[FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x

More
8 years 4 months ago - 8 years 4 months ago #58960 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
// Version constants
define('FLEXI_VERSION', FLEXI_J16GE ? '2.0.0' : '1.5.6');
define('FLEXI_RELEASE', 'RC9b (r1601)');
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #58964 by ggppdk
Replied by ggppdk on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Hello

That is really old version
And indeed v2.0.0 1601 had Sql injection in search view

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59016 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
For another site I am happy that I seemd to upgrade the website with flexicontent. Luckily this one was available through the backend and therefor didn't go down and I wonder if the other site's not availability was due to flexicontent. I think it was because of another component.

Now RSfirewall only shows this.
templates/default/html/com_flexicontent/item/form.php Possible PHP injection (obfuscated code using /e modifier) preg_replace('/(.*)/e

Is that normal? see attachment. And thank you so much for helping me untill now!
Attachments:
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59019 by ggppdk
Replied by ggppdk on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Hello

that is not a flexicontent file, it is a Joomla template override of a flexicontent file
that replaces the execution of FLEXIcontent,
- this file will be executed instead of FLEXIcontent file

- probably it is a hacked file

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59020 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Thanks! I renamed the file and the extension of the file. I did some audits with watchful.li and there is one left for flexicontent, but I don't that that can hurt. The others are Joomla's own once. RSfirewall not watchul.li's compare function does respond to these files. So it's apt to be good now.

/components/com_flexicontent/TODO.php system (vistamedia) Possible PHP Injection (Unix command)

/libraries/vendor/joomla/application/src/AbstractDaemonApplication.php system('export HOME="' . $info . '"'), passthru('kill -9 ' . $pid), system (mostly BSD-style systems) Possible PHP Injection (Unix command)

/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php popen($sendmail, 'w')), popen($sendmail, 'w')) Possible PHP Injection (Unix command)

/libraries/joomla/application/daemon.php system('export HOME="' . $info . '"'), passthru('kill -9 ' . $pid), system (mostly BSD-style systems) Possible PHP Injection (Unix command)
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59023 by ggppdk
Replied by ggppdk on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Hello

did you upgrade FLEXIcontent and Joomla ?
all these files are not the original FLEXIcontent / Joomla files
- they have been modified / hacked

- once a web-site is hacked, it will install backdoors in several places,
and it will reapply / re-hack various files

- thus upgrading Joomla and FLEXIcontent is not enough, you will need to remove all backdoors, if 1 hacked file remains it will re-apply hacks in other files

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.307 seconds

Last FLEXI-site

Last Faq articles

Newsletter

Last Tutos about FLEXIcontent

Login

Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline