Joomla! reCaptcha Component

[Imran Ali]

Hey Guys
I am quite amazed that Joomla! does not have a solid Captcha
Component. reCaptcha seems quite far from Joomla! at the moment. The
best Captcha Component on the JED seems good but the issue with it is
that it hacks Joomla! files which doesn't seem that great a thing to
do.

So I had the idea to create a reCaptcha component and I contacted my
good friend and awesome developer Morten Hundevad and gave him the
problem statement to develop something for reCaptcha that does not
need to hack Joomla! files.

He did some research and came up with the result that it can be done!
The only downside is that the user needs to have JavaScript enabled on
his/her browser. What do you guys think of this? Are there any other
Joomla! features that require Javascript?

Also are there any plans for a reCaptcha component in J! 1.6 basic
package?

Hoping for some answers soon.

[Hannes Papenberg]

We are providing hooks for captcha extensions to hook into forms in 1.6,
but there wont be a core captcha feature. That is something that third
party developers can solve way better than us. :-)

Hannes

Imran Ali schrieb:

[Wilco Jansen]

www.moovum.com

Can also been found on the Jed

[Oli Griffiths]

Hi All,

 I wanted to check that this is an actual bug and not a feature.

In JURI::getInstance() the url is being urldecoded on line 173. This is causing a problem for encoded ampersands within the url (%26).

If your url has the following:

option=com_whatever&myvar=my value %26 your value&someothervar=1

This ie being decoded from the request uri to:

?option=com_whatever&myvar=my value %26 your value

option=com_whatever&myvar=my & value&someothervar=1

Resulting in a parsed variables of:

option = com_whatever
myvar = my
value =
someothervar = 1

This is clearly incorrect and as the $mainframe->router() method sets the get array throught Jrequest::set(‘get’) the original correct values are being overwritten with the new incorrectly interpreted values.

Can anyone confirm this as an issue?

Oli

[Ryan W. Ozimek]

Oli,

 

Very interesting find, thanks for bringing this up.  I don't have an answer for you, but I'm interested in seeing if I can help get us an answer.  I'll keep you posted on what I learn, and look forward to others chiming in too.

 

Best,

Ryan

-------------------------------------------------
Empower your organization with a new Web site!
Non-Profit Soapbox
http://www.nonprofitsoapbox.com

Ryan W. Ozimek
PICnet, Inc. - http://www.picnet.net
1605 Connecticut Ave, NW, 3rd Floor
Washington, DC 20009
P: 202.585.0239
F: 202.393.3031
"Empowering the missions of non-profits through technology"

---

From: joomla-de...@googlegroups.com [mailto:joomla-de...@googlegroups.com] On Behalf Of Oli Griffiths
Sent: Tuesday, May 12, 2009 7:34 AM
To: joomla-de...@googlegroups.com
Subject: URGENT: JURI url parsing error in getInstance

[Ryan W. Ozimek]

Hi everyone,

 

I'd be interested in seeing if anyone has found an answer/solution for this report.  Any thoughts?

Cheers,

Ryan

---

From: joomla-de...@googlegroups.com [mailto:joomla-de...@googlegroups.com] On Behalf Of Oli Griffiths
Sent: Tuesday, May 12, 2009 7:34 AM
To: joomla-de...@googlegroups.com
Subject: URGENT: JURI url parsing error in getInstance

[Ryan W. Ozimek]

Hi Oli,

 

It looks like the list has been a little quiet here on this question.  If you're not getting a good response here, it might be good to add this to the tracker, as you've got lots of great information below that could be really helpful for the bug squash team!

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemBrowse&tracker_id=32

Best,
Ryan

---

From: joomla-de...@googlegroups.com [mailto:joomla-de...@googlegroups.com] On Behalf Of Oli Griffiths
Sent: Tuesday, May 12, 2009 7:34 AM
To: joomla-de...@googlegroups.com
Subject: URGENT: JURI url parsing error in getInstance

[Louis Landry]

Oli,

I can certainly see the problem you are having as being a problem.  perhaps it would be better to move the urldecoding to the necessary sections of the URL in the parse method?

Louis

--
Development Coordinator
Joomla! ... because open source matters.
http://www.joomla.org

[Ryan W. Ozimek]

Oli,

 

Keep us posted on the intrusion situation from the hosts.  Often times we've found that this is more of a permissions issue than anything.  What version of Joomla 1.5.x were you using at the time?

