Joomla exploit doing rounds, users advised to update
Users who run their sites own sites and use the Joomla CMS but haven’t updated it in a while should do so immediately if they don’t want to see their sites compromised and hosting malicious content, warns Versafe.
In a recently released report, the company’s researchers have noted the existence and the current active use of an exploit that allows attackers to easily gain control of the targeted system.
By investigating the logs from several of the compromised servers, the researchers discovered that all attacks originated from the same source (IP addresses in China), that the same exploit was used against all systems, and that takeover shell and malicious content upload was automated and executed in a small timeframe, making them believe that the attackers are using a new zero-day exploit.
As it turns out, they were right, and the vulnerability the exploit took advantage allowed them to upload a backdoor by simply adding a “.’ at the end of PHP filenames.
Luckily for Joomla users, the flaw has been patched, and they can pull themselves out of danger by upgrading to version 2.5.14 or 3.1.5.
“Owning a website comes with responsibilities and unless you’re prepared to do all the work yourself, I recommend that you choose a managed service provider,” Malwarebytes’ Jerome Segura advises to those who want to keep safe but don’t want to think about it.
“You spend a little more money, but at least the site and all its components (CMS, and Linux/Apache/MySQL/PHP) will be taken care of, leaving you with the sole job of adding content to the site (the fun part).”