Security Hole - HACKERS

17 years 7 months ago #18486 by roboticsguy1988
Security Hole - HACKERS was created by roboticsguy1988
Ok, this is the second time one of my websites has got hacked. I have traced it back to community builder. Right now i cannot find anymore files that have been changed except for plugin.class.php

Does anyone know what the deal with this is, there is a big security whole in community builder, and i have to have a website, and i love using community builder. But to risk server security .... i don't think so. Whatever the hole is it gives the person access to pretty much everything, its like a chain reaction once they have access to one part they get access to another part from the first part they got access to. I will post later tonight if i find out anything new. Please if anyone can help let me know.

Please Log in to join the conversation.

17 years 7 months ago #18487 by FerretLife
Replied by FerretLife on topic Re:Security Hole - HACKERS
Same thing happened to me this morning. My plugin.class.php was replaced by

da_jackass wass here! - jong_amq@hotmail.com

and my (Joomla) index.php was also changed the same way. So far these are the only hacked files I could find. I have 3 other sites on the same server that don't seem to have been affected.

Post edited by: FerretLife, at: 2006/08/09 22:26

Please Log in to join the conversation.

17 years 7 months ago #18492 by ericfoster3
Replied by ericfoster3 on topic Re:Security Hole - HACKERS
Can you post what versions of joomla and CB you are running?

CB 3rd Party Developer: DatsoTab | KarmaTab
Joomla! 1.0.10
Community Builder 1.0
joomlaboard 1.1.2

Please Log in to join the conversation.

17 years 7 months ago #18497 by trebso
Replied by trebso on topic Re:Security Hole - HACKERS
I've got the same problem.

running Joomla 1.0.10 and CB 1.0

when I log on I get:

da_jackass wass here!! - jong_amq@hotmail.com
Fatal error: Class cbtabs: Cannot inherit from undefined class cbtabhandler in /vol/home/che/public_html/mambo-4.5.1/administrator/components/com_comprofiler/comprofiler.class.php on line 2333



If I try to access CB in the backend I get the same message.

This means I can not unpublish or turn off CB through the CB config menu. Can't see any other way off disabling it until problem resolved. Have unpublished CB login module, but unwilling to make site online until I know if this will be sufficient until the problem is resolved fully.

cheers

trebso

Post edited by: trebso, at: 2006/08/09 23:30

Post edited by: trebso, at: 2006/08/09 23:33

trebso

Please Log in to join the conversation.

17 years 7 months ago #18500 by FerretLife
Replied by FerretLife on topic Re:Security Hole - HACKERS
ericfoster3 wrote:

Can you post what versions of joomla and CB you are running?


Sorry, should have thought of that.

Joomla 1.0.10
CB 1.0 Stable

I deleted the plugin.class.php file, and my Joomla index file, ftp'd them back to the server, and all has been quiet since. (Knocks on wood)

Please Log in to join the conversation.

17 years 7 months ago #18503 by beat
Replied by beat on topic Re:Security Hole - HACKERS
We worked all day since first hacks got reported this morning and will release CB 1.0.1 within next half-hour, last tests underway. keep tuned.

If you wana help, test editing your profile on this site, it just got upgraded 10 minutes ago, and post test-results here.

Thanks,

Beat - Community Builder Team Member

Before posting on forums: Read FAQ thoroughly -- Help us spend more time coding by helping others in this forum, many thanks :)
CB links: Our membership - CBSubs - Templates - Hosting - Forge - Send me a Private Message (PM) only for private/confidential info

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.205 seconds

Facebook Twitter LinkedIn