Author Topic: Site Hacked via Virtuemart  (Read 2710 times)

johnlanglois

  • Jr. Member
  • **
  • Posts: 50
Site Hacked via Virtuemart
« on: June 07, 2010, 15:07:33 pm »
Our ISP notified us that our site had been hacked.

We were running Joomla 1.5.15 and VM 1.1.4.  The hack occurred via XSS during the VM customer registration.  Files were posted to the website.

ISP suggests that Joomla 1.5.18 will solve the problem.  Is there anything we should change about Virtuemart?

Thanks

PRO

  • Global Moderator
  • Super Hero
  • *
  • Posts: 10437
  • VirtueMart Version: 3+
Re: Site Hacked via Virtuemart
« Reply #1 on: June 07, 2010, 15:16:40 pm »
they registered through joomla or vmart?

johnlanglois

  • Jr. Member
  • **
  • Posts: 50
Re: Site Hacked via Virtuemart
« Reply #2 on: June 07, 2010, 23:02:51 pm »
They register via virtuemart.  However, I did find a screen where the Joomla login module was enabled.  I have disabled that, along with removing the .system files left by the hackers.

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 28336
  • Always on vacation
    • Jenkin Hill Internet
Re: Site Hacked via Virtuemart
« Reply #3 on: June 07, 2010, 23:18:41 pm »
All Joomla versions before 1.5.18 are known to have security issues, and I'll guess that you had not applied the security patches for VirtueMart 1.1.4? See http://forum.virtuemart.net/index.php?action=globalAnnouncements;id=4  although the VM issue can only be exploited when logged in as admin.

It is important to sign up for the Joomla security feed.
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VirtueMart  4.0.2 10661 on Joomla 3.10.9 PHP 7.4.29

johnlanglois

  • Jr. Member
  • **
  • Posts: 50
Re: Site Hacked via Virtuemart
« Reply #4 on: June 08, 2010, 04:28:54 am »
Thanks for the note.
We do have those patches in place.  I am curious as to why something that important would be addressed through patches rather than a product update.

Are there other patches that we don't know about?

Thank you.

jenkinhill

  • UK Web Developer & Consultant
  • Global Moderator
  • Super Hero
  • *
  • Posts: 28336
  • Always on vacation
    • Jenkin Hill Internet
Re: Site Hacked via Virtuemart
« Reply #5 on: June 08, 2010, 09:03:57 am »
A full update to replace just 2 files would be overkill and likely to be ignored by too many users, especially those who have made some hacks. In this case VM could only be exploited when someone was actually logged in to the backend as an administrator, while the issues/risks with not updating Joomla were much greater.

As well as monitoring the Joomla forums for issues, I subscribe to http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
Kelvyn

Jenkin Hill Internet,
Lowestoft, Suffolk, UK

Unsolicited PMs/emails will be ignored.

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum

Currently using VirtueMart  4.0.2 10661 on Joomla 3.10.9 PHP 7.4.29