Discussion Forum

Some files have been added to the JOMBIB directory of my site after clean-up I am left with

BibTex.php
checkit.php
download.bib
errors.php
jombib.html.php
jombib.php
php.cgi.core

are these all supposed to be there, particularly that last one? which is 73Mb :-o

last file is known now.

BIBTEX has been hacked  >:(

Some 15,000 visitors hit the phishing page... with that many fools reacting to the spam  :o

There was also a virus package, no idea  if it was called by Bibtex as by the time I realised that the front end had been altered I had already disabled the files in the backend.

Identified, it was Trojan Horse PHP/BackDoor.C99shell in file bayo.php

OK, it looks like there is a security hole in the Joomla Bibtex component that some cheerful group are taking advantage of.  I would love to get this fixed, but I simply do not have the time at the moment and have little experience when it comes to security.  I assume it is an SQL injection problem, can anyone give me a hint as to how to close the hole?

I sent you the files Mark.

There is one hack in them that you advised re paging issue, other than that they should be as supplied in 1.32b release.

Everyone should update their Bibtex component files bibtex.php, jombib.html.php and jombib.php

so that the first lines read to remove a major vulnerability:

<?php
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

remove later occurrence of
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); in one of the files.

With thanks to Hazzaa of joomlame.com

I can confirm that the above change effectively fixed the SQL injection bug.

Mark - please create a updated release for this. Have you completed your thesis?