Joomla.org Hacked
Today, the popular site Joomla.org which creates and uses the Joomla CMS (Content Management System) was hacked, with the standard “hacked by” message being left instead of the site itself.
This hack has not only affected the Joomla.org website, but has also prompted fear across the globe without thousands upon thousands of websites using the same system in which Joomla.org was using.
The message that was originally read was:
Template File Not Found! Looking for template:
Hacked M3rhametsiz & Zorbey
A screenshot is available by clicking on the image on the right hand side.
It was however soon after that the Joomla.org website was pulled offline by it’s developers, obviously to stop the hack message being displayed. However, soon after, the standard Joomla offline logo was replaced with the following image:
Yes, it was hacked once again by a different hacker!UPDATE (19/8/07 2:05pm): As ilox said below, the site has been reopened but no official announcement made.
The site was fixed, and reopened. We all considered that this was finally the end, however soon after all other Joomla based websites on the Joomla.org domain were hacked, including the Store, Help site and Developement Site (screenshots below)
–
The Joomla.org Store Hacked message
–
The Joomla.org Help site Hacked message
–
And, the Joomla.org Developement website Hacked message.
Obviously, something like this has stirred site’s around the globe, without thousands upon thousands using the same system that Joomla.org develops. However, Joomla.org representative Louis Landry, had said that the hack wasn’t due to the popular open source content management system, but in face a plugin one of the site’s were running.
A simple and as we have all seen common mistake was made and the print mojo component had a vulnerability to remote file inclusion. Louis Landry - Joomla.org Developement Workgroup
August 19th, 2007 at 1:31 am
All sites are back up and running, at this stage we are all waiting for the Joomla team to post on what they have found. Until they do then any other speculation is simply guessing.
August 19th, 2007 at 2:28 pm
More hacking has been done, and the post has been updated.
August 20th, 2007 at 1:30 pm
My website has also been hacked this morning … the bastards erased my configuration.php file and replaced it by “hacked by” arizona and someone else i can’t remember. Ofcourse within hours, i’m repaired the damage.
I’ve called my ISP and they’re investigating the logs. There weren’t many visitors to the website in the last 2 days so soon i’ll know they’re IP addresses. Then it’s of to police and let them deal with those hackers… i have better things to do. I don’t know why they do it… does sitting in a jail cell and never being able to get a job (after a conviction) appeal to them?
If you’re a hacker reading this, i suggest you use your talents to make some money by offering security services rather than by hacking sites. Wouldn’t you rather earn $200 an hour than waste your time hacking an everyday person’s website.
August 20th, 2007 at 3:33 pm
That seriously sucks Ross, sorry to hear about this. Just a suggestion, keep backing up your website in case something like this happens.
August 21st, 2007 at 3:55 pm
We were hacked too, 2 days ago. Restored witin the hour. Now under investigation. Hacker made mistake hacking into a server this is very monitored so expect to have something for the police soon.
To the hacker who reads this: get a life!
September 5th, 2007 at 2:23 am
Actually, they are bastard turkish LAMERS!!!! They are all LAMERS… They are poor and miserable sick person. So don’t say hacker. Say LAMER instead of hacker.
November 23rd, 2007 at 2:36 pm
i understand your rage, folks…im a turkish guy and i apologize for what those miserable bastards have done.They all are totally lamer as jack said, after using some brutal force and other softwares they call self as “hacker”. My own web site has been hacked 2 times, and finally i ve found traces of fckin lamer: he was miserable 15 years old kid with acnes on his face…I think they suppose what they did is a special ability…its shame
August 14th, 2008 at 5:55 pm
This really sucks,
My site http://www.painathlon.com uses Joomla and is totally set up for a big charity event I run in Perth, Australia. Now no-one can donate online and I can’t put any results or pics up.
Get a message “redmin security get down” with my event logo in place of the original homepage
I can’t even get in the backend of the site anymore.
How do I go about trying to fix this?
September 20th, 2008 at 4:09 pm
Our site was hacked also, they hacked the IP this time as well, I have a suspicion on how they did it. if you are using light security in your username and password for joomla or if you use an hosting service suc as ipowerweb you need to change your username and password.
lots of times the hosting server will use your domain name as part of your login..
so what they do is hack into your joomla site, and from there they can get login information
there are a few of us out there working on a little surprise for these punks.. it will cost them dearly