Best,

Ryan

---

From: joomla-de...@googlegroups.com [mailto:joomla-de...@googlegroups.com] On Behalf Of Oli Griffiths

Sent: Monday, May 18, 2009 9:53 AM
To: joomla-de...@googlegroups.com
Subject: URGENT!! - Found over 100 joomla sites hacked

Hi All.

 Ive unearthed what appears to be a huge issue. We noticed that our site organic-development.com had some odd code at the bottom of the page. A load of links about different medicines!!

The following is the code:

<a href="http://www.armor-site.fr/?59234t" title="cheap xenical">cheap xenical</a>
<a href="http://marathongamer.com/?26483p" title="real phentermine diet pills">real phentermine diet pills</a>
<a href="http://luna-events.de/?50014x" title="cymbalta music">cymbalta music</a>
<a href="http://www.mariorizzini.edu.ec/?89978c" title="tramadol wikipedia">tramadol wikipedia</a>
<a href="http://www.meliguia.cl/?73750b" title="pharmacy propecia online">pharmacy propecia online</a>
<a href="http://redeemingriver.org/?73329n" title="mail order viagra">mail order viagra</a>
<a href="http://www.yeguadabalmaseda.com/web/?97398a" title="info on viagra">info on viagra</a>
<a href="http://www.husky-travel.is/?106568f" title="buy meridia with out prescription">buy meridia with out prescription</a>
<a href="http://meadowsmedia.com/mainpage/?15127n" title="viagra boots">viagra boots</a>
<a href="http://www.eontraining.com.sg/?63660i" title="zoloft reactions">zoloft reactions</a>
<a href="http://cerovac.net/portal/?83836o" title="daily cialis">daily cialis</a>
<a href="http://www.stiki.is/?104684p" title="prozac and zoloft">prozac and zoloft</a>
<a href="http://www.cranberrylakecc.org/joomla/?85363m" title="geodon drug">geodon drug</a>
<a href="http://www.mariorizzini.edu.ec/?48702e" title="propecia pill">propecia pill</a>
<a href="http://www.melanitheron.co.za/?83570k" title="herbal interactions cymbalta">herbal interactions cymbalta</a>
<a href="http://www.ubloom.com/?74394a" title="buy valium no rx">buy valium no rx</a>
<a href="http://www.solheimdesign.no/?80067j" title="avandia and heart attack">avandia and heart attack</a>
<a href="http://www.organic-development.com/?102300t" title="dropshipper generic viagra">dropshipper generic viagra</a>
<a href="http://www.aquazonia.nl/?22863v" title="price quote for viagra">price quote for viagra</a>
<a href="http://www.glacebaygleaner.com/public/?42001f" title="buy diazepam with discover">buy diazepam with discover</a>
<a href="http://signs2last.com/?52156h" title="taking prednisone while pregnant">taking prednisone while pregnant</a>
<a href="http://www.carsigma.com.br/?81734s" title="multiple births clomid">multiple births clomid</a>
<a href="http://www.lfv.co.at/?106785g" title="buying xanax underground">buying xanax underground</a>
<a href="http://www.pipelights.net/?30380w" title="viagra women forum">viagra women forum</a>
<a href="http://www.loveyourbusiness.com/?21033o" title="problems with ambien">problems with ambien</a>
<a href="http://www.reconstruction-posturale.com/v2-ciprp/?24819g" title="que sabes del viagra">que sabes del viagra</a>
<a href="http://www.ritaccaafc.com/?75923i" title="soma cube puzzle">soma cube puzzle</a>
<a href="http://www.awi-ag.de/uncut2/?37613b" title="ambien cr side affects">ambien cr side affects</a>
<a href="http://www.docsinprogress.org/?18107c" title="buy xanax online no rx">buy xanax online no rx</a>
<a href="http://signs2last.com/?47184x" title="women and viagra">women and viagra</a>
<a href="http://www.carsigma.com.br/?42071n" title="tramadol on line pharmacy">tramadol on line pharmacy</a>
<a href="http://www.kirstinedal.dk/?85532k" title="long term affect with zoloft">long term affect with zoloft</a>
<a href="http://www.francereservations.fr/?38781v" title="viagra bahrain">viagra bahrain</a>
<a href="http://meadowsmedia.com/mainpage/?90777y" title="zyrtec active ingredient">zyrtec active ingredient</a>
<a href="http://die-partei-bayern.com/?84840v" title="menstruation and zoloft">menstruation and zoloft</a>
