Automated Joomla hack in the wild
One of my coworkers runs a Joomla based site for his Milsim Shop (wikipedia) and today he was faced with the following when opening his site:
Apparently it had been replaced with a defacement, like many others.
Seems to me that is that this is an automated attack exploiting vulnerable Joomla installs, where it exploits a security issue that allows for remote administrator password changes.
The issue was reported and fixed on the 12th of August 2008 when a new 1.5.6 release was made available. Joomla themselves has also been bit by this when a non-public development site was used to deface joomla.org itself.
So far it seems like all the attacker did was to change the administrator password and replace the template index.php file. I recovered the admin password my putting a raw md5sum of a known string manually into the MySQL database Joomla uses
Post metadata
Published August 27, 2008 13:10
0 comments
Tagged with attack, CMS, Joomla and security
Quickies
- Microsofts finally gets virtual licensing | August 19, 2008 22:38
Microsoft did something good today. Today’s press release announcing the new and updated licensing schemes for server products running in virtualized environments brings them right back into touch with their customers and with their own Hyper-V virtualization technology they frankly had no choice….
read more - Windows Server 2008 Workstation Converter | July 23, 2008 10:37
I’ve been running Windows Server 2008 as my main OS for my laptop or a while now and I’m still very happy with it….
read more - Cool Photoblogs | May 2, 2008 11:34
A long time ago I submitted my photoblog site to Coolphotoblogs and subsequently forgot about it. Today I got an email telling me that the site had been approved for listing. Very cool, and I’m anxious to see what kind of rating the site gets. Please check out Opticalpork and …
read more - Habari 0.4 Released | February 22, 2008 08:34
The Habari team has just released version 0.4, which incorporates over 230 code changes and quite a few very nice improvements since the last release. For more details, check out the release notes and commit log.
Hopefully this is the last Developer Review release, before Habari enters official beta status. - VMware to aquire Thinstall | January 15, 2008 15:06
VMware is excited to announce the acquisition of Thinstall, a complementary virtualization solution provider.
Thats pretty interesting indeed and should complement the VMWare VDI initiative nicely. Read the whole press release, and the Whats New/Thinstall page on vmware.com. There doesn’t seem to be much news regarding how VMware will …
read more
Featured Post
Huge VMware ESX/ESXi 3.5 Update 2 Bug Discovered
VMware ESX/ESXi 3.5 Update 2 users around the globe are experiencing huge problems with their infrastructure. A bug in the latest version of the VMware enterprise virtualization software might render thousands, if not more, virtual machines unbootable….
read moreFeatured Post
Gallery goes to Amsterdam
This weekend most of the Other Content
Recent posts
![[]](http://h0bbel.p0ggel.org/user/themes/meshup/images/silk/page_white.png)
Comments
![[]](http://www.gravatar.com/avatar.php?gravatar_id=960746f7ad096fabbf3c753238d773a7&size=16){kind=avatar}
![[]](http://www.gravatar.com/avatar.php?gravatar_id=d6f4af14153908de33b448b034a46f3d&size=16){kind=avatar}
![[]](http://www.gravatar.com/avatar.php?gravatar_id=094f3b2caa41c2a36378ab1d165958f5&size=16){kind=avatar}
![[]](http://www.gravatar.com/avatar.php?gravatar_id=e076cb8dfb81c15933038dc93cb6570a&size=16){kind=avatar}
del.icio.us
Random Images
