th October 2019 - 08:53 AM
Last post by: Web Design Seo
No new Pinned: Topic has attachmentsJoomla Vulnerable Extensions List
list with new Joomla exploits
20 Web Design Seo 24,773 26th September 2018 - 05:07 AM
Last post by: Web Design Seo
No new Pinned: Joomla Pagination Seo Plugin
SEO plugin for Joomla Pagination that work in all Joomla
61 Web Design Seo 64,497 13th March 2018 - 10:05 AM
Last post by: mxcpz
No New Posts Pinned: Joomla Scraper Going Open Source
No licenses, use scraper on unlimited number of web sites
0 Web Design Seo 6,148 8th March 2017 - 07:40 AM
Last post by: Web Design Seo
No New Posts Pinned: Joomla Ден 2016
Joomla Day 2016
1 Web Design Seo 19,946 31st October 2016 - 10:11 AM
Last post by: Web Design Seo
No New Posts Joomla Post By Email To K2 Extra Fields
1 uglykidjoe 13,611 11th February 2016 - 07:45 AM
Last post by: Web Design Seo
No new Pinned: Joomla Scraper Integration With K2
better integration of Joomla Scraper and K2
8 Web Design Seo 24,953 2nd January 2016 - 09:07 AM
Last post by: b_goranov
No New Posts Pinned: Android Tv Box
Андроид ТВ бокс устройства, какво е това
0 Web Design Seo 16,091 21st December 2015 - 09:52 AM
Last post by: Web Design Seo
No New Posts Joomla Scraper Not Working
2 Jan Hädicke 8,165 11th November 2015 - 02:05 PM
Last post by: Web Design Seo
No New Posts New Domains 2015
new domain names in 2015
0 Web Design Seo 11,222 12th January 2015 - 08:02 AM
Last post by: Web Design Seo


 



RSS Lo-Fi Version Time is now: 14th October 2019 - 09:30 PM
Clicky Web Analytics