Demo Site Hacked?

Forums    Public Forums    JA Purity    Demo Site Hacked?
Viewing 15 posts - 16 through 30 (of 40 total)
1 2 3
  • Author
    Posts
  • cgc0202 Friend
    August 15, 2008 at 6:48 pm #265526

    <em>@questbg 73700 wrote:</em><blockquote>Could you guys actually explain how this was ‘fixed’ please? I’m going live next week and I’m still on Joomla 1.5.3 … if there’s any protection for my site, then please share with me!</blockquote>

    Chris,

    Upgrade to Joomla 1.5.6 using the patch Joomla 1.5.3 to Joomla 1.5.6. Use the patch coming directly from Joomla. Also, Joomla has detailed procedure on how to do this, and it is included in every upgrade.

    Unfortunately, Joomla 1.5.3 and Joomla 1.5.5 include feature changes requiring changes in the script — that may trigger compatibility issues with the Teline template.

    Considering how much customization has been done to yoiur site, you may literally erased those changes by doing the uninstall-install procedure proposed by Joomlart to update your site. This is not only tedious but also quite dangerous when it comes to the Teline II template.

    This is the need for the Template Patch Update that we are discussing in another thread.

    If you know the actual files in the Teline II template that were fixed in the latest Teline II v1.5, then you do not have to do the use the uninstall-install procedure.

    Instead, you may then systematically upload the fixed files, and check if it affects your site. Obviously, you should do this is a mirror site before applying them to the actual site.

    This alternative approach of updating an existing site, the way Joomla patch fixes work, cannot be done unless Joomlart identifies the fixed files in Teline II v1.5

    You have got serious security problem unless you upgrade to Joomla 1.5.6. But, if you attempt to upgrade using the uninstall-install procedure, and make a mistake — you may end up with a messed up site.

    In short, you are on your own to squirm in your cage, if you get my meaning. To rephrase someone — I feel your quandary. 🙂

    Cornelio

    cgc0202 Friend
    August 15, 2008 at 6:50 pm #265527

    <em>@njbarbour 73672 wrote:</em><blockquote>Hi,

    Is there a solution to your site being hacked ?

    njb</blockquote>

    <em>@tcraw1010 73698 wrote:</em><blockquote>It’s been fixed</blockquote>

    He was asking how to fix it, not the progress of fixing the problem.

    cgc0202 Friend
    August 15, 2008 at 6:57 pm #265528

    <em>@njbarbour 73701 wrote:</em><blockquote>Hi,

    I had the hosting company reset the site to the version before the time of the attack.
    Thing is, I do not now have admin control of the site in order to make my upgrade and fix it permanently.

    njb</blockquote>

    Hi njb,

    Assuming you know what to do, maybe you should consider other hosting services to give you more control of your website.

    It is your choice though. In the meantime, the suggestions of mj are prudent.

    I have been wanting to do that, but for now, I just upgraded my sites to Joomla 1.5.6 — that is priority. If the site is already hacked — Joomlapack will just copy what is there.

    Cornelio

    cgc0202 Friend
    August 15, 2008 at 7:37 pm #265532

    Hi mj,

    I have been just reviewing the features of JoomlaPack the other day because I want to move a number of sites from one server to another. It seems straightforward, but I have not used it yet. I think I might use it to do the regular backups, in the future.

    In this regard, I have a question: What happens if the “site name” used in the database is different from one site to another? Or, for that matter, as indicated below, the Joomla versions, and the templates as well as other features explained below are so different from what I want them to be.

    Current stage of “lack of expertise”

    At this stage, I do not feel qualified enough to be going inside and hacking the MySQL database itself. .As important, the original sites used the original Teline template or Gavick News templates — some Joomla 1.0x and some Joomla 1.5.x — all earlier versions because they were prepared last year.

    For each site, I want to place the files instead in fresh installed Joomla 1.5.6-Teline II v1.5 because I think I already have most of the “bugs” fixed and did customization in my latest version Joomla 1.5.6-Teline II v1.5. It took forever hacking the CSS so that the typography and some minor spacing are just what I want. They can be modified more later.

    Also, for each site, I have customized sections and categories quite different from those of the original.

    This is my predicament whether it is JoomlaPack or another extension that I should use, more specifically, DOCman.

    Is it possible to just save files by section or categories using JoomlaPack?

