1. Forums
  3. Archive
  5. CB
  7. CB 1.2.3
  9. CB 1.2.3 General Discussion
  11. [SOLVED] "Edit Your Details" -- Code Showing

[SOLVED] "Edit Your Details" -- Code Showing

13 years 6 months ago #146091 by nant
Replied by nant on topic Re:
chofer wrote:

I don't mean to sound redundant here, but what I've given already in my OP should be a good start as to what versions of Joomla and Community Builder I am using. Our church website was hacked into about a month ago, and so we needed to install a fresh copy of Joomla to our domain (hosted by a company out of Utah called Host Monster). (As far as I know, PHP is up-to-date on their servers...I have never had a problem with Community Builder prior to this.) After installing a fresh, up-to-date version of Joomla, I installed the latest version of Community Builder (along with associated modules/plugins). In a nutshell, the database that was running our website prior to our site being hacked was not damaged (thank goodness), and so we were able to map that database back to our fresh installation of Joomla without losing any of the data we had. Yes, we had to re-install components in the admin pages (such as Community Builder), but I think we are better for it now...especially since we now have our site more secured. Anyway...I digress.

It seems to me that the code (which I've attached in earlier postings) is missing something...therefore displaying code to the end user. I've run all the database checks, and they all appear to be fine. Interestingly enough, I also have uddeIM installed, and I got a Connection request confirmation from someone I know, and the same kind of code was also displayed in the body of the message.

I apologize...I know that the second half of this message probably belongs in the uddeIM forum, but in a way, it seems all related to me.

Attachment uddeIMcodeErrors.zip not found


Well, you should have posted the part about your website being hacked in your first post as it is the most relevant part that people trying to give assistance need to know.

When a site is hacked a security review should really be made to see how exactly this happened. You would also need to assess if any back door code was left that would enable the hacker to do harm again in the future (even if you have found the initial problem and upgraded everything to final versions). All of this of course cannot happen on public free forums as it is sensitive information. You should find a security expert to help you otherwise you are risking the chance of this happening again soon as the hacker typically has you on his/her hit list for a revisit.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting

Visit my CB Profile - Send me a Private Message (PM)

Please Log in to join the conversation.

13 years 6 months ago #146112 by chofer
Replied by chofer on topic Re:
I apologize for that. I do realize that I should have been more clear in my OP. I was trying to get some other things accomplished the day I posted this, and in my rush, I failed to fully explain the situation with our website being hacked. Please know that it was unintentional on my part. I have been working with a friend of mine from church who is much more "in the know" about website security than I am, and we have decided to go with "RS Firewall" to add some extra security to our site and lock it down to prevent this from happening again.

Anyway...back to the topic at hand...

Please Log in to join the conversation.

13 years 6 months ago #146113 by krileon
Replied by krileon on topic Re:
Honestly I don't have a clue how that could happen. It seams like HTML was stored in the field, but that's not possible as CB won't permit it for email fields. Perhaps your database which you mentioned copying over is also compromised.

If possible please make a sub-domain or sub-folder of a new site with only Joomla + CB and confirm if the issue persists (don't move databases).

Also how is the users email structured within the _users database table? This could be a good sign if the email field of a user/users were compromised. I believe more then likely it's just a conflict with an installed extension. Is this field working fine when editing a user in backend from User Management?

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

13 years 6 months ago #146186 by chofer
Replied by chofer on topic Re:
I can answer a few questions here. I'll have to see if we could possibly install another separate version of Joomla. Our web host has something called Simple Scripts which allows for practically one-click installations of things such as Joomla, RoundCube Webmail, Drupal, etc. That is what we used to install Joomla. I do make sure we are always using the latest version of Joomla when it is made available by using the upgrade procedure Simple Scripts provides.

I did take a look at the e-mail addresses in the jos_users database table, and all users appear to have valid e-mail addresses. Nothing looks out of the ordinary here.

I also tried to edit my e-mail address for my profile in the Community Builder Users screen of the Joomla admin pages (after doing a quick sync), and I tried to change the "Email" and "Confirm Email" fields. When I saved changes, only the "Confirm Email" field updated with the different e-mail address.

Post edited by: chofer, at: 2010/11/13 18:38

Please Log in to join the conversation.

13 years 6 months ago #146188 by chofer
Replied by chofer on topic Re: "Edit Your Details" -- Code Showing
Here is something else I just noticed. I'm not sure if it's relevant to the topic at hand, but I will ask anyway. I went into the Joomla admin pages and ran the Community Builder database checks one more time. Whcn I clicked on "Check CB plugins database", the following two lines were black (not green):

CB plugin "CB Confirm Email": no database or no database description.

and

CB plugin "CB Profile Notifier": no database or no database description.

Would this be related to the issues I'm experiencing on our church website?

Please Log in to join the conversation.

13 years 6 months ago #146190 by nant
Replied by nant on topic Re:
chofer wrote:

Here is something else I just noticed. I'm not sure if it's relevant to the topic at hand, but I will ask anyway. I went into the Joomla admin pages and ran the Community Builder database checks one more time. Whcn I clicked on "Check CB plugins database", the following two lines were black (not green):

CB plugin "CB Confirm Email": no database or no database description.

and

CB plugin "CB Profile Notifier": no database or no database description.

Would this be related to the issues I'm experiencing on our church website?


No these issues have nothing to do - they are only warnings.

While I sympathize with you, this is not a CB issue. A clean Joomla 1.5.X / CB 1.2.3 installation does not have such problems. Something in your environment is causing this - most likely due to hacked site that hasn't been properly rectified.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting

Visit my CB Profile - Send me a Private Message (PM)

Please Log in to join the conversation.

Moderators: beatnantkrileon
  1. Forums
  3. Archive
  5. CB
  7. CB 1.2.3
  9. CB 1.2.3 General Discussion
  11. [SOLVED] "Edit Your Details" -- Code Showing
Time to create page: 0.288 seconds

Facebook Twitter LinkedIn

    You are here:  
  1. Home
  2. Forums
  3. Archive
  4. CB
  5. CB 1.2.3
  6. CB 1.2.3 General Discussion
  7. [SOLVED] "Edit Your Details" -- Code Showing

Search

Login / Logout

User Menu