These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Joomla! 1.5.7 has been released on the new forum.
Web Hosting and Cloud Computing Control Panels
Two of my sites got owned and both were defaced, one had a malicious javascript added to the template index. Fortunately the Joomla passwords were not the same as the server passwords.
Wiped both Joomla installs, installed 1.5.6 and patched to 1.5.7, all good so far.
Guess I should thank the invaders for merely defacing the sites, they could have been clever instead and turned the scripts to their advantages by installing some custom modules. Something like that could go unnoticed for a long time.
On a side note, I have noticed some unusual requests in Awstats 404 section relating to Joomla, and quite a few referrers coming from Google "Powered by Joomla".
People are going nuts with whatever new exploit is out. If you use Joomla you should patch yourself with the quickness.
We rolled out 3.61-2 with Joomla 1.5.7 (and the Wordpress security update) several days ago. In this case, there's need to manually patch--just stay on top of updates via the Virtualmin Package Updates module.
--
Check out the forum guidelines!
this is very important, because this morning at 04.29 local time apparently someone had changed my admin password and blocked the login for the second admin.
I upgraded and replaced the database with yesterdays backup.
All is well now and no further damage has been done past 12 hours.
there is a critical bug (0-day) in the older versions
Today is tomorrow I know how it goes; I checked for updates; still show 3.61(pro) didn't show -1?
Can you make a link available for the Joomla 1.5.7?
Thanks; you guys Rock!
Jeff
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
Is 3.61-2 on the way?
(And ps. VM2 now that i write here anyways)
redHOST.dk | redHOST.pro | redHOST.vn | redHOST.se
the patch for joomla or full dl cab be obtained here:
http://www.joomla.org/announcements/release-news/5212-joomla-157-securit...
this can't wait really as a blackhat guy had gained entrance to one of my domains.
If you read my bug report you will find a answer.....
http://www.virtualmin.com/bugs/index.php?do=details&task_id=4555
I usually don't post them for funzies.
Sorry I didn't read the posted link; now I understand; yes it worked great; Thanks.
Just for others;
Edit your joomla.pl
/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl
Line 22:
return ( "1.5.7", "1.0.15" );
Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );
I guess we don't need to ask for an update; we can just edit it ourself if we need too.
Jeff
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
Sorry I didn't read the posted link; now I understand; yes it worked great; Thanks.
Just for others;
Edit your joomla.pl
/usr/share/webmin/virtual-server/scripts/joomla.pl
or like mine
/usr/libexec/webmin/virtual-server/scripts/joomla.pl
Line 22:
return ( "1.5.7", "1.0.15" );
Line 142:
"http://joomlacode.org/gf/download/frsrelease/8376/30992/Joomla_$ver-Stable-Full_Package.tar.gz" } );
I guess we don't need to ask for an update; we can just edit it ourself if we need too.
Jeff
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
We'll roll out a 3.61-2 update today with this fix (and the Wordpress security update, as well).
--
Check out the forum guidelines!
If we upgrade using the Joomla patch VM will not show the update; my question is; when it becomes available and if we apply it so VM is right; will it work right. I'm just not sure about patching if manually at this point; but I can't wait for someone to hack my sites either.
Jeffrey Scott Flesher
Medically Retired Gulf War Vet
VM *WILL* show the update -- seriously people I will not lead you astray here. Just do it and stop complaining about this.
Links are there for a reason when I post them :) It cuts down on repeating exactly what you did.