<a href="http://www.meliguia.cl/?82740x" title="viagra pharmacy">viagra pharmacy</a>
<a href="http://www.fortdigital.com.sg/web/?89772t" title="withdrawal from lorazepam">withdrawal from lorazepam</a>
<a href="http://www.glacebaygleaner.com/public/?32389j" title="drug interactions with zoloft">drug interactions with zoloft</a>
<a href="http://www.uokfirstaid.co.uk/site/?42752j" title="prednisone teeth problems">prednisone teeth problems</a>
<a href="http://www.hyde900.co.uk/?38103m" title="cymbalta wellbutrin">cymbalta wellbutrin</a>
<a href="http://cerovac.net/portal/?34647k" title="new zyrtec">new zyrtec</a>
<a href="http://www.vocinelletere.com/?66262j" title="drug interactions prednisone">drug interactions prednisone</a>
<a href="http://www.carsigma.com.br/?51557z" title="the medicine called rimonabant">the medicine called rimonabant</a>
<a href="http://www.wreck99.info/?18601i" title="snorting lorazepam">snorting lorazepam</a>
<a href="http://www.aquazonia.nl/?75280p" title="suicide by taking zoloft">suicide by taking zoloft</a>
<a href="http://die-partei-bayern.com/?27530b" title="topamax wellbutrin">topamax wellbutrin</a>
<a href="http://www.zionhouseofprayer.cc/?104897h" title="generic viagra blue pill">generic viagra blue pill</a>
<a href="http://www.fortdigital.com.sg/web/?17370e" title="chinese viagra 5">chinese viagra 5</a>
<a href="http://www.pipelights.net/?94380r" title="hydrocodone symptoms">hydrocodone symptoms</a>
<a href="http://www.lapallanterie.ch/site/?71205m" title="benadryl ambien">benadryl ambien</a>
<a href="http://www.hyde900.co.uk/?63933r" title="weight gain and tramadol">weight gain and tramadol</a>
<a href="http://www.orebromoske.org/?96143w" title="lasix toxicity">lasix toxicity</a>
<a href="http://www.tfvh.de/?21954d" title="valium drug identification">valium drug identification</a>
<a href="http://www.reconstruction-posturale.com/v2-ciprp/?103971t" title="cymbalta versus zoloft">cymbalta versus zoloft</a>
<a href="http://andujarmusic.com/?29166k" title="wellbutrin 300">wellbutrin 300</a>
<a href="http://www.reconstruction-posturale.com/v2-ciprp/?88255e" title="buy xanax pharmacy overnight">buy xanax pharmacy overnight</a>
<a href="http://saaquebec.ca/?31948a" title="zoloft long term feedback">zoloft long term feedback</a>
<a href="http://www.carsigma.com.br/?79819q" title="ambien contraindications">ambien contraindications</a>
<a href="http://www.kirstinedal.dk/?23651s" title="phentermine without doctors perscription">phentermine without doctors perscription</a>
<a href="http://highway99blues.com/?89170o" title="xanax without us prescription">xanax without us prescription</a>
<a href="http://www.organic-development.com/?102747p" title="generic prozac">generic prozac</a>
<a href="http://signs2last.com/?11330n" title="viagra and zoloft">viagra and zoloft</a>
<a href="http://www.barzoj.net/?35117v" title="cialis bph">cialis bph</a>
<a href="http://www.algarve.com.pt/?57569u" title="quiting zoloft">quiting zoloft</a>
<a href="http://www.greeknightlife.de/?28079k" title="us pharmacy no prescription ambien">us pharmacy no prescription ambien</a>
<a href="http://greentable.net/?78147p" title="valium half life">valium half life</a>
<a href="http://www.trendsight.com/?96135t" title="buy cheap ambien without presciption">buy cheap ambien without presciption</a>
<a href="http://www.discoverpetoskey.com/?59752l" title="no overnight prescription soma">no overnight prescription soma</a>
<a href="http://www.rockymountainfurcon.org/2009/?28799h" title="generic for vytorin">generic for vytorin</a>
<a href="http://www.publishingbrunch.com/?14224o" title="hydrocodone app">hydrocodone app</a>
<a href="http://www.sgsennfeld.de/?44210a" title="no rx xanax">no rx xanax</a>
<a href="http://www.loveyourbusiness.com/?73597j" title="cialis disclosure">cialis disclosure</a>
<a href="http://www.yeguadabalmaseda.com/web/?108611z" title="synthroid and weight gain">synthroid and weight gain</a>
