Forum & Blog Attacks

com_avreloaded needs to be updated

July 25, 2011 | Author

Joomla plugin security alert!

According to the author of the Joomla plugin AllVideos Reloaded:

Security Alert Attention! A serious SQL injection vulnerability was just found in AllVideos Reloaded! A zero-day exploit already exists in the wild, which uses this vulnerability in order to steal your user-database!

All users of version 1.2.6 and below, update to version 1.2.7 immediately!

For those who want to keep their database of customized players/tags/rippers, use the package named com_avreloaded-1.2.7_SECUPDATE-WITHOUT-DB.zip and simply install it over the existing version using Joomla’s extension installer. All other users: Use the regular (full) installer package.

Please check your sites and if you’re using this plugin, please update immediately.

Have any other plugins you’re concerned with?

Post here with what they are and we’ll check them out for you.

Posted in Forum & Blog Attacks | No Comments »

WordPress plugin wp-phpmyadmin should be removed

July 25, 2011 | Author

If anyone reading this blog has wp-phpmyadmin installed on their site you should remove it immediately.

For the past 2 months we’ve been seeing more and more websites with this plugin being infected.

There is usually a file added: upgrade.php that is not part of the legitimate files and has various malicious code inside.

This plugin is no longer on the WordPress plugin repository as it has not been updated since 2007.

While a plugin like this might seem more convenient for database work than using your hosting provider’s control panel, it’s also more convenient for hackers.

We did a Google search on this and found that the majority of websites with this plugin, also don’t have any prevention for viewing the directory this is installed in.

This means that a hacker can click on “Parent Directory” and see all the plugins installed. While this isn’t a huge vulnerability, it’s so easy to prevent with a either a .htaccess file or an empty index.html file.

The less information a hacker knows about your website the better off you are.

What about you? Do you have this installed on your website? Are there other plugins you worry about? Leave a comment here and we’ll investigate it.

Need your website cleaned, protected and monitored? Send us an email: support@wewatchyourwebsite.com

Posted in Forum & Blog Attacks | Tags: , , | No Comments »

Forums Under Attack

December 19, 2008 | Author
If you've ever visited a forum before, you know how helpful they can be. These very same forums can also harm you. Well not you personally, but your computer. And if you're like me, your computer is an extension of you. Read the rest of this entry »
Posted in Forum & Blog Attacks | Tags: , , , , , | No Comments »