One of my joomla webpages has been hacked. Please help.

[Νίκος Γκρεεκ]

Hello,

One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.

I logged into CPanel but the joomla files seem ok.

but when i view page code with chrome i get the source code, i dont knwo of which file thaty contains javascript inside.

Please visit my web page varsa.gr and view the source code and maybe you can tell me what has happened.

I would be gratefull for any help you provide me.

I know this is not a python question but you guyshave high knowledge of web sites programming and i though you wouldnt mind helping me out.

Thank you very much.

[Chris Angelico]

On Sat, Sep 22, 2012 at 4:45 AM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.
>

> I know this is not a python question but you guyshave high knowledge of web sites programming and i though you wouldnt mind helping me out.

No, this is not a Python question. I would recommend looking for
Joomla-specific help. And when you do, you'll find out that these
sorts of web frameworks have vulnerabilities just like every other big
program seems to, with Joomla looking like a happy member of the
Windows family.

ChrisA

[Steven D'Aprano]

On Fri, 21 Sep 2012 11:45:14 -0700, Νίκος Γκρεεκ wrote:

> One webpage of mine, [url redacted] has been *hacked* 15 mins ago.
[...]

> I would be gratefull for any help you provide me.

Yeah yeah, sure. Is this an attempt to get people to visit your web site
so it can do a drive-by install of malware?

> I know this is not a python question

But you asked anyway. Why don't you ask your car mechanic to fix your
plumbing, or go to the doctor to ask advice on how to cook pizza?



--
Steven

[Chris Angelico]

On Sat, Sep 22, 2012 at 11:42 AM, Steven D'Aprano
<steve+comp....@pearwood.info> wrote:
> But you asked anyway. Why don't you ask your car mechanic to fix your
> plumbing, or go to the doctor to ask advice on how to cook pizza?

Or your plumber to rescue the princess who's in another castle...

ChrisA

[Νίκος Γκρεεκ]

I was not into my intention to infect you with drive-by malware, it just my web site got defaced and i wanted info on how they did it.

The web host company pulled a previous backup and now its all good.

My apologies for the annoyance i have coused you all i wanted was some insight so to make sure this wont happen again( it already happened 2 times by now).

[Peter Otten]

Νίκος Γκρεεκ wrote:

> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.

> Please visit my web page varsa.gr and view the source code and maybe you
> can tell me what has happened.

Do you use a password that was exposed in the other thread,

http://mail.python.org/pipermail/python-list/2012-September/630779.html

?

[Νίκος Γκρεεκ]

No, that was for another web page of mine utilizing python mysql connection, this was joomla only website which remind me to also ask if i can embed somwhow python code to joomla cms.

[Νίκος Γκρεεκ]

Τη Σάββατο, 22 Σεπτεμβρίου 2012 10:26:05 π.μ. UTC+3, ο χρήστης Peter Otten έγραψε:

[Chris Angelico]

On Sat, Sep 22, 2012 at 5:13 PM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> The web host company pulled a previous backup and now its all good.
>
> My apologies for the annoyance i have coused you all i wanted was some insight so to make sure this wont happen again( it already happened 2 times by now).

Just read those two sentences together, and figure out whether it
really is "all good". What's happened twice can happen again.

ChrisA

[Dwight Hutto]

On Fri, Sep 21, 2012 at 2:45 PM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> Hello,
>
> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.
>

The others are right, this is a joomla question, unless you're
allowing execution of code by members and they utilize python.

My questions:
Only one? From my experience of joomla, you can allow your posters to
execute code within their postings by utilizing certain plugins.

It seems odd that only one page was hacked, or that they let you know,
and didn't try db access.

But it seems you're site had a hosting backup, but make sure to
subscribe to the joomla update and security list, plus change the
passwords.

> I logged into CPanel but the joomla files seem ok.

Did you have a backup of the file structure, and a zipped db backup,
then check for new security flaws/change passwords/etc?

