Hi, I have lot of 1.5 sites I am working to migrate, but they keep getting hacked, I know weblinks and jce have vulnerabilities and I uninstalled them both. I just saw some bamboo extensions on a list at joomla.org with this comment below and want to clarify for my understanding. I have several modules in about 8 sites I would rather not have to update. Does this message mean that I don't need to? Is there a date associated with this update that I can verify my own installs with? Thanks!!!!

All extensions available on the [joomlabamboo.com site have been updated] and this potential security issue has been resolved.

Hi Carin,

Those extensions were updated a few years ago (so if you have the latest then it should be no issue) and the security issue was just on some servers. It involved missing index.html file and some files with the Joomla or die statement missing. This meant that in some instances people would be able to execute some scripts - but as I say this was a pretty rare server setup that would allow this.

The biggest issue was obviously JCE but what may have happened is that the original hack placed some rootkit files on the server so regardless of whether you removed or updated JCE they may still have access. I'd highly recommend getting a scan done via Phil Taylor's service: myjoomla.com/

Be keen to hear what that audit reveals.

Best of luck with it.

Anthony

Thanks Anthony for that detailed response, I ran the audit, several files came back which were in components I was not using, so I uninstalled them (without looking to see if they even contained malicious code) , also, a mod_microblog file was included in the list
/modules/mod_microblog/tmpl/default.php
I manually checked the file and did not see any hacker type code that I could identify, but included the file here if you needed for your own reference. (I renamed it .txt so I could upload it) I may have attached it twice, the add file does not seem to work right, Thanks again, Carin

Hi

Sorry about the attachment issue - its a mootools glitch that seems to affect firefox a lot - can you try attaching in Chrome?

Thanks
Paul

Hi Paul, thanks for the update, here it is!

Thanks Carin - I cant see anything in there either.

False positive I guess.

Cheers

Thanks Anthony!