Joomla can be more friendly for hackers too !!!

[Faun]

For 1 week my net connection was down ! And today when I opened my blog (webofgoo.com), I found that the index page was altered by some hacker.


One thing is sure that same guy hacked into other users having Joomla installed. I too has version 1.5.8 but never used it (someone else did...lol). I didn't even installed any addons or posted any post in that, it was a vanilla install.

Now I have removed Joomla, Drupal is still running goog. He did change my wordpress blog's (t.webofgoo.com) current theme index page (I wonder why ? He could have simply place an index file in the main directory).

Rohan Shenoy aka Victo Rambo any words on it. Probably hacker used password vulnerability as I got this link in Joomla Forum:
http://forum.joomla.org/viewtopic.php?f=432&t=316567

PS: Thankfully I had a different password set for WHM and my email That saved some guys who share their website in my reseller account.

[Ecstasy]

Could it be one of the forum members?

[Faun]

^^nope as this guy uses MS frontpage to make pages...lol. Probably he is from Arabian land.

[victor_rambo]

Quote:

Originally Posted by Ecstasy

Could it be one of the forum members?

You mean rohan_shenoy?

hmmm...i can' t tell enough because I have not fiddled enough with jooma code!
BTW I have seen many joomla installations hacked in the past. I think NucleusCore's was also hacked!

And what did you say abt the WP theme? Can u plz explain it better? Cudnt get it!

[Ecstasy]

I used to hang out in one of the European gaming server forum and it was vBulletin and even that got hacked by the Turkish people. Whenever someone clicks on any thread or any section it redirects to some Turkish site. The reason why I'm saying is cause i think vBulletin is hard to hack as it doesn't have much vulnerability.

[thewisecrab]

I was shocked on opening your site, T
Anyway, glad its been sorted
PS. My friend ditched Joomla because of the same reason about a year ago

[Faun]

^^yeah, I wasn't using Joomla for website. I was just learning to use Joomla and Drupal apart from wordpress. Already started learning Drupal, loving it so far. It's just amazing at how much you can do with it. Ofcourse I won't be learning Joomla now, already removed it

Friggin BSNL put me out of the internet for one week.

I knew that NucleusKore's website was hacked and it was Joomla too.

[Liverpool_fan]

This is sad...
But at least you didn't lose anything precious...
Umm... I was considering Joomla, but now with this and considering its SEO is poor, I guess I should look at other CMSes...

[Abhishek Dwivedi]

the latest secured version of Joomla is 1.5.9 if ur using a 1.5.x built...safest is to use J1.0.x

the exploit u r talking abt (that link to joomla forum) works only with Joomla 1.5.4 and below...it exploits forgot my password frm the frontend...it was patched up in the Joomla 1.5.5 release...

moreover, there are certain measures u need to take in order to secure ur site...no CMS is secure out-of-the-box...

Quote:

Originally Posted by Anurag_panda

This is sad...
But at least you didn't lose anything precious...
Umm... I was considering Joomla, but now with this and considering its SEO is poor, I guess I should look at other CMSes...

no its SEO is not poor...its got one of the most customizable SEO features using certain extensions like sh404sef...

[mrintech]

Now I got who is victor_rambo

[Liverpool_fan]

Quote:

Originally Posted by Abhishek Dwivedi

the latest secured version of Joomla is 1.5.9 if ur using a 1.5.x built...safest is to use J1.0.x

the exploit u r talking abt (that link to joomla forum) works only with Joomla 1.5.4 and below...it exploits forgot my password frm the frontend...it was patched up in the Joomla 1.5.5 release...

moreover, there are certain measures u need to take in order to secure ur site...no CMS is secure out-of-the-box...



no its SEO is not poor...its got one of the most customizable SEO features using certain extensions like sh404sef...

Thanks for the info.

[NucleusKore]

You should keep updating. Current is 1.5.9
I have subscribed to the security feed on Google reader. I check once a day and update as soon as the patch is released. That's the least I can do.

Also read this
http://forum.joomla.org/viewtopic.php?f=432&t=335090

[Faun]

^^mine was 1.5.8, I was not running any site on it. It was just for learning...lol. Probably I should've installed it on a very cryptic subdomain instead of main domain.