> but when i view page code with chrome i get the source code, i dont knwo of which file thaty contains javascript inside.
>
> Please visit my web page varsa.gr and view the source code and maybe you can tell me what has happened.
>
> I would be gratefull for any help you provide me.
>
> I know this is not a python question but you guyshave high knowledge of web sites programming and i though you wouldnt mind helping me out.

Yeah, programming, but joomla is html, php, css, and javascript, but I
don't remember much python there.


Best Regards,
David Hutto
CEO: http://www.hitwebdevelopment.com

[Kev Dwyer]

This is only speculation, as I don't know exactly how your web page has been
"hacked", but if your page somehow exposes a database connection, and the
hack involves changing the contents of the database then you should read up
on SQL injection attacks and how to prevent them.

Cheers,

Kev

[Alister]

Indeed I would take this site down immediately until you can work out the
insecurity in your application.

without knowing too much I would suggest checking the following~:

Rule 1) Use a strong password for the framework administration.

Rule 2) Validate all inputs

Rule 3) Do not give your application any more access privileges to you
data bas that absolutely necessary.

Rule 4)Ensure any data files containing passwords (hashed or otherwise)
are stored outside the web-route.

Rule 5) Validate ALL Inputs

Rule 6) There is no rule 6

Rule 7) use prepared statements for database queries, do not construct
them on the fly from user input ( Google SQL injection)

Rule 8) VALIDATE ALL INPUTS!

(Acknowledgement to 'The Bruces')


--
My life is a patio of fun!

[Steven D'Aprano]

On Sat, 22 Sep 2012 11:13:43 +0100, Kev Dwyer wrote:

> This is only speculation, as I don't know exactly how your web page has
> been "hacked", but if your page somehow exposes a database connection,
> and the hack involves changing the contents of the database then you
> should read up on SQL injection attacks and how to prevent them.

This is joomla, that is, PHP. There are a bazillion ways to hack PHP. By
the OP's own account, his website has been hacked twice before and he's
done nothing to fix the vulnerability, just restored from backup. He'll
be hacked again, and again, and again.

Why are we discussing this? It has nothing to do with Python and is
completely off-topic for this list.


--
Steven

[Alister]

the case may be off topic, but the principles and advise being given is
well worth taking note of regardless of language.



--
Kent's Heuristic:
Look for it first where you'd most like to find it.

[Νίκος Γκρεεκ]

But how am i supposed to fix this vulnerability if i don't know which one is it?

My guess is they used joomlas template to insert arbitrary code but thats just a guess.

[Chris Angelico]

On Sun, Sep 23, 2012 at 12:44 AM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> But how am i supposed to fix this vulnerability if i don't know which one is it?
>
> My guess is they used joomlas template to insert arbitrary code but thats just a guess.

The answer to that is a thing called "research", and you'll usually
find a lot of it at the other end of a web search. Also, you may want
to look into what it means to be a web site administrator. It doesn't
simply involve throwing down some code that someone else wrote and
expecting it to work.

If you want a web site without having to manage it yourself, consider
a blog instead - someone else hosts it and worries about security, and
you just post your content to it. It's a far FAR easier option, as
long as what you want can be shoehorned into someone else's layout
design.

Neither of these options involves any Python coding, so if you want
further assistance with them, I recommend looking for a forum
dedicated to the technology you use.

ChrisA

[Ben Finney]

Νίκος Γκρεεκ <nikos...@gmail.com> writes:

> Τη Σάββατο, 22 Σεπτεμβρίου 2012 4:09:37 μ.μ. UTC+3, ο χρήστης Steven D'Aprano έγραψε:
> > Why are we discussing this? It has nothing to do with Python and is
> > completely off-topic for this list.
>

> But how am i supposed to fix this vulnerability if i don't know which
> one is it?

This is not the forum to discuss it.

--
\ “It is the fundamental duty of the citizen to resist and to |
`\ restrain the violence of the state.” —Noam Chomsky, 1971 |
_o__) |
Ben Finney

[Νίκος Γκρεεκ]

Okey i'll ask this to the officila joomla forum, one last thing though.

Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?

For example:

http://superhost.gr/ is my main website utilizing python counter script.

http://superhost.gr/html/?show=log is my own way(i prefer it over awstats - don't ask why) for viewing my visitors.

in my other sites which are CMS sites, like

http://varsa.gr
and
http://thessalonik.wordpress.com/

is there a possible way to embed(if thats the term) my python counter script there too?

so i can keep track of visitors info for each page i have there?

[Νίκος Γκρεεκ]

Τη Σάββατο, 22 Σεπτεμβρίου 2012 5:57:41 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:

[Chris Angelico]

On Sun, Sep 23, 2012 at 4:13 AM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?

You probably could. But I reiterate, you're going about things all
backwards. Keep things way WAY simpler and just do some basic parsing
of your web logs after the event. Life is so much easier that way.

ChrisA

[Νίκος Γκρεεκ]

Out of curiocity how would i used my python counter source code along with Joomla?

[Νίκος Γκρεεκ]

[Chris Angelico]

On Sun, Sep 23, 2012 at 12:52 PM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
> Τη Σάββατο, 22 Σεπτεμβρίου 2012 9:18:02 μ.μ. UTC+3, ο χρήστης Chris Angelico έγραψε:
>> On Sun, Sep 23, 2012 at 4:13 AM, Νίκος Γκρεεκ <nikos...@gmail.com> wrote:
>>
>> > Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?
>>
>> You probably could. But I reiterate, you're going about things all
>> backwards. Keep things way WAY simpler and just do some basic parsing
>> of your web logs after the event. Life is so much easier that way.
>>
>

> Out of curiocity how would i used my python counter source code along with Joomla?

Easy. Look for what common sense would recommend, then turn 180
degrees. Let me know when you get there and we'll send the rest of the
directions.

-- paraphrasing what a stupid American tourist was told about
directions in Australia

ChrisA

[Steven D'Aprano]

On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:

> Out of curiocity how would i used my python counter source code along
> with Joomla?

This is not a Joomla forum. We do not know how to run code in Joomla.
Regardless of whether the code is Python, or Perl, or Lisp, or Lua, or
any of thousands of different languages, your question is about Joomla.
Please ask it on a Joomla forum.

And when you are there, don't ask them to fix your Python bugs.


--
Steven

[Dwight Hutto]

On Sun, Sep 23, 2012 at 12:06 AM, Steven D'Aprano
<steve+comp....@pearwood.info> wrote:
> On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:
>
>> Out of curiocity how would i used my python counter source code along
>> with Joomla?
>
>
> This is not a Joomla forum. We do not know how to run code in Joomla.

PHP, CSS, HTML, JAVASCRIPT, templates, that is if you study CMS, and
look at other languages.

> Regardless of whether the code is Python, or Perl, or Lisp, or Lua, or
> any of thousands of different languages, your question is about Joomla.

No, joomla is a CMS framework of several languages. You're right, this
is a Joomla question, but even python could be added into joomla as an
API>

> Please ask it on a Joomla forum.

> D'Aprano

> And when you are there, don't ask them to fix your Python bugs.

If they know Joomla(PHP, CSS, HTML, JAVASCRIPT, templates), then they
should know something about python, unlike Steven D'Aprano, who only
knows Python, and in other posts, not that well to be a self
proclaimed expert.


--

[Chris Angelico]

On Sun, Sep 23, 2012 at 2:48 PM, Dwight Hutto <dwight...@gmail.com> wrote:
> On Sun, Sep 23, 2012 at 12:06 AM, Steven D'Aprano
> <steve+comp....@pearwood.info> wrote:

>> On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:
>>
>>> Out of curiocity how would i used my python counter source code along
>>> with Joomla?
>>
>>
>> This is not a Joomla forum. We do not know how to run code in Joomla.
>

> If they know Joomla(PHP, CSS, HTML, JAVASCRIPT, templates), then they
> should know something about python, unlike Steven D'Aprano, who only
> knows Python, and in other posts, not that well to be a self
> proclaimed expert.

