test
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • dumpyman Friend
    #195054

    Purity demo site hacked????:((:((


    1. Screenshot_2014-02-21-17-51-02
    TomC Moderator
    #523791

    YIKES – I will bring this issue to the immediate attention of the JA Development Team

    Radonja Djurisic Friend
    #523819

    all templates not only Purity

    wolfix Friend
    #523824

    <em>@dumpyman 412659 wrote:</em><blockquote>Purity demo site hacked????:((:((</blockquote>

    I use to have a problem with my Joomla sites getting hacked until I changed the permissions to 770, with Apache as the group-owner.

    770 is the hexadecimal code and the equivalent to: RWX,RWX,— or in other words: Owner (read, write, execute), Group (read, write, execute), Others (no access)

    Most server control panels allow you to change file permission… navigate to the root folder of joomla and choose 770, but you must use the “Recursive” feature which will automatically change all files and folders to 770. If you don’t use Recursive, you will only change one file/folder at a time.

    If you have access to command line you can navigate to the folder and change permissions…

    Example:

    cd /home/john/www/

    (note: cd is the Change Directory command that allows you to navigate to a specific directory. You can also use the (ls – l)command, without the parenthesis, to view all files and folders in a specific directory.

    chmod myJoomlaRootFolder -R myUserAccount:apache

    (note: this command makes me owner and Apache group-owner of all files and folders. The -R makes it recursive so all files and folders are changed.

    chown -R 770 myJoomlaRootFolder

    (note: this command changes the permissions to all files and folder. The -R makes it recursive so all files and folders are changed.)

    Others may have a better solution… but this has worked well for me… no more hacks.

    Manos Moderator
    #523826

    We all know that in computers there’s always someone clever than you and me and can do nasty tricks.

    The JA Team is already on top of the problem! Demo Servers are back online!

    Hung Dinh Friend
    #523830

    Thank you everyone for the notice and I am extremely sorry for the concern you may have with Purity. It is not the template related issues, it is all about the server.

    I have a long working session with our system admin, here are the details of how that hacker got into the Purity demo site:

    Purity III is on the same server with one of very old site of our system at http://wiki.joomlart.com (powered by http://www.mediawiki.org/wiki/MediaWiki) which somehow had been attacked about 3 hours before we were notified about the hacking message on the Puirty Demo. It was the same message we saw earlier today on wiki site.

    WIth the access he had from wiki page, the hacker put this .htaccess file to the root of the server


    RewriteEngine on
    RewriteRule ^index.php$ 1.html
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?param=$1 [QSA,L]

    As you can see, this will perform a complete deletion of all files and folder on the server. That’s pretty rude and meant of him

    For the past 2 hours we have fixed the issues and all demos will be brought back in less than 1 hour. The system admin has changed all the access credentials, and is now performing a complete security check

    So please don’t panic about Joomla or Purity, they are all secured. Next week, we will be separating the wiki page to a different server to make sure that it wont happen again.

    Hung Dinh Friend
    #523832

    I hope the hacker can see this thread too. Have you seen my message on the bottom right of this page? No working during happy hours! This is not fun at all

    if you want to do that, please keep calm and try it on Monday 🙂

    Hung Dinh Friend
    #523833

    All Demos are up and running smoothly. Enjoy the weekend guys!

    Radonja Djurisic Friend
    #523838

    guys i can still see …hack pages ?

    Manos Moderator
    #523839

    <em>@tolja 412721 wrote:</em><blockquote>guys i can still see …hack pages ?</blockquote>

    Hi, can you please let me know on which template ? ( or a link if you can)

    Radonja Djurisic Friend
    #523842

    sorry for late response..
    i just saw..
    now it seams all ok

    radu81 Friend
    #529208

    I’m afraid the demo site is hacked again 🙁

    Manos Moderator
    #529222

    Our team is already on top of that.
    Thanks for reporting.

Viewing 13 posts - 1 through 13 (of 13 total)

This topic contains 13 replies, has 7 voices, and was last updated by  Manos 10 years, 8 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum