...

Home
News
Joomla Extensions
Research
Programming
Graphic Design
Me
Forum
Downloads
Gallery
What I Don't Know Wiki
Search
Links
Contact Me
Bibliography
Administrator

Login

Who's Online

Google








Home arrow Programmingarrow Joomla Extensionsarrow URGENT - Phishing hacked into Bibtex
Discussion Forum
December 04, 2008, 05:56:02 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: URGENT - Phishing hacked into Bibtex  (Read 1672 times)
Franka
Newbie
*
Posts: 24


View Profile Email
« on: June 04, 2008, 10:09:40 AM »
Some files have been added to the JOMBIB directory of my site after clean-up I am left with

BibTex.php
checkit.php
download.bib
errors.php
jombib.html.php
jombib.php
php.cgi.core

are these all supposed to be there, particularly that last one? which is 73Mb :-o
« Last Edit: June 04, 2008, 08:52:34 PM by Franka » Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #1 on: June 04, 2008, 03:55:13 PM »
last file is known now.

BIBTEX has been hacked  Angry
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #2 on: June 04, 2008, 08:51:33 PM »
Some 15,000 visitors hit the phishing page... with that many fools reacting to the spam  Shocked

There was also a virus package, no idea  if it was called by Bibtex as by the time I realised that the front end had been altered I had already disabled the files in the backend.

Identified, it was Trojan Horse PHP/BackDoor.C99shell in file bayo.php
« Last Edit: June 04, 2008, 08:55:46 PM by Franka » Logged
Mark Austin
Administrator
Jr. Member
*****
Posts: 97



View Profile Email
« Reply #3 on: June 04, 2008, 09:37:01 PM »
OK, it looks like there is a security hole in the Joomla Bibtex component that some cheerful group are taking advantage of.  I would love to get this fixed, but I simply do not have the time at the moment and have little experience when it comes to security.  I assume it is an SQL injection problem, can anyone give me a hint as to how to close the hole?
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #4 on: June 04, 2008, 10:20:37 PM »
I sent you the files Mark.

There is one hack in them that you advised re paging issue, other than that they should be as supplied in 1.32b release.
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #5 on: August 12, 2008, 06:01:40 PM »
Everyone should update their Bibtex component files bibtex.php, jombib.html.php and jombib.php

so that the first lines read to remove a major vulnerability:

<?php
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

remove later occurrence of
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); in one of the files.

With thanks to Hazzaa of joomlame.com
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #6 on: September 27, 2008, 12:48:28 PM »
I can confirm that the above change effectively fixed the SQL injection bug.

Mark - please create a updated release for this. Have you completed your thesis?
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.1 | SMF © 2006, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
© 2008 Everything That I Know About