Steven's point is not that we, human beings (or parahuman beings, as
the case may be), do not know how to run code in Joomla; I've worked
with it, and know something about it, and my day job involves some PHP
programming, so there's a reasonable chance that I could help him. (If
I cared to. I don't have very much sympathy for security holes in old
versions of big frameworks.)

But this is not the forum for it. We, the collective intelligence of
python-list and comp.lang.python, are not experts on PHP, Joomla, etc,
etc, etc. The fact that, in theory, you could make Joomla use Python
is insignificant. I could write a Python script that fetches content
from a Joomla web site, but that doesn't make Joomla questions
appropriate here.

ChrisA

[Dwight Hutto]

On Sun, Sep 23, 2012 at 12:56 AM, Chris Angelico <ros...@gmail.com> wrote:
> On Sun, Sep 23, 2012 at 2:48 PM, Dwight Hutto <dwight...@gmail.com> wrote:
>> On Sun, Sep 23, 2012 at 12:06 AM, Steven D'Aprano
>> <steve+comp....@pearwood.info> wrote:

>>> On Sat, 22 Sep 2012 19:52:00 -0700, Νίκος Γκρεεκ wrote:
>>>
>>>> Out of curiocity how would i used my python counter source code along
>>>> with Joomla?
>>>
>>>
>>> This is not a Joomla forum. We do not know how to run code in Joomla.
>>

>> If they know Joomla(PHP, CSS, HTML, JAVASCRIPT, templates), then they
>> should know something about python, unlike Steven D'Aprano, who only
>> knows Python, and in other posts, not that well to be a self
>> proclaimed expert.
>
> Steven's point is not that we, human beings (or parahuman beings, as
> the case may be), do not know how to run code in Joomla; I've worked
> with it, and know something about it, and my day job involves some PHP
> programming, so there's a reasonable chance that I could help him.

Then a referral, is what he needs, and what you need is to tell others
you're a cross languaged programmer.

(If
> I cared to. I don't have very much sympathy for security holes in old

SYmpathy, how about empathy, to show your designs can have bugs, which
is why they have version.

> versions of big frameworks.)

Then refer him to the joomla security hole mailing list

Or extend your skills, help him, then refer him

>
> But this is not the forum for it. We, the collective intelligence of
> python-list and comp.lang.python, are not experts on PHP, Joomla, etc,

We're the borg. We have google to help, or another mailing list with data.

> etc, etc. The fact that, in theory, you could make Joomla use Python
> is insignificant. I could write a Python script that fetches content
> from a Joomla web site, but that doesn't make Joomla questions
> appropriate here.
>

It does if the page he's using uses Python execution of code.

[Νίκος Γκρεεκ]

Τη Κυριακή, 23 Σεπτεμβρίου 2012 7:48:40 π.μ. UTC+3, ο χρήστης David Hutto έγραψε:

> No, joomla is a CMS framework of several languages. You're right, this
>
> is a Joomla question, but even python could be added into joomla as an
>
> API>

Thank you for pointing this out, looks very interesting, i already asked in forum.joomla.gr and i will post back if this is doable or not which as you claim it must be.

It would be nice if out python scripts can be used along with Joomla CMS, Drupal or even Wordpress.

[Νίκος Γκρεεκ]

Τη Κυριακή, 23 Σεπτεμβρίου 2012 7:48:40 π.μ. UTC+3, ο χρήστης David Hutto έγραψε:

> No, joomla is a CMS framework of several languages. You're right, this
>
> is a Joomla question, but even python could be added into joomla as an
>
> API>

[Dwight Hutto]

> It would be nice if out python scripts can be used along with Joomla CMS, Drupal or even Wordpress.

As long as the server side prerequisites has been met, then the code
should execute as long as it is allowed in the plugins.

[Chris Angelico]

On Sun, Sep 23, 2012 at 3:18 PM, Dwight Hutto <dwight...@gmail.com> wrote:
> On Sun, Sep 23, 2012 at 12:56 AM, Chris Angelico <ros...@gmail.com> wrote:
>> Steven's point is not that we, human beings (or parahuman beings, as
>> the case may be), do not know how to run code in Joomla; I've worked
>> with it, and know something about it, and my day job involves some PHP
>> programming, so there's a reasonable chance that I could help him.
>
> Then a referral, is what he needs, and what you need is to tell others
> you're a cross languaged programmer.

