CKEditor 4
Thu, 11/15/2007 - 21:32
#1
run4it
run4it's picture
Joined: 13/11/2007
Posts: 10

site hacked two days after installing editor

Hi Joomla site was hacked last night. The site has been up since last May without any problems. I installed JoomlaFCKEditor 2.4.4 two days ago. Are there any known vulnerabilities with the editor that may have caused this? The hacker put up their index page and apparently changed my Admin username/password in the DB. I'm working on that issue right now. Though I've got my site back up, I can't get into the Admin back end. I am thinking it might be too dangerous to reinstall the editor.
Top
Thu, 11/15/2007 - 23:53
alfonsoml
alfonsoml's picture
Joined: 31/12/2006
Posts: 3735

Re: site hacked two days after installing editor



joomlafck2

Top
Fri, 11/16/2007 - 17:47
run4it
run4it's picture
Joined: 13/11/2007
Posts: 10

Re: site hacked two days after installing editor

I'd like to clarify my circumstance to see if it makes any difference in where the vulnerability is in my site that allowed it to be hacked. Only authenticated front end authors/editors have access to JoomlaFCKEditor on my site. Does this imply that the hacker got past my authentication process in order to exploit a potential vulnerability in the editor? could the real problem actually lie with the the authentication? Weak username/passwords and such? I admit they were weak.
Top
Fri, 11/16/2007 - 17:51
alfonsoml
alfonsoml's picture
Joined: 31/12/2006
Posts: 3735

Re: site hacked two days after installing editor

The weak point in that Joomla integration is that it could allow anyone to upload files without any authentication, but if you protected with .htaccess the whole FCKeditor folder then it should be safe.

And anyway, uploading files would mean just that, they could allow files to your server, but in order to get control they must be using some other hole in other part of the system.
Top
Fri, 11/16/2007 - 18:08
run4it
run4it's picture
Joined: 13/11/2007
Posts: 10

Re: site hacked two days after installing editor

How do they get to the editor if they aren't authenticated? I mean, how do they even know it's on my site?
Please explain the .htaccess file in the editor folder. I mean, I have an .htaccess file one level above the root of my site. Isn't that enough?
Top
Fri, 11/16/2007 - 18:21
alfonsoml
alfonsoml's picture
Joined: 31/12/2006
Posts: 3735

Re: site hacked two days after installing editor

run4it wrote:How do they get to the editor if they aren't authenticated? I mean, how do they even know it's on my site?



run4it wrote:
Please explain the .htaccess file in the editor folder. I mean, I have an .htaccess file one level above the root of my site. Isn't that enough?

http://www.htaccesstools.com/htaccess-authentication/
Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check