Notice

The forum is in read only mode.

Support Forum

Welcome! Support Forums have been reactivated
Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.

Hackers targeting jomsocial sites ?

10 years 2 weeks ago
  • Viktor 's Avatar
    Topic Author
  • Viktor
  • Offline
  • Junior Boarder
  • Posts: 131
  • Thank you received: 29
Licenses:
JomSocial Expired

My jomsocial site just got hacked... but i got something interesting:
upload feature suddenly does not work .. i compare with my backup (the working one)

on com_community/controllers/photos.php
the line:
$fileName = JApplication::getHash($photo->image . time());

are suddenly change into:
$fileName = JUtility::getHash( $imageFile . time() );

of course its crash because getHash in JUtility is deprecated in Joomla 3.0

also from the header file:

/** 
* @copyright (C) 2013 iJoomla, Inc. - All rights reserved.
 * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html)
 * @author iJoomla.com <[email protected]>
 * @url https://www.jomsocial.com/license-agreement
 * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript *are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0
 * More info at https://www.jomsocial.com/license-agreement
 */

get replaced by
/**
 * @package		JomSocial
 * @subpackage  Controller 
 * @copyright (C) 2008 by Slashes & Dots Sdn Bhd - All rights reserved!
 * @license		GNU/GPL, see LICENSE.php
 * RCE Patched by d3b~X

 */


so my conclusion would be:
- the hacker knows jomsocial/joomla loophole AND targetting jomsocial site

My Question: Is this known issue ? or related with the latest security patch ?

10 years 2 weeks ago
  • Viktor 's Avatar
    Topic Author
  • Viktor
  • Offline
  • Junior Boarder
  • Posts: 131
  • Thank you received: 29
Licenses:
JomSocial Expired

Since i'm about to restore with the original.. here's i attached the hacked one if you need to review it..

as most hacker proud of, they leave footprint...
reoncomics.com/ganteng.php

10 years 2 weeks ago
Licenses:
JomSocial Active GURU Active Publisher Active AdAgency Active iSEO Active Socialize Active

This is the issue we fixed few weeks ago, but you need to make sure that you have cleaned up your site completely after patch is applied
www.joshpate.com/2013/01/how-to-fix-hack...-on-joomla-web-site/

- Don't say feature not working. Instead, explain what you tried and what was the outcome.
- When you think you found the bug, try to replicate it on a fresh Joomla.
- When looking for support always provide temporary Super Administrative access to your site. We will ask for it anyway.
- Help yourself and read documentation which can give you answers to almost all questions you may have
Moderators: Piotr Garasiński
Powered by Kunena Forum

Join 180,000 websites creating Amazing communities

JomSocial is the most complete, easy-to-use addon that turns Joomla CMS into a
full -fledged, social networking site

TRY NOW BUY NOW

About Us

Our product

Support

Contact Us

Site Policies

Elsewhere

© JomSocial.com All Rights Reserved