{"id":2178,"date":"2014-09-29T16:02:04","date_gmt":"2014-09-29T22:02:04","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2178"},"modified":"2014-09-29T16:02:04","modified_gmt":"2014-09-29T22:02:04","slug":"hackers-still-trying-to-exploit-joomla-1-5-vulnerability-fixed-six-years-ago","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2014\/09\/29\/hackers-still-trying-to-exploit-joomla-1-5-vulnerability-fixed-six-years-ago\/","title":{"rendered":"Hackers Still Trying To Exploit Joomla 1.5 Vulnerability Fixed Six Years Ago"},"content":{"rendered":"<p>We were recently checking something in our analytics and noticed that a rather odd URL had been accessed. The URL, http:\/\/www.whitefirdesign.com\/blog\/?option=com_user&amp;view=reset&amp;layout=confirm, was for a section of our website running WordPress but the URL parameter,\u00a0?option=com_user&amp;view=reset&amp;layout=confirm, was for something Joomla related based on the &#8220;com_user&#8221; portion. A quick search\u00a0identified that this was an attempt to exploit <a href=\"http:\/\/forum.joomla.org\/viewtopic.php?p=2028782\">a vulnerability in older versions of Joomla<\/a>. What is interesting about this is that the vulnerability was fixed in Joomla 1.5.6, which was <a href=\"http:\/\/www.joomla.org\/announcements\/release-news\/5199-joomla-156-released.html\">released in August of 2008<\/a>. Since most\u00a0hacking attempt will not show up in analytics &#8211; due to them not requesting the tracking code &#8211; we were curious to see if there had been other attempts to exploit this\u00a0that\u00a0would show up in our access logs. We found that in\u00a0the last six months there were attempts to exploit the vulnerability on 48 days. So hackers\u00a0still feel there are enough Joomla website that\u00a0haven&#8217;t been updated in six years to try to exploit it regularly.<\/p>\n<p>There are a couple of quick takeaways from this. One is that is that if you still have websites running Joomla 1.5, for which <a href=\"http:\/\/docs.joomla.org\/Joomla!_CMS_versions\">support ended in September of 2012<\/a>,\u00a0you should make sure they have been\u00a0upgraded to the last version, <a href=\"http:\/\/www.joomla.org\/announcements\/release-news\/5419-joomla-1526-released.html\">1.5.26<\/a>, and had the <a href=\"http:\/\/docs.joomla.org\/Security_hotfixes_for_Joomla_EOL_versions#Joomla.21_1.5\">additional security fix applied<\/a>\u00a0so that they are protected against attempts to exploit any vulnerabilities in older versions. The other is that you don&#8217;t need concerned just because there has been an attempt to exploit a vulnerability on your website, considering that in this case a hacker tried to a vulnerability in very old versions of Joomla on a website running WordPress.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We were recently checking something in our analytics and noticed that a rather odd URL had been accessed. The URL, http:\/\/www.whitefirdesign.com\/blog\/?option=com_user&amp;view=reset&amp;layout=confirm, was for a section of our website running WordPress but the URL parameter,\u00a0?option=com_user&amp;view=reset&amp;layout=confirm, was for something Joomla related based on the &#8220;com_user&#8221; portion. A quick search\u00a0identified that this was an attempt to exploit a &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2014\/09\/29\/hackers-still-trying-to-exploit-joomla-1-5-vulnerability-fixed-six-years-ago\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Hackers Still Trying To Exploit Joomla 1.5 Vulnerability Fixed Six Years Ago&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[19,15],"tags":[],"class_list":["post-2178","post","type-post","status-publish","format-standard","hentry","category-joomla","category-website-security"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2178"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2178\/revisions"}],"predecessor-version":[{"id":2180,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2178\/revisions\/2180"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}