...

Home
News
Joomla Extensions
Research
Downloads
Programming
Graphic Design
Me
Forum
Gallery
What I Don't Know Wiki
Search
Links
Contact Me
Bibliography
Administrator

Login

Who's Online

We have 1 guest online

Google








Home arrow Programmingarrow Joomla Extensionsarrow URGENT - Phishing hacked into Bibtex
Discussion Forum
January 09, 2009, 04:02:32 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  
Pages: [1]
« previous next »
  Print  
Author Topic: URGENT - Phishing hacked into Bibtex  (Read 2147 times)
Franka
Newbie
*
Posts: 24


View Profile Email
« on: June 04, 2008, 10:09:40 AM »
Some files have been added to the JOMBIB directory of my site after clean-up I am left with

BibTex.php
checkit.php
download.bib
errors.php
jombib.html.php
jombib.php
php.cgi.core

are these all supposed to be there, particularly that last one? which is 73Mb :-o
« Last Edit: June 04, 2008, 08:52:34 PM by Franka » Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #1 on: June 04, 2008, 03:55:13 PM »
last file is known now.

BIBTEX has been hacked  Angry
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #2 on: June 04, 2008, 08:51:33 PM »
Some 15,000 visitors hit the phishing page... with that many fools reacting to the spam  Shocked

There was also a virus package, no idea  if it was called by Bibtex as by the time I realised that the front end had been altered I had already disabled the files in the backend.

Identified, it was Trojan Horse PHP/BackDoor.C99shell in file bayo.php
« Last Edit: June 04, 2008, 08:55:46 PM by Franka » Logged
Mark Austin
Administrator
Full Member
*****
Posts: 101



View Profile Email
« Reply #3 on: June 04, 2008, 09:37:01 PM »
OK, it looks like there is a security hole in the Joomla Bibtex component that some cheerful group are taking advantage of.  I would love to get this fixed, but I simply do not have the time at the moment and have little experience when it comes to security.  I assume it is an SQL injection problem, can anyone give me a hint as to how to close the hole?
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #4 on: June 04, 2008, 10:20:37 PM »
I sent you the files Mark.

There is one hack in them that you advised re paging issue, other than that they should be as supplied in 1.32b release.
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #5 on: August 12, 2008, 06:01:40 PM »
Everyone should update their Bibtex component files bibtex.php, jombib.html.php and jombib.php

so that the first lines read to remove a major vulnerability:

<?php
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

remove later occurrence of
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' ); in one of the files.

With thanks to Hazzaa of joomlame.com
Logged
Franka
Newbie
*
Posts: 24


View Profile Email
« Reply #6 on: September 27, 2008, 12:48:28 PM »
I can confirm that the above change effectively fixed the SQL injection bug.

Mark - please create a updated release for this. Have you completed your thesis?
Logged
Mark Austin
Administrator
Full Member
*****
Posts: 101



View Profile Email
« Reply #7 on: December 23, 2008, 03:46:43 PM »
This is correct - apologies for not fixing this vulnerability months ago.  I will create an updated version when I next get access to my server.  For now please follow the above instructions.
Logged
Mark Austin
Administrator
Full Member
*****
Posts: 101



View Profile Email
« Reply #8 on: December 23, 2008, 04:12:34 PM »
I have released an update version of Joomla bibtex with this fix incorporated.  If you are updating, either follow the instructions described above to modify the files manually, replace the 3 files mentioned above with those in the new download, or reinstall the component (you will lose your uploaded references if you reinstall completely)
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  

Powered by SMF 1.1.1 | SMF © 2006, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
© 2009 Everything That I Know About