Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #29662 > unrolled thread

One of my joomla webpages has been hacked. Please help.

Back to article view | Back to comp.lang.python

Contents

  One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-21 11:45 -0700
    Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-22 11:34 +1000
    Re: One of my joomla webpages has been hacked. Please help. Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-09-22 01:42 +0000
      Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-22 11:48 +1000
      Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 00:13 -0700
        Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-22 18:07 +1000
          Re: One of my joomla webpages has been hacked. Please help. Alister <alister.ware@ntlworld.com> - 2012-09-22 11:10 +0000
    Re: One of my joomla webpages has been hacked. Please help. Peter Otten <__peter__@web.de> - 2012-09-22 09:26 +0200
      Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 01:02 -0700
        Re: One of my joomla webpages has been hacked. Please help. Kev Dwyer <kevin.p.dwyer@gmail.com> - 2012-09-22 11:13 +0100
          Re: One of my joomla webpages has been hacked. Please help. Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-09-22 13:09 +0000
            Re: One of my joomla webpages has been hacked. Please help. Alister <alister.ware@ntlworld.com> - 2012-09-22 13:29 +0000
            Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 07:44 -0700
              Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-23 00:57 +1000
                Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 11:13 -0700
                  Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-23 04:17 +1000
                    Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 19:52 -0700
                      Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-23 12:55 +1000
                      Re: One of my joomla webpages has been hacked. Please help. Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2012-09-23 04:06 +0000
                        Re: One of my joomla webpages has been hacked. Please help. Dwight Hutto <dwightdhutto@gmail.com> - 2012-09-23 00:48 -0400
                          Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 22:19 -0700
                            Re: One of my joomla webpages has been hacked. Please help. Dwight Hutto <dwightdhutto@gmail.com> - 2012-09-23 01:28 -0400
                          Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 22:19 -0700
                        Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-23 14:56 +1000
                        Re: One of my joomla webpages has been hacked. Please help. Dwight Hutto <dwightdhutto@gmail.com> - 2012-09-23 01:18 -0400
                        Re: One of my joomla webpages has been hacked. Please help. Chris Angelico <rosuav@gmail.com> - 2012-09-23 15:38 +1000
                          Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 23:54 -0700
                            RE: One of my joomla webpages has been hacked. Please help. "Prasad, Ramit" <ramit.prasad@jpmorgan.com> - 2012-09-27 17:06 +0000
                          Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 23:54 -0700
                        Re: One of my joomla webpages has been hacked. Please help. Wayne Werner <wayne@waynewerner.com> - 2012-09-26 20:06 -0500
                        Re: One of my joomla webpages has been hacked. Please help. Emile van Sebille <emile@fenx.com> - 2012-09-26 18:33 -0700
                        Re: One of my joomla webpages has been hacked. Please help. MRAB <python@mrabarnett.plus.com> - 2012-09-27 03:02 +0100
                    Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 19:52 -0700
                  Re: One of my joomla webpages has been hacked. Please help. Wayne Werner <wayne@waynewerner.com> - 2012-09-26 20:03 -0500
                Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 11:13 -0700
              Re: One of my joomla webpages has been hacked. Please help. Ben Finney <ben+python@benfinney.id.au> - 2012-09-23 01:21 +1000
      Re: One of my joomla webpages has been hacked. Please help. Νίκος Γκρεεκ <nikos.gr33k@gmail.com> - 2012-09-22 01:02 -0700
    Re: One of my joomla webpages has been hacked. Please help. Dwight Hutto <dwightdhutto@gmail.com> - 2012-09-22 04:59 -0400
    Re: One of my joomla webpages has been hacked. Please help. alex23 <wuwei23@gmail.com> - 2012-09-23 19:53 -0700

Page 1 of 2  [1] 2  Next page →

#29662 — One of my joomla webpages has been hacked. Please help.

Hello,

One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.

I logged into CPanel but the joomla files seem ok.

but when i view page code with chrome i get the source code, i dont knwo of which file thaty contains javascript inside.

Please visit my web page varsa.gr and view the source code and maybe you can tell me what has happened.

I would be gratefull for any help you provide me. 

I know this is not a python question but you guyshave high knowledge of web sites programming and i though you wouldnt mind helping me out.

Thank you very much.

[toc] | [next] | [standalone]

#29706

On Sat, Sep 22, 2012 at 4:45 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.
>
> I know this is not a python question but you guyshave high knowledge of web sites programming and i though you wouldnt mind helping me out.

No, this is not a Python question. I would recommend looking for
Joomla-specific help. And when you do, you'll find out that these
sorts of web frameworks have vulnerabilities just like every other big
program seems to, with Joomla looking like a happy member of the
Windows family.

ChrisA

[toc] | [prev] | [next] | [standalone]

#29708

On Fri, 21 Sep 2012 11:45:14 -0700, Νίκος Γκρεεκ wrote:

> One webpage of mine, [url redacted] has been *hacked* 15 mins ago.
[...]
> I would be gratefull for any help you provide me.

Yeah yeah, sure. Is this an attempt to get people to visit your web site 
so it can do a drive-by install of malware?

 
> I know this is not a python question 

But you asked anyway. Why don't you ask your car mechanic to fix your 
plumbing, or go to the doctor to ask advice on how to cook pizza?



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#29711

On Sat, Sep 22, 2012 at 11:42 AM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> But you asked anyway. Why don't you ask your car mechanic to fix your
> plumbing, or go to the doctor to ask advice on how to cook pizza?

Or your plumber to rescue the princess who's in another castle...

ChrisA

[toc] | [prev] | [next] | [standalone]

#29725

Τη Σάββατο, 22 Σεπτεμβρίου 2012 4:42:35 π.μ. UTC+3, ο χρήστης Steven D'Aprano έγραψε:
> On Fri, 21 Sep 2012 11:45:14 -0700, Νίκος Γκρεεκ wrote:
> 
> 
> 
> > One webpage of mine, [url redacted] has been *hacked* 15 mins ago.
> 
> [...]
> 
> > I would be gratefull for any help you provide me.
> 
> 
> 
> Yeah yeah, sure. Is this an attempt to get people to visit your web site 
> 
> so it can do a drive-by install of malware?
> 
> 
> 
>  
> 
> > I know this is not a python question 
> 
> 
> 
> But you asked anyway. Why don't you ask your car mechanic to fix your 
> 
> plumbing, or go to the doctor to ask advice on how to cook pizza?

I was not into my intention to infect you with drive-by malware, it just my web site got defaced and i wanted info on how they did it.

The web host company pulled a previous backup and now its all good.

My apologies for the annoyance i have coused you all i wanted was some insight so to make sure this wont happen again( it already happened 2 times by now).

[toc] | [prev] | [next] | [standalone]

#29732

On Sat, Sep 22, 2012 at 5:13 PM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> The web host company pulled a previous backup and now its all good.
>
> My apologies for the annoyance i have coused you all i wanted was some insight so to make sure this wont happen again( it already happened 2 times by now).

Just read those two sentences together, and figure out whether it
really is "all good". What's happened twice can happen again.

ChrisA

[toc] | [prev] | [next] | [standalone]

#29737

On Sat, 22 Sep 2012 18:07:32 +1000, Chris Angelico wrote:

> On Sat, Sep 22, 2012 at 5:13 PM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com>
> wrote:
>> The web host company pulled a previous backup and now its all good.
>>
>> My apologies for the annoyance i have coused you all i wanted was some
>> insight so to make sure this wont happen again( it already happened 2
>> times by now).
> 
> Just read those two sentences together, and figure out whether it really
> is "all good". What's happened twice can happen again.
> 
> ChrisA

Indeed I would take this site down immediately until you can work out the 
insecurity in your application.

without knowing too much I would suggest checking the following~:

Rule 1) Use a strong password for the framework administration.

