Community Builder in Joomla Vulnerability

Malware Detected!

Warning: Visiting this site may harm your computer!

The website at appears to host malware - software that can hurt your computer or otherwise operate without your consent.  Just viisting a site that hosts malware can infect your computer.

For detailed information about the problems with this site, visit the Google Safe Browsing diagnostic page for this address

I understand that visiting this site may harm my computer.



Even if you use the latest versions of Community Builder (v1.2) and Joomla (v1.0.14) then you're vulnerable to a hack.  Watch for users signing up with the .ru top-level domain as they love playing this about and giving all russians a bad name on the net.

If you visit your site and receive either the above error or the alert that a malware was detected: congratulations! you've been hacked.

So first of all check that this is not just a hack to your index.html file in your web root folder (you may find a .heder.php file as well in your webroot as well as some strange index files with strange naming conventions (eg. xzcseifs_kdiek.html) which shouldn't be there either).  You'll need to remove these and restore your website.  I'd suggest joomlapack if you're using a joomla site, backup just the database, do a fresh install of joomla and use the database sql file as the migration script.

There are some more details of prevous CB hacks in the Joomla forum (source: .  

In fact, there are quite a few vulnerabilities my scanners have picked up on and so I'll be posting solutions for those who need to keep Community Builder as their user manager.  There are several things I have picked up which I will go into more detail as I test each one (11.11.09):


Hacking, XSS & SQL-Injections.

Credit where Credit is Due:

Feel free to copy, redistribute and share this information. All that we ask is that you attribute credit and possibly even a link back to this website as it really helps in our search engine rankings.

Disclaimer: Please note that the information provided on this website is intended for informational purposes only and does not represent a warranty. The opinions expressed are those of the author only. We recommend testing any solutions in a development environment before implementing them in production. The articles are based on our good faith efforts and were current at the time of writing, reflecting our practical experience in a commercial setting.

Thank you for visiting and, as always, we hope this website was of some use to you!

Kind Regards,

Joel Lipman

Related Articles

Joes Revolver Map


Badge - Certified Zoho Creator Associate
Badge - Certified Zoho Creator Associate

Donate & Support

If you like my content, and would like to support this sharing site, feel free to donate using a method below:

Donate to Joel Lipman via PayPal

Donate to Joel Lipman with Bitcoin - Valid till 8 May 2022 bc1qjtp4l4ra452wzvuk9a45yfj82zkahsyy2z379y
© 2023 Joel Lipman .com. All Rights Reserved.