<a href="http://www.organic-development.com/?73585h" title="snorting zoloft">snorting zoloft</a>
<a href="http://jacyb.org/?83885v" title="order tramadol overnight">order tramadol overnight</a>
<a href="http://www.fortdigital.com.sg/web/?94649e" title="paxil weaning">paxil weaning</a>
<a href="http://www.vocinelletere.com/?86424e" title="soma silk">soma silk</a>
<a href="http://www.sgsennfeld.de/?17340m" title="propecia without prescription">propecia without prescription</a>
<a href="http://www.empresaclima.org/?31860i" title="herbal viagra online">herbal viagra online</a>
<a href="http://www.pipelights.net/?73478x" title="accutane diary">accutane diary</a>
<a href="http://www.aquazonia.nl/?82156y" title="requip medication">requip medication</a>
<a href="http://www.lapallanterie.ch/site/?67150j" title="diazepam and ibuprofen">diazepam and ibuprofen</a>
<a href="http://andujarmusic.com/?93842g" title="phentermine no processing fee">phentermine no processing fee</a>
<a href="http://andujarmusic.com/?30677t" title="expired tramadol">expired tramadol</a>
<a href="http://highway99blues.com/?76425z" title="is prozac addictive">is prozac addictive</a>
<a href="http://titeknek.gamf.hu/?13110g" title="propecia nizoral">propecia nizoral</a>
<a href="http://meadowsmedia.com/mainpage/?64252m" title="mail order viagra in uk">mail order viagra in uk</a>
<a href="http://www.mariorizzini.edu.ec/?38414s" title="prozac contraindications">prozac contraindications</a>
<a href="http://titeknek.gamf.hu/?59976b" title="paxil habit forming">paxil habit forming</a>
<a href="http://www.kinomanai.lt/lt/?73413y" title="furosemide lasix">furosemide lasix</a>
<a href="http://www.mobilitehumaine.ch/stoppoffroader/?31402l" title="ambien withdrawl">ambien withdrawl</a>
<a href="http://britishhomechildren.org/?68102r" title="viagra mailing list">viagra mailing list</a>
<a href="http://www.menschenfreundlicher.ch/stoppoffroader/?75530n" title="wellbutrin for adhd">wellbutrin for adhd</a>
<a href="http://die-partei-bayern.com/?98545q" title="valium no prescription roche">valium no prescription roche</a>
<a href="http://titeknek.gamf.hu/?87270p" title="can women take cialis">can women take cialis</a>
<a href="http://www.cranberrylakecc.org/joomla/?57249i" title="onset of action in valium">onset of action in valium</a>
<a href="http://meadowsmedia.com/mainpage/?91008m" title="synthroid and hot">synthroid and hot</a>
<a href="http://saaquebec.ca/?84364g" title="viagra bahrain">viagra bahrain</a>
<a href="http://www.reconstruction-posturale.com/v2-ciprp/?65403t" title="phentermine with no rx">phentermine with no rx</a>
<a href="http://www.sendec-cem.com/?62573s" title="what is vytorin">what is vytorin</a>
<a href="http://www.melanitheron.co.za/?107307f" title="zoloft antidepressant">zoloft antidepressant</a>
<a href="http://www.swissalpes.ch/?43921j" title="get high off zoloft">get high off zoloft</a>
<a href="http://www.algarve.com.pt/?22869u" title="viagra sale">viagra sale</a>
<a href="http://www.glacebaygleaner.com/public/?107030k" title="tramadol for ibs">tramadol for ibs</a>
<a href="http://www.ibdride.org/?109893q" title="pink hydrocodone">pink hydrocodone</a>
<a href="http://www.wea-ni.com/?18952m" title="prevacid replacement">prevacid replacement</a>
<a href="http://www.discoverpetoskey.com/?79141w" title="clomid sale">clomid sale</a>
<a href="http://ww4.libertycountyga.com/?96668r" title="cheapest hydrocodone">cheapest hydrocodone</a>
<a href="http://www.u8development.org/?78661u" title="can you snort xanax">can you snort xanax</a>
<a href="http://www.armor-site.fr/?21200b" title="lexapro drug information">lexapro drug information</a>
<a href="http://www.lfv.co.at/?103870z" title="mail order viagra">mail order viagra</a>
<a href="http://www.algarve.com.pt/?94680r" title="accutane and smoking">accutane and smoking</a>
<a href="http://www.wea-ni.com/?13657u" title="estradiol levels in pregnancy">estradiol levels in pregnancy</a> </font><!-- e -->



