Hi Drexx,
Good day.
Thanks for your recommendations. Yeah the issue was actually a security hole in
previous versions of Joomla wherein it allows an attacker to remotely change
Joomla administration password since it can reset the password for the first
enabled user.
We locked some of the files liked reset.php and the user will be redirected to
an message that they need to upgrade before they can access the reset.php page.
Again, thanks a lot for your info.
Yours,
Philip
--- On Mon, 11/3/08, Drexx Laggui [personal] <[EMAIL PROTECTED]> wrote:
From: Drexx Laggui [personal] <[EMAIL PROTECTED]>
Subject: Re: [plug] Hack attemps on Joomla
To: [EMAIL PROTECTED], "Philippine Linux Users' Group (PLUG) Technical
Discussion List" <[email protected]>
Date: Monday, 3 November, 2008, 4:12 AM
03Nov2008 (UTC +8)
On 11/1/08, Philip Morales <[EMAIL PROTECTED]> wrote:
[...]
> Do you know any additional fix I can do?
Sorry that I only described how the attacks are done in my previous
e-mail. Here's a much better answer:
http://www.owasp.org/index.php/Category:OWASP_Guide_Project
It's an excellent start to developing secure web applications. Audit
the source code later using methods from the Common Criteria standard,
and you'll be quite happy with it.
Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA
http://www.laggui.com ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
Yahoo! Toolbar is now powered with Search Assist.Download it now!
http://ph.toolbar.yahoo.com/_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
http://lists.linux.org.ph/mailman/listinfo/plug
Searchable Archives: http://archives.free.net.ph
