Comments

Pages

Monday, September 17, 2012

Recent Joomla! Compromise Might Affect You

We are noticing a string of Joomla! compromises, and we wanted to share some details for those running the Content Management System (CMS). This current exploit is affecting the following versions of Joomla :
  • 1.6.x
  • 1.7.x
  • 2.5.0-2.5.2
  • 2.5.4
  • all earlier 2.5.x versions
 
The compromise begins with the attacker registering a user, and then escalating that user’s privileges to an administration level. In every case, we noticed the attackers add a user with a Gmail™ address beginning with xxxtxxx and the user name of alexaalexa.
Once the attackers have their user on the account, they typically come back a few days later and edit the error.php file to create a script that allows people to upload content anonymously. A few days after the creation of the file upload script, the attackers come back again and uploads the following file s:
  • rp.php
  • indx.php
  • stph.php
  
This attack is extremely malicious, and the stph.php file performs other aggressive attacks against other networks. To see if your site is affected, run the following query :
  
SELECT u.username AS username, u.email AS email, g.group_id AS group_id

FROM jos_users u, jos_user_usergroup_map g

WHERE u.email LIKE ‘xxxtxxx%’

AND u.id = g.user_id

  
If the email matches xxxtxxx, the user name matches alexaalexa, and the group_id is either a 7 or 8, your account is compromised. Group_id 7 is associated with the Administrator group, and group_id 8 is associated with the Super Administrator group. As a general rule, users do not have these permissions.
  
  1. If affected, we recommend taking the following actions:
  2. Remove the uploaded files, and then restore the error.php file to its original content.
  3. Remove any users with the group_id of 7 or 8.
  4. Update Joomla to the latest version.
  5. Update all themes, plugins, and extensions to their latest versions.

Tuesday, September 11, 2012

Google’s Emanuel Update: No One is Safe – Except for YouTube

Google’s recent update to its search index algorithm has been dubbed “Emanuel” by the media, and Emanuel has a Hollywood vendetta to fulfill. The purpose of Emanuel is to target websites that are hosting material in violation of the Digital Millennium Copyright Act (DCMA). In most cases, these websites will be big websites that illegally host pirated material like movies and music. The big torrent sites will be hit the hardest – but what about YouTube? Nope. YouTube has been the subject of many controversial copyright allegations, yet it’s very unlikely that Emanuel will penalize it at all.

Copyright Infringement Allegations at Work

The way Google will determine if a site should be penalized or not is by tallying up the number of copyright violation claims Google has received against it. Google evaluates every claim individually for validity, however Google can’t issue an official ruling, because Google is not a judge, and a claim is not a lawsuit. In other words, many of those claims might be bogus. Knowing this, Google has decided that a website needs to have a significant, unusually high number of copyright violation claims against it before it will be penalized. Essentially, if thousands of people say a website is in DCMA violation, it’s more likely that it is, when compared to other sites with only a handful, or one or two, complaints.

Is YouTube Above the Law?

For some reason – maybe because Google owns YouTube – copyright claims against YouTube don’t hold the same weight that they do for other sites when it comes to PageRank and penalties. If you want to file a copyright allegation against YouTube, you can’t even do it in the same method as all other claims; you’re directed to file copyright claims directly and internally with YouTube. Google claims that YouTube isn’t above the law, and in fact that Google is stricter with YouTube than other sites, but it’s easy to see why that’s hard to believe. If copyright allegations go through YouTube itself, rather than straight to Google with all other copyright allegations, then YouTube’s claims won’t count in the tally of DCMA complaints that Google uses to determine penalties. It’s essentially a way that Google can circumvent its own policy.

Can Other Sites Protect Themselves, Too?

If you run a website that hosts a lot of questionable material, you can expect to be hit with some DCMA claims, and if you get a lot, Google will lower your PageRank. Is there a way you could avoid this in the same way as YouTube? You certainly can’t require people to report their claims elsewhere and stick a link on Google’s claims reporting page like Google could for YouTube. You can, however, attempt to encourage people to file their complaints with you and give you the chance to remedy the problem before they go to Google. This, of course, means that you’d actually have to remedy the problem, otherwise an accuser would just go to Google anyway.

And accusers are going to Google in droves. Since Emanuel, more DCMA violation complaints have been filed with Google in one month than in the entire year of 2009. How many of these claims are legitimate, how many aren’t, and how many are simply stabs at competitors? We have no way of knowing, and It’s a slippery slope. But one thing is clear: host copyright infringing material, and you’ll feel the wrath of Emanuel (unless you’re YouTube).
 

Blogger news

Blogroll

About