Anyway, it was a good excuse for me to upgrade to wordpress 2.7 (though I lost a lot of customizations I did to my previous wordpress install and plugins). So far its running fine.

[NucleusKore]

Ok
I have been hacked, so I've learnt the hard way, it pays to stay up-to-date.

[Kl@w-24]

Dearie me!! That certainly shows that when developers want you to upgrade to a newer version, you probably should (if it's free, that is).

I'll keep this incident in mind while setting up my site. Glad everything's alright now, though.

[krates]

i think your DB must be there... reinstall joomla the old version only set it up again and then update it to the newer version if there is any.. change the pass and don't think much more

if your DB is not there ask your hosting provider that does they keep back up of sites ...
most of the hosting provider back up the sites every week .....

hope everything will be fine...

[NucleusKore]

^+1
I now use the lazybackup to backup the DB
http://extensions.joomla.org/extensions/4445/details

[Abhishek Dwivedi]

or better use JoomlaPack extention...makes a backup of ur complete site with database and an autoinstaller of ur backup...no pain in a**

[NucleusKore]

^Thanks

[Faun]

I had the backup, but only bloody thing was that I was on a vacation for whole week so the things went a little worse.

Any way, security is a never ending thing. You must upgrade, watch, protect whats yours.

Btw I got the IP address from where the hack was done and the timing too

Its from Saudi Arabia, Riyadh There were three IP's, IMO dynamic IPs for a single PC.

[MetalheadGautham]

WTH ?
I was thinking of learning Joomla. Think I need to stop now.
I just need to figure out how to use Wikidot.com and I am a FREE MAN.

[krates]

Quote:

Originally Posted by MetalheadGautham

WTH ?
I was thinking of learning Joomla. Think I need to stop now.
I just need to figure out how to use Wikidot.com and I am a FREE MAN.

c'mmon man you should learn using it ... it is the best CMS i have used till date... i think the bug should have been fixed by now for sure...

[Abhishek Dwivedi]

Quote:

Originally Posted by MetalheadGautham

WTH ?
I was thinking of learning Joomla. Think I need to stop now.
I just need to figure out how to use Wikidot.com and I am a FREE MAN.

dude the exploit was in Joomla 1.5.4 n below...patches ages ago...lolz...its safe...moreover, there are 2 versions of joomla running at the same time..Joomla 1.5.x n Joomla 1.0.x....u shud learn

[c0mrade]

Joomla is great as long as you keep your version updated with them! Start a thread here - http://forum.joomla.org/ and send them a complain ticket

[Chirag]

Any cracker here? Need a little help. A good deed. Serious.

[victor_rambo]

Quote:

Originally Posted by MetalheadGautham

WTH ?
I was thinking of learning Joomla. Think I need to stop now.
I just need to figure out how to use Wikidot.com and I am a FREE MAN.

Typical average user.

C'mon...even Linux has bugs and security holes(which you will never know until someone publishes them).

[c0mrade]

Quote:

Originally Posted by victor_rambo

Typical average user.

Well you dared to point it out

[gary4gar]

Quote:

Originally Posted by T159

PS: Thankfully I had a different password set for WHM and my email That saved some guys who share their website in my reseller account.

Shesh that was close!, you could have taken me down as well,
Hum toh dubege Sanam, tumhe sath mein leker dubege
Now we seriously need to look into security aspect of websites.


Did you do a security audit of your site?
so that this never happens again

Also, please change all your passwords as a precaution

[Faun]

^^As long as you data is backed up, you shouldn't worry.

I did a clean install of wordpress 2.7. So far have been updating it regularly.

Passwords was not cracked actually. But i have changed them to something deranged out of proportions.

[victor_rambo]

Quote:

Originally Posted by gary4gar

Now we seriously need to look into security aspect of websites.

lol...u are over-reacting
But I now I hope you people get why security IS important. I have seen many people ignoring the security aspect as if it does not exists. Most people say "Hey it works and that is all I want"....and then they get many more unwanted things

Quote:

Did you do a security audit of your site?

Errr??? You really think T is SO RICH that he can afford to do it for the sake of few personal accounts.....dude, security audit is a BIG thing, and usually is undertaken at data-center level, not reseller or front-line level.

And with so many loosely coded scripts, its not even worth to have an security audit done! You see, one programmer's stupidity can beat the indigenious fool-proof algorithm of another