Hmm, somethings not right there.

Ive looked into this with our hosts and it appears our site was hacked. The more troubling problem is that the urls within the links in the source code of our site are ALL joomla sites (both v1 and 1.5), that appear to have been hacked using the same method. Each one of these sites has the same kind of code at the bottom of the page. Our hosts identified several files that have been changed/created since yesterday (when this appeared), they are as follows:


./help/css/extra
./help/css/extra/37179l.htm
./help/css/extra/53593v.htm
./help/css/extra/btn_find_it.gif
./help/css/extra/findwhat.gif
./help/css/extra/33681i.htm
./help/css/extra/69136d.htm
./help/css/extra/34037f.htm
./help/css/extra/65619f.htm
./help/css/extra/102300t.htm
./help/css/extra/34207d.htm
./help/css/extra/104262c.htm
./help/css/extra/96945b.htm
./help/css/extra/73585h.htm
./help/css/extra/18048a.htm
./help/css/extra/bg_header.gif
./help/css/extra/96468f.htm
./help/css/extra/69463y.htm
./help/css/extra/99549g.htm
./help/css/extra/23570s.htm
./help/css/extra/56202a.htm
./help/css/extra/38024v.htm
./help/css/extra/72467f.htm
./help/css/extra/97161d.htm
./help/css/extra/41525a.htm
./help/css/extra/102747p.htm
./help/css/extra/40527k.htm
./help/css/extra/pills_catalog.gif
./help/css/extra/index.php
./help/css/extra/34320u.htm
./help/css/extra/common.css
./help/css/extra/bg_header_main.gif
./help/css/extra/39151c.htm
./help/css/extra/bg_pills.gif
./help/css/extra/101957t.htm
./help/css/extra/39719h.htm
./help/css/extra/feed3.php
./help/css/extra/85040u.htm
./help/css/extra/84535e.htm
./help/css/extra/22545e.htm
./help/css/extra/92750r.htm
./help/css/extra/55132c.htm
./help/css/extra/28670j.htm
./help/css/extra/11907y.htm
./help/css/extra/pills.gif
./help/css/extra/21476l.htm
./help/css/extra/64376y.htm
./includes/footer_t.php
./includes/defaults.php

And the root index.php has also been modified to include the code on the page. Also, if you go to any of the URLs above you will find a page that renders out what appears to be a blank page but has an iframe that is placed over the whole page.

This page in turn references  ./help/css/extra/feed3.php which appears to be initiating some kind of tracking on http://qnstat.com/ which unsuprizingly enough looks to not be setup.

Our hosts are still looking into how this intrusion occurred but I find it quite troubling that so many sites have been hacked and most people are probably unaware that they have been.

Ill keep you posted when I hear more form our hosts.

Regards

Oli

[Anthony Ferrara]

Please note that this is being handled off a public list.

[Oli Griffiths]

Yeah, I think it needs to run the decode after the query string has been split off after parseURL and after parse_str, probably needs to loop through the _vars array and then be run.

Just out of curiosity, what is the urldecode for, is it to decode the querystring or the domain/host etc?

Oli

[Louis Landry]

Well in reality it would do both... as well as the path.

I actually think we'd want to run it over the vars array as you mention as well as the path field.

You wanna write a patch and throw it in the tracker? :-D

- Louis

[Oli Griffiths]

I noticed that this issue still isnt rectified. I submitted a tracker and a patch for this here:

http://joomlacode.org/gf/project/joomla/tracker/?action=TrackerItemEdit&tracker_id=32&tracker_item_id=16444

Any ideas?

On 18/05/2009 20:14, "Louis Landry" <louis....@joomla.org> wrote:

Well in reality it would do both... as well as the path.

I actually think we'd want to run it over the vars array as you mention as well as the path field.

You wanna write a patch and throw it in the tracker? :-D

- Louis

On Mon, May 18, 2009 at 1:35 PM, Oli Griffiths <o...@organic-development.com> wrote:

Yeah, I think it needs to run the decode after the query string has been split off after parseURL and after parse_str, probably needs to loop through the _vars array and then be run.

Just out of curiosity, what is the urldecode for, is it to decode the querystring or the domain/host etc?

Oli



On 18/05/2009 19:00, "Louis Landry" <louis....@joomla.org <http://louis....@joomla.org> > wrote:

Oli,

I can certainly see the problem you are having as being a problem.  perhaps it would be better to move the urldecoding to the necessary sections of the URL in the parse method?

Louis

On Tue, May 12, 2009 at 6:33 AM, Oli Griffiths <o...@organic-development.com <http://o...@organic-development.com> > wrote: