Site hacked (1.0.12) - Joomla! Forum - community, help and support

-

hi,
  know there loads of posts , have been hacked before put down age of install.
last friday night hacked , index.php replaced script kiddie.
i have copy of http logs unfortunately in haste restore site lost time stamp on modified files. far can tell left dbase alone.

the exploit looks little this:
post /index.php?mosconfig_absolute_path=nastyfile.txt (i can provide full sanitised logs if needed)
these loads of lines in logs trying lots of different files, lost time stamp on index.php cant pinpoint exact 1 worked.

my joomla ver 1.0.12
php 5.0.4
mysql 4.1.20
apache 2.0.54
globals off
magic quotes on

i have few components installed , wondering if these may problem have read joomla should hardened against type of attack.

3rd party stuff:
tmedit ver 1.0
tinymce ver 2.0.8
hot property ver 0.98
mosforms ver 0.3rc2
sitemap ver 1.2
swmenufree ver 2.0
xaneon extensions ver 2.0.0-beta2

any fantastic site clients entire livelihood , worried @ moment after hacked first time told him upgrading 1.0.12 stop it!

paul

read stickies in forum. check out security faq section in site.
upgrade 1.0.13





Comments

Post a Comment

Popular posts from this blog

Valutazione Template - Joomla! Forum - community, help and support

-
salve, prima di installare joomla, vorrei porvi tre semplici domande: 1) l'ultima versione in italiano di joomla, supporta questo template prodotto da gavik? loro scrivono che non è un semplice template, ma una vera e propria suite, ma vorrei una vostra opinione. qui sono descritte le funzioni della suite. 2) per sfruttare gli elementi che si vedono nella pagina, ad esempio quello in alto sinistra dove scorrono le notizie, occorre installare qualche componente aggiuntivo? 3) futuri upgrade alla piattaforma joomla, potranno inficiare il funzionamento o la compatibilità del template? vi ringrazio anticipatamente della disponibilità. 1) non vedo nulla di particolare se non una miriade di posizioni per blocchi 2) è un modulo se non sbaglio pagamento, ma adesso non ricordo bene 3) no. ti ricordo che devi installare joomla  1.0.12 Board index Joomla! International Language Support International Zone Italian Forum ...
Read more

SD Datastring Convention

-
i wondering if there preferred convention appending data logged?  see standard sd example uses: code: [select] void loop() {   // make string assembling data log:   string datastring = "";   // read 3 sensors , append string:   (int analogpin = 0; analogpin < 3; analogpin++) {     int sensor = analogread(analogpin);     datastring += string(sensor);     if (analogpin < 2) {       datastring += ",";     }   } creating string called datastring, , appending it, have seen in forums string not liked.  around this, code data logging looks this: code: [select] void sdupdate() {   datetime = rtc.now();   unsigned int hour = now.hour();   unsigned int minute = now.minute();   unsigned int second = now.second();   char datastring[100] = "";   char char_current_pay[15] = "";   char char_overall_pay[15] = ""; ...
Read more

First use of Arduino Uno : avrdude error on Blink uploading

-
hi all, i bought arduino (or should genuino) starter kit. first test , failing. i have follow religiously first pages , when trying upload blink sketch, uploading fails avrdude error : avrdude: stk500_recv(): programmer not responding. as suggested in other posts, have tried 1) switch latest hourly build of arduino ide 2) switch previous stable version of arduino ide (1.6.09) 3) change usb cable 1 know working fine 4) make same steps on computer (unfortunatelly, of them macos running on macos 10.11.6, not interesting test) 5) press reset before upload, interesting thing : tx led never flashes the full log attached. idea of why happening ? to save people having download log, it's sync error, resp=0x00 every time: code: [select] avrdude: stk500_recv(): programmer not responding avrdude: stk500_getsync() attempt 1 of 10: not in sync: resp=0x00 avrdude: stk500_recv(): programmer not responding and he's running 1.6.11 hourly avrdude 6.0.1. ...
Read more