    For the aforementioned purpose, I thought the DOCman (also free) might be more suitable based from the features stated — you can just transfer the files, by sections, by categories, etc. and supposedly from the features, it can be done from Joomla 1.0x to Joomla 1.5x

    Have you used DOCman? One concern I have with it is that it is still legacy for Joomla 1.5.x From what I read, there are some extensions that do not function well when Joomla is in legacy mode.

    Cornelio

    <em>@mj1256 73746 wrote:</em><blockquote>joomlapack will let you backup your site so that if it breaks or gets hacked you can restore the site to your server or host. it works just like the JA quickstart package, except it will be your site. It installs as a component and is very intuitive.

    as for PHPsuexec, as I said, it is a security program that is recommended for use with joomla. You cannot install this, it needs to be done by the host and works at the server level. So, try to find a host that has it, (like RochenHost or HostGator), or, if your host does not have it on the server you are on, see if they have one they can move your site to.

    Now, how it works and what it does is explained in the link I gave. Basically, it changes file ownership to the user (admin), forbids the use or chmod 777, and makes it tough for nefarious hackers to do site injections of files and executable programs, it also disables the global php.ini which has the php directives for your site.</blockquote>

    mj1256 Friend
    August 16, 2008 at 3:18 am #265566

    <blockquote>In this regard, I have a question: What happens if the “site name” used in the database is different from one site to another? Or, for that matter, as indicated below, the Joomla versions, and the templates as well as other features explained below are so different from what I want them to be.</blockquote>

    you can have different database names and passwords, the joomlapack back up will be a full install of joomla and your content and your database etc, just like a ja quickstart package. There are no version conflicts, its your site as you saved it in the backup.

    => one more step with joomlapack, once the backup is uploaded and unzipped, your name the configuration.php to old and than create a blank configuration.php file. it will create a new one so transfering the sites to new domains or servers is not a problem. They have a very easy to follow step by step.

    <blockquote>At this stage, I do not feel qualified enough to be going inside and hacking the MySQL database itself. .As important, the original sites used the original Teline template or Gavick News templates — some Joomla 1.0x and some Joomla 1.5.x — all earlier versions because they were prepared last year.</blockquote>
    no need to go into the SQL or even phpmyadmin, it installs the database just like a ja quickstart package, just make sure you create a blank database before you start and check install sample data just like a ja quickstart install

    <blockquote>For each site, I want to place the files instead in fresh installed Joomla 1.5.6-Teline II v1.5 because I think I already have most of the “bugs” fixed and did customization in my latest version Joomla 1.5.6-Teline II v1.5. It took forever hacking the CSS so that the typography and some minor spacing are just what I want. They can be modified more later.</blockquote>

    your not overwriting anything, its your site as you last backed it up, you will not lose or over write anything

    <blockquote>Also, for each site, I have customized sections and categories quite different from those of the original.</blockquote>

    that is not a problem, its a full backup of your site as it was and as you made it.

    Docman is not a backup program and I would not even think of using it that way. Its designed for file sharing.

    so, all of the issues your raise above are non-issues, a backup is your site as you made it, the backup includes the db, the backup is saved as a zip file. when you need to reinstall your site, you just upload the file, unzip it on the server, and then install the site agian, it uses the joomla installer, when you get to the db section, click on install sample data, and voila, your site is fully restored with all of your customization.

    again, just like a ja quickstart package, except its your site.

    the whole process takes minutes.

    njbarbour Friend
    August 16, 2008 at 8:03 am #265583

    Hi all,

    Im looking to do these updates but I have found the Joomla! update instructions less than adequate for purpose.

    Point 3 says ” Install the patch package on the copy site” – My Question is WHERE ? I have a sub directory in one case called check2 and mindex – this is where I unpacked all of the Joomla! install code. – Do I just copy and pray ? – Id much prefer to do the manual upgrade if at all possible.

    Im in a bit of a quandry here. Im running Joomla! 1.5.3 on one site and Joomla! 1.5.0 on the other.

    The Joomla site offers a nice manual update procedure but for 1.5.5 to 1.5.6 ONLY. It also says:

    “This patch will only update installations of Joomla 1.5.5. If you’re using an earlier version, it is recommended you update prior to updating these files.” – OK guys, where are the files ? – ONLY Joomla! updates to 1.5.6 are now present on the site.

    I hope somebody on this discussion thread can propose a work around.

