Community Builder in Joomla Vulnerability

Malware Detected!

Warning: Visiting this site may harm your computer!

The website at .....ru appears to host malware - software that can hurt your computer or otherwise operate without your consent.  Just viisting a site that hosts malware can infect your computer.

For detailed information about the problems with this site, visit the Google Safe Browsing diagnostic page for this address

I understand that visiting this site may harm my computer.

Continue?

warning_malwaredetected.png

Even if you use the latest versions of Community Builder (v1.2) and Joomla (v1.0.14) then you're vulnerable to a hack.  Watch for users signing up with the .ru top-level domain as they love playing this about and giving all russians a bad name on the net.

If you visit your site and receive either the above error or the alert that a malware was detected: congratulations! you've been hacked.

So first of all check that this is not just a hack to your index.html file in your web root folder (you may find a .heder.php file as well in your webroot as well as some strange index files with strange naming conventions (eg. xzcseifs_kdiek.html) which shouldn't be there either).  You'll need to remove these and restore your website.  I'd suggest joomlapack if you're using a joomla site, backup just the database, do a fresh install of joomla and use the database sql file as the migration script.

There are some more details of prevous CB hacks in the Joomla forum (source: http://forum.joomla.org/viewtopic.php?t=84436) .  

In fact, there are quite a few vulnerabilities my scanners have picked up on and so I'll be posting solutions for those who need to keep Community Builder as their user manager.  There are several things I have picked up which I will go into more detail as I test each one (11.11.09):

Keywords:

Hacking, XSS & SQL-Injections.


Credit where Credit is Due:


Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman
www.joellipman.com

Related Articles

Joes Revolver Map

Accreditation

Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Paypal:
Donate to Joel Lipman via PayPal

Bitcoin:
Donate to Joel Lipman with Bitcoin bc1qf6elrdxc968h0k673l2djc9wrpazhqtxw8qqp4

Ethereum:
Donate to Joel Lipman with Ethereum 0xb038962F3809b425D661EF5D22294Cf45E02FebF
© 2024 Joel Lipman .com. All Rights Reserved.