Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 15th May 2013, 12:36
Ph1L Ph1L is offline
Junior Member
 
Join Date: Apr 2013
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default Joomla 1.5 websites

Hi there,

After moved several websites to ISPConfig, we see that some websites, gets randomfilename.php uploaded in the root directory, like /var/www/clients/clientX/webX/web

The file is 100 % an exploit, in order to see directories, eval_base64 etc.

How to prevent this?
Reply With Quote
Sponsored Links
  #2  
Old 15th May 2013, 14:23
fbartels fbartels is offline
Junior Member
 
Join Date: Feb 2012
Location: Hanover, Germany
Posts: 21
Thanks: 0
Thanked 4 Times in 4 Posts
Default

Your best chance would be to replace this very old Joomla version with a more recent one without the security hole the attacker uses.
Reply With Quote
The Following User Says Thank You to fbartels For This Useful Post:
bamlesqtivanova6307 (23rd May 2013)
  #3  
Old 15th May 2013, 14:25
Ph1L Ph1L is offline
Junior Member
 
Join Date: Apr 2013
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Our 1.5.x are all on latest version 1.5.26, and cannot be upgraded to 2.5 or later.
Possible chmod on the web folder, so that no one can create files there ?
Reply With Quote
  #4  
Old 15th May 2013, 17:03
jnsc jnsc is offline
rotaredoM
 
Join Date: Mar 2006
Location: Lausanne, Switzerland
Posts: 525
Thanks: 10
Thanked 172 Times in 77 Posts
Default

Never allow execution of scripts in upload dirs!!!

have a look at this link

http://blog.kupchanko.cv.ua/2012/09/...ubdirectories/
Reply With Quote
  #5  
Old 15th May 2013, 17:05
Ph1L Ph1L is offline
Junior Member
 
Join Date: Apr 2013
Posts: 15
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I think I found the issue - JCE BOT - The Joomla installations had outdated JCE versions, according to http://docs.joomla.org/Vulnerable_Extensions_List

41.107.141.X - - [08/May/2013:23:07:11 +0200] "POST /index.php?option=com_jce&task=plugin&plugin=imgman ager&file=imgmanager&method=form&cid=20&6bc427c8a7 981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c 8e20b HTTP/1.0" 200 67 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:12 +0200] "POST /index.php?option=com_jce&task=plugin&plugin=imgman ager&file=imgmanager&method=form&cid=20 HTTP/1.0" 200 36 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:12 +0200] "GET /images/stories/gh.php?ghz HTTP/1.1" 200 20 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:13 +0200] "GET /gh.html HTTP/1.1" 200 446 "-" "BOT/0.1 (BOT for JCE)"
41.107.141.X - - [08/May/2013:23:07:16 +0200] "GET / HTTP/1.1" 500 1852 "-" "BOT/0.1 (BOT for JCE)"

Now JCE is updated
Reply With Quote
  #6  
Old 15th May 2013, 17:55
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,733
Thanks: 840
Thanked 5,597 Times in 4,407 Posts
 
Default

I recommend to install apache mod_security. It will block almost all attacks withits filters.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
onastvar (15th May 2013)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig & Joomla 1.5 onastvar General 4 30th June 2010 22:49
ISPConfig Joomla 1.5 Component kextra1 Tips/Tricks/Mods 0 29th August 2009 23:48
suPHP, Joomla! 1.5, file & diretory permissions pjdevries Installation/Configuration 17 19th June 2008 03:58
Setup problem ? affecting Joomla 1.5 install luoto Installation/Configuration 9 11th January 2008 10:38
ubuntu ispconfig joomla .htaccess steve1084 General 8 6th January 2007 16:55


All times are GMT +2. The time now is 21:25.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.