    Thanks all

    njb

    2Patrick Friend
    August 16, 2008 at 8:20 am #265584

    Hopefully JA updates their templates to run under J1.5.6 asap….starting perhaps with the most popular template ie Teline II.

    Otherwise, we are going to all hear of a lot of hacking experiences !!

    questbg Friend
    August 16, 2008 at 8:26 am #265585

    I just read this on the Joomla Site:

    Solution

    Upgrade to latest Joomla! version (1.5.6 or newer), or patch /components/com_user/models/reset.php with the code below:

    After global $mainframe; on line 113 of reset.php, add:

    if(strlen($token) != 32) {
    $this->setError(JText::_('INVALID_TOKEN'));
    return false;
    }


    That would seem to me that I could hack the code, even in Joomla 1.5.3 and still be safe from these security issues?

    2Patrick Friend
    August 16, 2008 at 9:04 am #265586

    Hi Mj

    I tried googling Rocken etc but I cant seem to find such a hosting company .Did you get the name qwrong

    I am definitely interested in any company that can provide PHPsuexec! ( got frighteend after reading your post !)

    Michael Casha Friend
    August 16, 2008 at 9:12 am #265587

    <em>@2Patrick 73831 wrote:</em><blockquote>Hi Mj

    I tried googling Rocken etc but I cant seem to find such a hosting company .Did you get the name qwrong

    I am definitely interested in any company that can provide PHPsuexec! ( got frighteend after reading your post !)</blockquote>
    It’s Rochen, with a h not a k.

    1 user says Thank You to Michael Casha for this useful post

    1. 2Patrick
    p17blo Friend
    August 17, 2008 at 8:30 am #265663
    p17blo wrote:

    security is as much the users responsibility as it is the providers.
    </blockquote>

    This actually depends on what was hacked and how. If, as I have seen time and time again with open source CMS software, it was either an overflow or injection attack then it is really down to the coders of the software (but not often the template, but still possible).

    It is an unfortunate truth that security often comes at the back end of open source development.

    As I didn’t see what had happened does anyone know what how the attack happened? Is this a global security issue is Joomla or was it specific to this site or a specific template?

    Paul

    Michael Casha Friend
    August 17, 2008 at 8:39 am #265664

    The issue was caused by the Password reset feature built into Joomla! Unfortunately, even though Joomla! is a very secure script, because the source is completely open the ability for holes to be found are a lot easier to occur.

    njbarbour Friend
    August 17, 2008 at 9:11 pm #265701

    guestbg

    I read your item on making the change to the reset.php file. I did this to my sites. Will this suffice ?
    Do you know of a manual method of upgrading from 1.5.0 and 1.5.4 to the new 1.5.6 ?
    I would have thought there is more to this than meets the eye. I havent found the Joomla! website support article that useful.

    Can you shed real light on this ?

    Thanks

    njb

    njbarbour Friend
    August 17, 2008 at 9:14 pm #265703

    mj1256

    Do you happen to have made the security upgrade to 1.5.6?

    If so, how did it work for you?, I have two sites and one is running 1.5.0 and 1.5.4. I would much prefer to do a manual upgrade if possible.

    I have made the following addition to my reset.php file as proposed by one of the forum members, have you heard of this and do you know if it is enough?

    if(strlen($token) != 32) {
    $this->setError(JText::_(‘INVALID_TOKEN’));
    return false;
    }

    Thanks for your wise advice so far.

    njb

    questbg Friend
    August 18, 2008 at 4:13 am #265735

    <em>@njbarbour 73985 wrote:</em><blockquote>guestbg

    I read your item on making the change to the reset.php file. I did this to my sites. Will this suffice ? </blockquote>

    I hope so! However, as you say, the info on the Joomla site is not too specific. I run this ‘fix’ by my service provider and they thought this should be OK. They checked the ‘update’ and that appeared to be the only change, so I’ve implemented it!

    I’m no expert … just hopeful 🙂

    I’m also looking at paying for a 3rd Party security extension to prevent such attacks:
    http://joomsuite.com/index.php?option=com_resource&view=article&article=18&Itemid=16

    I’m waiting to speak to their Tech Support to see if this is ‘additional’ security over the Joomla security and that it works better!

  • Author
    Posts
Viewing 15 posts - 16 through 30 (of 40 total)
1 2 3

This topic contains 40 replies, has 10 voices, and was last updated by  mj1256 16 years, 2 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum

Important Notice :

New Unified Portal is live

Must Read

Jump to forum

Categories