Purity demo site hacked

Forums    Public Forums    Purity III    Purity demo site hacked
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • dumpyman Friend
    February 21, 2014 at 4:51 pm #195054

    Purity demo site hacked????:((:((

    1. Screenshot_2014-02-21-17-51-02

    1 user says Thank You to dumpyman for this useful post

    1. Hung Dinh
    TomC Moderator
    February 21, 2014 at 4:55 pm #523791

    YIKES – I will bring this issue to the immediate attention of the JA Development Team

    1 user says Thank You to TomC for this useful post

    1. Hung Dinh
    Radonja Djurisic Friend
    February 21, 2014 at 7:06 pm #523819

    all templates not only Purity

    1 user says Thank You to Radonja Djurisic for this useful post

    1. Hung Dinh
    wolfix Friend
    February 21, 2014 at 7:24 pm #523824

    <em>@dumpyman 412659 wrote:</em><blockquote>Purity demo site hacked????:((:((</blockquote>

    I use to have a problem with my Joomla sites getting hacked until I changed the permissions to 770, with Apache as the group-owner.

    770 is the hexadecimal code and the equivalent to: RWX,RWX,— or in other words: Owner (read, write, execute), Group (read, write, execute), Others (no access)

    Most server control panels allow you to change file permission… navigate to the root folder of joomla and choose 770, but you must use the “Recursive” feature which will automatically change all files and folders to 770. If you don’t use Recursive, you will only change one file/folder at a time.

    If you have access to command line you can navigate to the folder and change permissions…

    Example:

    cd /home/john/www/

    (note: cd is the Change Directory command that allows you to navigate to a specific directory. You can also use the (ls – l)command, without the parenthesis, to view all files and folders in a specific directory.

    chmod myJoomlaRootFolder -R myUserAccount:apache

    (note: this command makes me owner and Apache group-owner of all files and folders. The -R makes it recursive so all files and folders are changed.

    chown -R 770 myJoomlaRootFolder

    (note: this command changes the permissions to all files and folder. The -R makes it recursive so all files and folders are changed.)

    Others may have a better solution… but this has worked well for me… no more hacks.

    Manos Moderator
    February 21, 2014 at 8:34 pm #523826

    We all know that in computers there’s always someone clever than you and me and can do nasty tricks.

    The JA Team is already on top of the problem! Demo Servers are back online!

    1 user says Thank You to Manos for this useful post

    1. TomC
    Hung Dinh Friend
    February 21, 2014 at 9:37 pm #523830

    Thank you everyone for the notice and I am extremely sorry for the concern you may have with Purity. It is not the template related issues, it is all about the server.

    I have a long working session with our system admin, here are the details of how that hacker got into the Purity demo site:

    Purity III is on the same server with one of very old site of our system at http://wiki.joomlart.com (powered by http://www.mediawiki.org/wiki/MediaWiki) which somehow had been attacked about 3 hours before we were notified about the hacking message on the Puirty Demo. It was the same message we saw earlier today on wiki site.

    WIth the access he had from wiki page, the hacker put this .htaccess file to the root of the server


    RewriteEngine on
    RewriteRule ^index.php$ 1.html
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?param=$1 [QSA,L]

    As you can see, this will perform a complete deletion of all files and folder on the server. That’s pretty rude and meant of him

    For the past 2 hours we have fixed the issues and all demos will be brought back in less than 1 hour. The system admin has changed all the access credentials, and is now performing a complete security check

    So please don’t panic about Joomla or Purity, they are all secured. Next week, we will be separating the wiki page to a different server to make sure that it wont happen again.

    5 users say Thank You to Hung Dinh for this useful post

    1. Hieu Nguyen
    2. pavit
    3. Manos
    4. Phill
    5. Radonja Djurisic
    Hung Dinh Friend
    February 21, 2014 at 9:54 pm #523832

    I hope the hacker can see this thread too. Have you seen my message on the bottom right of this page? No working during happy hours! This is not fun at all

    if you want to do that, please keep calm and try it on Monday 🙂

    2 users say Thank You to Hung Dinh for this useful post

    1. Arvind Chauhan
    2. Manos
    Hung Dinh Friend
    February 21, 2014 at 10:04 pm #523833

    All Demos are up and running smoothly. Enjoy the weekend guys!

    Radonja Djurisic Friend
    February 21, 2014 at 10:57 pm #523838

    guys i can still see …hack pages ?

    Manos Moderator
    February 21, 2014 at 11:22 pm #523839

    <em>@tolja 412721 wrote:</em><blockquote>guys i can still see …hack pages ?</blockquote>

    Hi, can you please let me know on which template ? ( or a link if you can)

    Radonja Djurisic Friend
    February 22, 2014 at 12:29 am #523842

    sorry for late response..
    i just saw..
    now it seams all ok

    1 user says Thank You to Radonja Djurisic for this useful post

    1. phong nam
    radu81 Friend
    April 2, 2014 at 3:07 pm #529208

    I’m afraid the demo site is hacked again 🙁

    Manos Moderator
    April 2, 2014 at 3:58 pm #529222

    Our team is already on top of that.
    Thanks for reporting.

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)

This topic contains 13 replies, has 7 voices, and was last updated by  Manos 10 years, 7 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum

Important Notice :

New Unified Portal is live

Must Read

Jump to forum

Categories