Rule 2) Validate all inputs

Rule 3) Do not give your application any more access privileges to you 
data bas that absolutely necessary.

Rule 4)Ensure any data files containing passwords (hashed or otherwise) 
are stored outside the web-route.

Rule 5)	Validate ALL Inputs

Rule 6) There is no rule 6

Rule 7) use prepared statements for database queries, do not construct 
them on the fly from user input ( Google SQL injection)

Rule 8) VALIDATE ALL INPUTS!

(Acknowledgement to 'The Bruces')


-- 
My life is a patio of fun!

[toc] | [prev] | [next] | [standalone]

#29727

Νίκος Γκρεεκ wrote:

> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.

> Please visit my web page varsa.gr and view the source code and maybe you
> can tell me what has happened.

Do you use a password that was exposed in the other thread,

http://mail.python.org/pipermail/python-list/2012-September/630779.html

?

[toc] | [prev] | [next] | [standalone]

#29730

Τη Σάββατο, 22 Σεπτεμβρίου 2012 10:26:05 π.μ. UTC+3, ο χρήστης Peter Otten έγραψε:
> Νίκος Γκρεεκ wrote:
> 
> 
> 
> > One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.
> 
> 
> 
> > Please visit my web page varsa.gr and view the source code and maybe you
> 
> > can tell me what has happened.
> 
> 
> 
> Do you use a password that was exposed in the other thread,
> 
> 
> 
> http://mail.python.org/pipermail/python-list/2012-September/630779.html
> 
> 
> 
> ?
No, that was for another web page of mine utilizing python mysql connection, this was joomla only website which remind me to also ask if i can embed somwhow python code to joomla cms.

[toc] | [prev] | [next] | [standalone]

#29734

Νίκος Γκρεεκ wrote:

> Τη Σάββατο, 22 Σεπτεμβρίου 2012 10:26:05 π.μ. UTC+3, ο χρήστης Peter Otten
> έγραψε:
>> Νίκος Γκρεεκ wrote:
>> 
>> 
>> 
>> > One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins
>> > ago.
>> 
>> 
>> 
>> > Please visit my web page varsa.gr and view the source code and maybe
>> > you
>> 
>> > can tell me what has happened.
>> 
>> 
>> 
>> Do you use a password that was exposed in the other thread,
>> 
>> 
>> 
>> http://mail.python.org/pipermail/python-list/2012-September/630779.html
>> 
>> 
>> 
>> ?
> No, that was for another web page of mine utilizing python mysql
> connection, this was joomla only website which remind me to also ask if i
> can embed somwhow python code to joomla cms.


This is only speculation, as I don't know exactly how your web page has been 
"hacked", but if your page somehow exposes a database connection, and the 
hack involves changing the contents of the database then you should read up 
on SQL injection attacks and how to prevent them. 

Cheers,

Kev

[toc] | [prev] | [next] | [standalone]

#29749

On Sat, 22 Sep 2012 11:13:43 +0100, Kev Dwyer wrote:

> This is only speculation, as I don't know exactly how your web page has
> been "hacked", but if your page somehow exposes a database connection,
> and the hack involves changing the contents of the database then you
> should read up on SQL injection attacks and how to prevent them.

This is joomla, that is, PHP. There are a bazillion ways to hack PHP. By 
the OP's own account, his website has been hacked twice before and he's 
done nothing to fix the vulnerability, just restored from backup. He'll 
be hacked again, and again, and again.

Why are we discussing this? It has nothing to do with Python and is 
completely off-topic for this list.


