site hacked, host blames 'mambo' but i'm not sure. . . - Joomla! Forum - community, help and support
i visited 1 of sites find account "suspended". hosts response critical ticket this:
now, thing can blame on myself register globals , register globals emulation left on. have 4 or 5 other sites hosted in sub directories / domains , lowest joomla version 1.0.11. week ago or deleted last mambo install left on while ago couldn't 'mambo'.
there drupal install somewhere account of friend, has access subdirectory i'm not sure base public_html or not.
my question this: exploit joomla , upload file or host finding else blame poor server security on part? mean really, upload pearl script though joomla , run it?!?!?! seams little far fetched me maybe i'm out of touch can accomplished these days.
thoughts , comments?
installed components on base site:
badwords2 filter 1.0 b
banners 1.0.0
bsq sitestats 2.2.2
community builder 1.0.1
easybook 1.1
google maps 2.6
jce admin 1.0.4
joomlaboard forum 1.1.2 stable
joomlalib 1.2.2 beta
mass mail 4.5.1
news feeds 1.0.0
opensef 2.0.0-rc5_sp2
polls
syndicate 1.0.0
web links 1.0.0
mysql support enabled
mysql client api version 4.1.21
php version 4.4.4
joomla! register globals emulation: off
register globals: on (tried turning off breaks site completely)
magic quotes: on
safe mode: off
file uploads: on
session auto start: off
session save path: /tmp
short open tags: on
output buffering: off
open basedir: none
display errors: on
xml enabled: yes
zlib enabled: yes
disabled functions: none
it appears account taken offline sending udp floods.
have been keeping software date on account? e.g. mambo?
from can see mambo exploited , ' dc.pl' file uploaded. file used initiate attacks
against several other networks account. due intense amount being used took our server offline temporarily well.
feel free explain!
now, thing can blame on myself register globals , register globals emulation left on. have 4 or 5 other sites hosted in sub directories / domains , lowest joomla version 1.0.11. week ago or deleted last mambo install left on while ago couldn't 'mambo'.
there drupal install somewhere account of friend, has access subdirectory i'm not sure base public_html or not.
my question this: exploit joomla , upload file or host finding else blame poor server security on part? mean really, upload pearl script though joomla , run it?!?!?! seams little far fetched me maybe i'm out of touch can accomplished these days.
thoughts , comments?
installed components on base site:
badwords2 filter 1.0 b
banners 1.0.0
bsq sitestats 2.2.2
community builder 1.0.1
easybook 1.1
google maps 2.6
jce admin 1.0.4
joomlaboard forum 1.1.2 stable
joomlalib 1.2.2 beta
mass mail 4.5.1
news feeds 1.0.0
opensef 2.0.0-rc5_sp2
polls
syndicate 1.0.0
web links 1.0.0
mysql support enabled
mysql client api version 4.1.21
php version 4.4.4
joomla! register globals emulation: off
register globals: on (tried turning off breaks site completely)
magic quotes: on
safe mode: off
file uploads: on
session auto start: off
session save path: /tmp
short open tags: on
output buffering: off
open basedir: none
display errors: on
xml enabled: yes
zlib enabled: yes
disabled functions: none
like magic 8 ball, indications point yes
yes fault.
all of applications listed 'break' rg turned on have had updated versions released fix them operate in environment.
you dont mention having implemented joomla 1.011 htaccess rules.
you dont mention having turned off f_urlopen (which allows file injection register globals points to)
session save path: /tmp <--- no no.. should set path out of webspace and accessible localhost.
as matter of fact, not set tempdir /tmp.
the reason is, on shared environment, may readable others , process doesnt expose web may dump plain text or serialized memory data in /tmp, readily mined others
yes fault.
all of applications listed 'break' rg turned on have had updated versions released fix them operate in environment.
you dont mention having implemented joomla 1.011 htaccess rules.
you dont mention having turned off f_urlopen (which allows file injection register globals points to)
session save path: /tmp <--- no no.. should set path out of webspace and accessible localhost.
as matter of fact, not set tempdir /tmp.
the reason is, on shared environment, may readable others , process doesnt expose web may dump plain text or serialized memory data in /tmp, readily mined others
Comments
Post a Comment