Okay. I hereby inform you all that I am polyglot. I know many
languages. But really, who here _isn't_? Is there anyone on this list
who has absolutely no skills outside of Python? I rather doubt it.

>> (If I cared to. I don't have very much sympathy for security holes in old

>> versions of big frameworks.)

>
> SYmpathy, how about empathy, to show your designs can have bugs, which
> is why they have version.
>

> Then refer him to the joomla security hole mailing list

How about: Google is your friend? I'm sure that a Joomla security hole
mailing list can easily be found at the opposite end of a web search.

> We're the borg. We have google to help, or another mailing list with data.

He has Google to help, and he can access other mailing lists. Anyone
who wants to admin a web site ought to be able to find appropriate
places to ask questions. There's a reasonable level of courtesy and
assistance offered, but eventually, it's time to just say "This is off
topic" and not try to assist.

ChrisA

[Νίκος Γκρεεκ]

I shouldn't have asked about Joomla here, or even about Python embedding within Joomla cms. I was under the impression that the latter was relevant to ask here but it seems it isnt.

My bad, let's just close this thread so i don't waste anyone's time.

[Νίκος Γκρεεκ]

[alex23]

On Sep 22, 4:45 am, Νίκος Γκρεεκ <nikos.gr...@gmail.com> wrote:
> One webpage of mine,http://www.varsa.gr/has been *hacked* 15 mins ago.

Here is your problem:

> joomla

If you're looking for a more secure solution:

http://plone.org/products/plone/security/overview

[Wayne Werner]

On Sat, 22 Sep 2012, Νίκος Γκρεεκ wrote:
>
> Okey i'll ask this to the officila joomla forum, one last thing though.
>
> Is there a way to somehow embed(or utilize) python code, for example my python counter code script you have seen last week inside my Joomla/WordPress cms sites?
>
> For example:
>
> http://superhost.gr/ is my main website utilizing python counter script.
>
> http://superhost.gr/html/?show=log is my own way(i prefer it over awstats - don't ask why) for viewing my visitors.
>
> in my other sites which are CMS sites, like
>
> http://varsa.gr
> and
> http://thessalonik.wordpress.com/
>
> is there a possible way to embed(if thats the term) my python counter script there too?
>
> so i can keep track of visitors info for each page i have there?

Sure, but why create a counter (ugh) when you can use something like
Google Analytics for free and get much more interesting and useful
metrics?

-Wayne

[Wayne Werner]

On Sun, 23 Sep 2012, Dwight Hutto wrote:
<snip>
> We're the borg.

Oh, so you *are* a robot. That does explain your posts ;)

[Emile van Sebille]

On 9/26/2012 6:06 PM Wayne Werner said...

Damn. Now I'll forever more hear Stephen Hawkin's voice as I read the
repeated contexts. Maybe that'll help.

EMile

[MRAB]

On 2012-09-27 02:06, Wayne Werner wrote:
> On Sun, 23 Sep 2012, Dwight Hutto wrote:
> <snip>
>> We're the borg.
>
> Oh, so you *are* a robot. That does explain your posts ;)
>

<pedantic>The Borg are cyborgs, not robots.</pedantic>

[Prasad, Ramit]

????? G??ee? wrote:

> I shouldn't have asked about Joomla here, or even about Python embedding
> within Joomla cms. I was under the impression that the latter was relevant to
> ask here but it seems it isnt.
>
> My bad, let's just close this thread so i don't waste anyone's time.

Now when/if you get Joomla to run Python code and have a problem
with *Python* code/coding, feel free to come back and ask questions
on that.
This email is confidential and subject to important disclaimers and
conditions including on offers for the purchase or sale of
securities, accuracy and completeness of information, viruses,
confidentiality, legal privilege, and legal entity disclaimers,
available at http://www.jpmorgan.com/pages/disclosures/email.