Site attacked via Havij SQL injection

Questions related to the configuration of Joomla, Templates, and Security related questions/issues
Post a reply
Rate this topic: Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.
GK User
Mon Jul 30, 2012 4:04 pm
Hi,

Someone contacted me asking to get in touch with them, saying they've hacked mysql's server and showing info like mysql user and base and the email used while installing joomla...etc.

I've been checking the logs and found the attack launched this morning thru havij... anyone heard about any vulnabirilities in TWN2 v2.6 (and yes I already tried installing v2.8 had bugs that i tried to get fixed thru the forum support none helped...)?

Version de Joomla Joomla! 2.5.4 Stable [ Ember ] 2-April-2012 14:00 GMT
Version de la plateforme Joomla! Joomla Platform 11.4.0 Stable [ Brian Kernighan ] 03-Jan-2012 00:00 GMT
User avatar
Senior Boarder
GK User
Mon Jul 30, 2012 11:57 pm
Instead of template update , why don't you update your joomla version to 2.5.6 ?
User avatar
Platinum Boarder
GK User
Tue Jul 31, 2012 5:45 pm
normanUK wrote:Instead of template update , why don't you update your joomla version to 2.5.6 ?


I did, few mins after my post.. I've moved the administrator folder thru .htaccess file, which makes it not accessible directly if you try /administrator, you need to go thru another access path/folder, once a cookie is received by your computer you're redirected to the right path..

Checking on my error logs i found 2 attempts to login to the admin panel using a wrong user.. no way so they can get the path to the new folder... and they also sent me a pm in FB with the db name and db user.. the site provider say they've scanned the website and nothing found!
User avatar
Senior Boarder
GK User
Tue Jul 31, 2012 10:50 pm
If they really have your db details then make sure to change your known db users and passwords. You might wanna try firewall components for joomla against such sql injection attacks.


See you around...
User avatar
Platinum Boarder
GK User
Sat Sep 01, 2012 7:35 pm
Hello!
I had a similar problem.
A mysql injection attack, not allowing the site is offline.
Even setting the permissions management in TWN2 he leaves the site unseen.
The admin is protected, but even with the reports and records is a terrible exercise chasing false robots. :shock:

When there is any correction or update, please let us know.

A hug for us security
User avatar
Senior Boarder
GK User
Sun Sep 02, 2012 12:27 am
Havij is a program that can be used by anyone.
I use it to test out the new versions of Joomla and VM and to patch the bugs myself.

Always to this when I put a website online.
User avatar
Fresh Boarder
GK User
Sun Sep 02, 2012 1:14 am
Greetings!
The penetration test is always valid.
Explore these failures are not always ...

Important learning.
Thanks!
See you there ...
User avatar
Senior Boarder
Post a reply
cron