-- 
Steven

[toc] | [prev] | [next] | [standalone]

#29751

On Sat, 22 Sep 2012 13:09:36 +0000, Steven D'Aprano wrote:

> On Sat, 22 Sep 2012 11:13:43 +0100, Kev Dwyer wrote:
> 
>> This is only speculation, as I don't know exactly how your web page has
>> been "hacked", but if your page somehow exposes a database connection,
>> and the hack involves changing the contents of the database then you
>> should read up on SQL injection attacks and how to prevent them.
> 
> This is joomla, that is, PHP. There are a bazillion ways to hack PHP. By
> the OP's own account, his website has been hacked twice before and he's
> done nothing to fix the vulnerability, just restored from backup. He'll
> be hacked again, and again, and again.
> 
> Why are we discussing this? It has nothing to do with Python and is
> completely off-topic for this list.

the case may be off topic, but the principles and advise being given is 
well worth taking note of regardless of language.



-- 
Kent's Heuristic:
	Look for it first where you'd most like to find it.

[toc] | [prev] | [next] | [standalone]

#29754

Τη Σάββατο, 22 Σεπτεμβρίου 2012 4:09:37 μ.μ. UTC+3, ο χρήστης Steven D'Aprano έγραψε:
> On Sat, 22 Sep 2012 11:13:43 +0100, Kev Dwyer wrote:
> 
> 
> 
> > This is only speculation, as I don't know exactly how your web page has
> 
> > been "hacked", but if your page somehow exposes a database connection,
> 
> > and the hack involves changing the contents of the database then you
> 
> > should read up on SQL injection attacks and how to prevent them.
> 
> 
> 
> This is joomla, that is, PHP. There are a bazillion ways to hack PHP. By 
> 
> the OP's own account, his website has been hacked twice before and he's 
> 
> done nothing to fix the vulnerability, just restored from backup. He'll 
> 
> be hacked again, and again, and again.
> 
> 
> 
> Why are we discussing this? It has nothing to do with Python and is 
> 
> completely off-topic for this list.
> 
> 
> 
> 
> 
> -- 
> 
> Steven

But how am i supposed to fix this vulnerability if i don't know which one is it?

My guess is they used joomlas template to insert arbitrary code but thats just a guess.

[toc] | [prev] | [next] | [standalone]

#29755

On Sun, Sep 23, 2012 at 12:44 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> But how am i supposed to fix this vulnerability if i don't know which one is it?
>
> My guess is they used joomlas template to insert arbitrary code but thats just a guess.

The answer to that is a thing called "research", and you'll usually
find a lot of it at the other end of a web search. Also, you may want
to look into what it means to be a web site administrator. It doesn't
simply involve throwing down some code that someone else wrote and
expecting it to work.

If you want a web site without having to manage it yourself, consider
a blog instead - someone else hosts it and worries about security, and
you just post your content to it. It's a far FAR easier option, as
long as what you want can be shoehorned into someone else's layout
design.

Neither of these options involves any Python coding, so if you want
further assistance with them, I recommend looking for a forum
dedicated to the technology you use.

ChrisA

[toc] | [prev] | [next] | [standalone]

#29760

Τη Σάββατο, 22 Σεπτεμβρίου 2012 5:57:41 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Sun, Sep 23, 2012 at 12:44 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> 
> > But how am i supposed to fix this vulnerability if i don't know which one is it?
> 
> >
> 
> > My guess is they used joomlas template to insert arbitrary code but thats just a guess.
> 
> 
> 
> The answer to that is a thing called "research", and you'll usually
> 
> find a lot of it at the other end of a web search. Also, you may want
> 
> to look into what it means to be a web site administrator. It doesn't
> 
> simply involve throwing down some code that someone else wrote and
> 
> expecting it to work.
> 
> 
> 
> If you want a web site without having to manage it yourself, consider
> 
> a blog instead - someone else hosts it and worries about security, and
> 
> you just post your content to it. It's a far FAR easier option, as
> 
> long as what you want can be shoehorned into someone else's layout
> 
> design.
> 
> 
> 
> Neither of these options involves any Python coding, so if you want
> 
> further assistance with them, I recommend looking for a forum
> 
> dedicated to the technology you use.
> 
> 
> 
> ChrisA

Okey i'll ask this to the officila joomla forum, one last thing though.

Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?

For example:

http://superhost.gr/ is my main website utilizing python counter script.

http://superhost.gr/html/?show=log is my own way(i prefer it over awstats - don't ask why) for viewing my visitors.

in my other sites which are CMS sites, like

http://varsa.gr
and
http://thessalonik.wordpress.com/

is there a possible way to embed(if thats the term) my python counter script there too?

so i can keep track of visitors info for each page i have there?

[toc] | [prev] | [next] | [standalone]

#29762

On Sun, Sep 23, 2012 at 4:13 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?

You probably could. But I reiterate, you're going about things all
backwards. Keep things way WAY simpler and just do some basic parsing
of your web logs after the event. Life is so much easier that way.

ChrisA

[toc] | [prev] | [next] | [standalone]

#29774

Τη Σάββατο, 22 Σεπτεμβρίου 2012 9:18:02 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
> On Sun, Sep 23, 2012 at 4:13 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> 
> > Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?
> 
> 
> 
> You probably could. But I reiterate, you're going about things all
> 
> backwards. Keep things way WAY simpler and just do some basic parsing
> 
> of your web logs after the event. Life is so much easier that way.
> 
> 
> 
> ChrisA

Out of curiocity how would i used my python counter source code along with Joomla?

[toc] | [prev] | [next] | [standalone]

#29776

On Sun, Sep 23, 2012 at 12:52 PM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
> Τη Σάββατο, 22 Σεπτεμβρίου 2012 9:18:02 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
>> On Sun, Sep 23, 2012 at 4:13 AM, Νίκος Γκρεεκ <nikos.gr33k@gmail.com> wrote:
>>
>> > Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?
>>
>> You probably could. But I reiterate, you're going about things all
>> backwards. Keep things way WAY simpler and just do some basic parsing
>> of your web logs after the event. Life is so much easier that way.
>>
>
> Out of curiocity how would i used my python counter source code along with Joomla?

Easy. Look for what common sense would recommend, then turn 180
degrees. Let me know when you get there and we'll send the rest of the
directions.

-- paraphrasing what a stupid American tourist was told about
directions in Australia

ChrisA

[toc] | [prev] | [next] | [standalone]

#29783

On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:

> Out of curiocity how would i used my python counter source code along
> with Joomla?


This is not a Joomla forum. We do not know how to run code in Joomla. 
Regardless of whether the code is Python, or Perl, or Lisp, or Lua, or 
any of thousands of different languages, your question is about Joomla. 
Please ask it on a Joomla forum.

And when you are there, don't ask them to fix your Python bugs.


-- 
Steven

[toc] | [prev] | [next] | [standalone]

#29786

On Sun, Sep 23, 2012 at 12:06 AM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:
>
>> Out of curiocity how would i used my python counter source code along
>> with Joomla?
>
>
> This is not a Joomla forum. We do not know how to run code in Joomla.

PHP, CSS, HTML, JAVASCRIPT, templates, that is if you study CMS, and
look at other languages.


> Regardless of whether the code is Python, or Perl, or Lisp, or Lua, or
> any of thousands of different languages, your question is about Joomla.

No, joomla is a CMS framework of several languages. You're right, this
is a Joomla question, but even python could be added into joomla as an
API>


> Please ask it on a Joomla forum.
> D'Aprano
> And when you are there, don't ask them to fix your Python bugs.

If they know Joomla(PHP, CSS, HTML, JAVASCRIPT, templates), then they
should know something about python, unlike Steven  D'Aprano, who only
knows Python, and in other posts, not that well to be a self
proclaimed expert.


-- 
Best Regards,
David Hutto
CEO: http://www.hitwebdevelopment.com

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.lang.python

csiph-web