CentrioHost Blog

Stories and News from IT Industry, Reviews & Tips | Technology Blog


Recent Joomla! Compromise Might Affect You

  • Category : Website Security
  • Posted on : Sep 17, 2012
  • Views : 1,991
  • By : Radcliff S.
We are noticing a string of Joomla! compromises, and we wanted to share some details for those running the Content Management System (CMS). This current exploit is affecting the following versions of Joomla :
  • 1.6.x
  • 1.7.x
  • 2.5.0-2.5.2
  • 2.5.4
  • all earlier 2.5.x versions
 
The compromise begins with the attacker registering a user, and then escalating that user’s privileges to an administration level. In every case, we noticed the attackers add a user with a Gmail™ address beginning with xxxtxxx and the user name of alexaalexa.
 
Once the attackers have their user on the account, they typically come back a few days later and edit the error.php file to create a script that allows people to upload content anonymously. A few days after the creation of the file upload script, the attackers come back again and uploads the following file s:
  • rp.php
  • indx.php
  • stph.php
  
This attack is extremely malicious, and the stph.php file performs other aggressive attacks against other networks. To see if your site is affected, run the following query :
  
 SELECT u.username AS username, u.email AS email, g.group_id AS group_id
 
 FROM jos_users u, jos_user_usergroup_map g
 
 WHERE u.email LIKE ‘xxxtxxx%’
 
 AND u.id = g.user_id
 
  
If the email matches xxxtxxx, the user name matches alexaalexa, and the group_id is either a 7 or 8, your account is compromised. Group_id 7 is associated with the Administrator group, and group_id 8 is associated with the Super Administrator group. As a general rule, users do not have these permissions.
  
  1. If affected, we recommend taking the following actions:
  2. Remove the uploaded files, and then restore the error.php file to its original content.
  3. Remove any users with the group_id of 7 or 8.
  4. Update Joomla to the latest version.
  5. Update all themes, plugins, and extensions to their latest versions.

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!

Archive Calendar

SatSunMonTueWedThuFri
 123456
78910111213
14151617181920
21222324252627
28293031 

Over 20000 Satisfied Customers!

  • web hosting reviewer
    Valerie Quinn
    CTO, Acteon Group

    Centriohost staff were fantastic, I had a concern with a domain and they got back to me very quickly and they helped me to resolve the issue! ~ . . . Read more

  • Joomla hosting reviewer
    Collin Bryan
    Photographer, Allister Freeman

    I'm using centrio for my portfolio since 2006. The transition was seamless, the support was immediate, and everything works perfectly. ~ . . . Read more

  • dedicated server reviewer
    Harry Collett
    Actor, A&J Artists

    Very easy to understand & use even though I am not very technologically minded. No complications whatsoever & I wouldn't hesitate to recommend it to all. ~ . . . Read more

  • vps web hosting reviewer
    Porfirio Santos
    Technician, Diageo PLC

    Centrio support team have been amazingly responsive and helpful to any of my queries, thank you so much to the Centriohost have been amazingly responsive and helpful to any of my queries 👍👍👍 ~ . . . Read more

  • wordpress hosting plans reviewer
    Catherine Auer
    Doctor, SmartClinics

    Anytime I've had a problem I can't solve, I've found Centriohost to be diligent and persistent. They simply won't let an issue go until the client is happy. ~ . . . Read more

  • reseller hosting reviewer
    Effectivo Social
    Freelancer, Fiverr

    Recommend their shared hosting for all my SME web design clients. Their cloud or VME offerings are too great to deal with. Pricing is perfect and suitable for all users (͠≖ ͜ʖ͠≖) 👌 ~ . . . Read more

Top