Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a website based tin joomla 1.5.26 and in logs i see a hacking attempt.
The hacked found a bug on a installed mudule and he/she found the emails of the joomla users. I disabled that module but the reset passsword page it remains active when someone gives the direct link. (option=com_user&view=reset)
the reset passsword page it remains active when someone gives the direct link. (option=com_user&view=reset)
is there any way to disable/remove that page?
AFAIK this is default Joomla functionality (earlier trouble: CVE-2011-4321) but if you run mod_security you could try this rule:
The code the hacker was executed was this one.
?option=com_artforms&task=ferforms&viewform=-1%20UNION%20SELECT%201,group_concat(0x3a5f,username,0x3a,activation,0x5f3a),3,4,5,6%20from%20jos_use rs
even a joomla and linux beginer as me, can see that through the artforms, the attacker managed to find out the email address for the users that have access to the administrator page.
The administrator page is protected with apache authentication and a very complex username/password.
The anoying thing is that the hacker was trying to get the access frequently.
Anyway.
The artforms addon removed and that hacking attempts leads to 501 error.
For security reason every email, username, password has been changed.
Since i have only 3 users in the admin panel, i disabled the con_user directory where the reset password page was loading.
You are putting some effort to build some thing very core for business. Try to implement the below to prevent further attacks.
1.) Install NIKTO web scanner) and identify the existing bugs, so that you don't want to give an other chance.
2.) Periodically apply the patches released by Joomla, never hesitate to get the downtime..
3.) If you have enough fund, try to buy Symantec SCCM appliance(It alerts you when there is a minor change done without your notification & your URL will be monitored 24x7.)
4.) If point #3 cannot be achieved, go for IPTables.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.