Joomla hack for non 1.5.9 users

“I have some goods and some bad news the good news is that I got the url of your website, the bad news is that your website has been hacked” This are the words of a client I had given my biz card.

Joomla version lesser than 1.5.9 is on the verge of attack, the hackers are aiming on token faking,

A fault in the reset token validation mechanism allows for non-validating tokens to be faked. This will allow an unauthenticated and/or unauthorized user to reset the password of the first enabled user. The reset mainly happen when using the default user name (admin) so changing the username MAY Diminish the possibility of a hack just ensure that the admin is indeed disable or change the username (not warranted to work). However the sure way to ensure that you are safe is to upgrade 1.5.9 or patch the com_user component somewhere here /components/com_user/models/reset.php

The hacker will aim at defacing Three part of the site depending on the expertises.

  1. The index.php on the root directory (this is a naïve hacker or so I think.) Just copy any working joomla index.php file and you are good to go.
  2. The other is defacing the template in use. For this you will need to uninstall and install a fresh copy of the template.
  3. The worst is if he deletes the entire website (this is your hater, hackers are quite mild talk of paradox).

One big lesson is that you have to back up your website once for the folders and the other for the database.

Hope I help.


About ngethenjoroge

This entry was posted in Technologies. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s