Hack attemps
Forum rules
Please include as much detail in any test or bug reports for JEvents 1.5 as possible.
First of all, check if you are running the latest available version of Joomla! and JEvents. Posts for issues, where both systems are not updated, will be ignored.
We need the following at least:
* PHP version (e.g. 5.2.5). Note: Support for PHP4 is discontinued.
* Joomla! version
* JEvents version
* Web Server software (Apache or IIS with version number if possible)
* Server Operating system (e.g. Linux, Windows, Solaris, Darwin ...)
* Database version
* memory_limit from your phpinfo
* Web browser and version
Please enable error reporting and include any error messages in your posting. You do this via the Joomla Configuration - set "error reporting" to "maximum" on the Server tab.
Finally, please describe the steps required to recreate the problem and also please enable error reporting and give us any error messages generated.
Please include as much detail in any test or bug reports for JEvents 1.5 as possible.
First of all, check if you are running the latest available version of Joomla! and JEvents. Posts for issues, where both systems are not updated, will be ignored.
We need the following at least:
* PHP version (e.g. 5.2.5). Note: Support for PHP4 is discontinued.
* Joomla! version
* JEvents version
* Web Server software (Apache or IIS with version number if possible)
* Server Operating system (e.g. Linux, Windows, Solaris, Darwin ...)
* Database version
* memory_limit from your phpinfo
* Web browser and version
Please enable error reporting and include any error messages in your posting. You do this via the Joomla Configuration - set "error reporting" to "maximum" on the Server tab.
Finally, please describe the steps required to recreate the problem and also please enable error reporting and give us any error messages generated.
3 posts
• Page 1 of 1
Hack attemps
by Doudar » Mon Jan 09, 2012 4:32 pm
After a recent site hack I have installed Admin Tools Pro across all my Joomla sites and have noticed it is picking up a lot of attempts aimed at JEvents, e.g.
http://www.domain.uk/index.php?option=com_jevents&task=icals.icalevent&template=compone
nt&evid=97&Itemid=22
These are classed as template= in URL attacks, not to sure what that means?
I am not too concerned at these attempts but does anyone know what they are trying to do by doing this?
I have the latest version of Joomla (1.5.25) and JEvents (2.0.11)
Regards
JohnD
http://www.domain.uk/index.php?option=com_jevents&task=icals.icalevent&template=compone
nt&evid=97&Itemid=22
These are classed as template= in URL attacks, not to sure what that means?
I am not too concerned at these attempts but does anyone know what they are trying to do by doing this?
I have the latest version of Joomla (1.5.25) and JEvents (2.0.11)
Regards
JohnD
- Doudar
- Posts: 5
Re: Hack attemps
by Tonyp » Mon Jan 09, 2012 5:52 pm
They might be trying to use the XSS ( Cross Site Scripting ) security bug that was found in JEvents 1.5.5 and prior and iirc 2.0.10 and prior.
However, you are running 2.0.11 so safe
.
Regards
Tony
However, you are running 2.0.11 so safe
.Regards
Tony
---------------------------------------
Do not forget if you like JEvents, why not join the CLUB! for priority support and lots of excellent plugin's. JEvents Club
Do not forget if you like JEvents, why not join the CLUB! for priority support and lots of excellent plugin's. JEvents Club
-
Tonyp - Contributor
- Posts: 8717
- Location: Isle of Man
Re: Hack attemps
by Geraint » Tue Jan 10, 2012 11:54 am
This is not a hack attempt - it is a typo in the code.
In the file components/com_jevents/libraries/jeventcal.php line 627 should read
Version 2.1.6 will incorporate this change.
In the file components/com_jevents/libraries/jeventcal.php line 627 should read
- Code: Select all
$link = "index.php?option=".JEV_COM_COMPONENT."&task=icals.$task&tmpl=component&evid=".$this->id()
- Code: Select all
$link = "index.php?option=".JEV_COM_COMPONENT."&task=icals.$task&template=component&evid=".$this->id()
Version 2.1.6 will incorporate this change.
------------
JEvents club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits.
Join the JEvents club today!
JEvents club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits.
Join the JEvents club today!
-
Geraint - Posts: 30518
3 posts
• Page 1 of 1
Return to JEvents 1.5 (No longer actively supported)
Who is online
Users browsing this forum: No registered users
Main Menu
User Menu
Hosted By
