Serious Security Breach on FlexiContent?

More
14 years 5 months ago #7262 by salid
Hi,

I have just been told by my hosting company that the flexicontent component has a security hole in it and allows spammers to use the domain then for spamming emails everywhere.

I had the account suspended and had to remove flexicontent.

Does anyone know of this?

I'm on the latest version 1.5.2

Please Log in or Create an account to join the conversation.

More
14 years 5 months ago #7267 by kenmcd
.
Some actual evidence would be helpful.

What specifically did they find?
Server log entries, files hacked, etc.?

If there is an actual issue,
I am sure people here would like to know all the information to fix it.

.

Please Log in or Create an account to join the conversation.

More
14 years 5 months ago #7288 by salid
They didn't fix it hence trying to warn everyone and developers to a potential problem.

All I got was an email and I uninstalled flexicontent to counter the problem. It worked nothing spammed now.

EMAIL from hosts with detail removed
From: SUSTAINABLE DEVELOPMENT AGENCY <no_reply@no_reply.org>
Reply-To: jobrecruitment@unsda.org
MIME-Version: 1.0
Content-Type: text/plain
Message-Id: <E1OHMoW-0008Bj-5h@domain.com>
Date: Wed, 26 May 2010 15:02:52 -0500
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - domain.com
X-AntiAbuse: Original Domain - aol.com
X-AntiAbuse: Originator/Caller UID/GID - [1629 32003] / [47 12]
X-AntiAbuse: Sender Address Domain - domain.com
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php
/home/username/public_html/components/com_flexicontent/librairies/phpthumb/m.php

X-Source-Dir:
domainname.co.uk:/public_html/components/com_flexicontent/librairies/phpthumb
x-aol-global-disposition: G
x-aol-sid: 3039ac1d601f4bfd7e6c5160
X-AOL-IP: 74.54.71.139
Content-Transfer-Encoding: quoted-printable
X-Mailer: Unknown (No Version)

But my hosting company said the problem was the component and unless there was an update for it I will have to remove it to get my account un-suspended.

Please Log in or Create an account to join the conversation.

More
14 years 5 months ago #7291 by kenmcd

salid wrote: ......
X-Source-Args: /usr/bin/php
/home/username/public_html/components/com_flexicontent/librairies/phpthumb/m.php
...


There is no such file (m.php) in FLEXIcontent.
You should have saved this file so you could look inside.

There is a server hack going around which adds such randomly named files which do the actual emailing.
GoDaddy has been particularly hard hit.
The files have some base64 encoded code inside.


Usually there are multiple files added.
You will need to check your entire installation.
One way to check is to download all server files via FTP and
locally run a search within all files for "base64_decode"

There are ongoing discussions in the Joomla Security forum.
You may want to take a look there.

Last time I looked the exact method of the hack had not yet been determined.


.

Please Log in or Create an account to join the conversation.

More
14 years 1 week ago #11646 by status101
Hi there,

I just got back to working on a site with FlexiContent, and have found that my ISP ( or someone or something? ) has removed all permissions ( 00000 )to the - components/com_flexicontent/librairies directory.

I have not had any emails as they go directly to the client who is not great at looking at things, but I am guessing it has something to do with this.. so I will investigate furthur, but wondering if there is any more discussion here with this.. or if anyone has any more details..

If this a phpthumb problem - and therfore a FlexiContent problem (ie: what do we use if we cant use this to gen thumbnails :) , a joomla problem, or something else?

Any thoughts, suggestions, information in what the hack is ( what can I search for in the Joomla forums) etc would be great!

Many thanks in advance

Michael Tull

Please Log in or Create an account to join the conversation.

More
14 years 6 days ago #11678 by micker
did you see this ?
<!-- l --><a class="postlink-local" href=" www.flexicontent.org/phpbb/viewtopic.php?f=16&t=2486 ">viewtopic.php?f=16&t=2486
regards

FLEXIcontent is Free but involves a very big effort on our part.
Like the our support? (for a bug-free FC, despite being huge extension) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing reviews. Thanks![/size]

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.379 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline