Good evening, Given the circumstances, the risk exposure may be limited only to the application layer. You can minimize the security risk if you have strong operating system and network controls.
Sincerely yours, Cris On Sat, Nov 1, 2008 at 8:18 PM, Philip Morales <[EMAIL PROTECTED]> wrote: > Hi Pluggers, > > I received the following about Joomla Password Remind Functionality - > Exploit" attack > > --------------------------- > There has been several (successful) hack attempts in the past 48 hours from > your network: > below you will find a small overview of the different IP address and the > timestamps they were used, > at the end of this message you will find the complete http log file entries > which proof this is a > full "[20080801] - Core - Password Remind Functionality - Exploit" attack. > > 89.108.36.198 - - [30/Oct/2008:06:02:10 +0100] > 89.108.31.218 - - [31/Oct/2008:00:37:13 +0100] > > Pleas take appropriate actions. > --------------------------- > > Our Linux server was hacked was due to insecure software hosted by one of > our customers, > normally this should only affect the website of the customer it self - not > the entire server - > but since this has happened in the past days we decided to locked down > customers websites and > force the them to update their software for this particular vulnerability. > > http://developer.joomla.org/security/news/35-core-security/241-20080801-core-password-remind-functionality.html > > vulnerability exists in all versions prior to 12-08-2008. > > Do you know any additional fix I can do? > > Thanks. > > ________________________________ > Get your preferred Email name! > Now you can @ymail.com and @rocketmail.com. > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
