just a small hint ... give these firefox plugins a go ( http://securitycompass.com/exploitme.shtml)... they test for the most obvious stuff out there. if they come back green you should be fine for most attacks. always remember if someone is really after your server you can be sure he is in there already without any traces. if he just wants to scare you these test should be good enough.
cheers lenz On Sat, Oct 11, 2008 at 6:42 PM, matt_thomson <[EMAIL PROTECTED]> wrote: > > "Or had you already figured that much out and were after more detail > about exactly how that crack attempt was supposed to work within > Joomla?" > > Ultimately I would have liked to be able to replicate their attack on > my local host so, I can fully test it and patch it. I guessed they > were trying to output data from jos_users. If I can't work out and > replicate their sql it is no biggie, as I'm pretty sure forcing an > integer stops this vunerability in it's tracks. > > On Oct 11, 3:55 pm, Anton <[EMAIL PROTECTED]> wrote: > > 2008/10/11 matt_thomson <[EMAIL PROTECTED]>: > > > > > I would still like to understand what this hacker is doing, > > > > Not knowing anything about Joomla, it looks to me like they are trying > > to query a list of usernames and password hashes from your site, and > > getting your gallery component to output them to the client. > > > > After that they can presumably crack the hashes offline, then hijack > > the user accounts. > > > > Or had you already figured that much out and were after more detail > > about exactly how that crack attempt was supposed to work within > > Joomla? > > > > -- > > Cheers > > Anton > > > --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
