?
Solved

Server Hack - IRC Daemon from Joomla

Posted on 2014-03-07
6
Medium Priority
?
421 Views
Last Modified: 2014-06-16
Hi,

We have an older Joomla 2.5.? site on a shared host.

Our host emailed to say that the server was hacked and that our account was directly responsible (ish).

The hacker was attempting to turn the server into an IRC Daemon to join a botnet (as claimed by our hosting company).

This seems odd, as my limited understanding suggests that installing software into a server requires command prompt access.

Just want to see if it is possible / likely that an insecure version of Joomla could allow a hacker to compromise a server to the point where they could setup an IRC Daemon.

Or should I be chasing the hosting company to patch their server directly.

Cheers
0
Comment
Question by:stirlingit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 300 total points
ID: 39913017
It is very possible.  
You should always make sure your software is upto date (including extensions) - Joomla, WP etc are notorious for being hacked - it's the downfall of open source software

Obviously they have blocked it but you need to clean up your site.
0
 
LVL 62

Expert Comment

by:gheist
ID: 39913197
There are about 50 vulnerabilities allowing upload and execution of code in Joomla 2.5.0.
Did they notify you about security issue in advance? Any proof you are at fault? Are thay able to provide you with joomla-as-a-service like they do with PHP?
0
 
LVL 30

Assisted Solution

by:serialband
serialband earned 300 total points
ID: 39913827
There a lot of broken php code out there that allows for access to your disk.  An IRCbot server doesn't to be root to run on linux.  Did they tell you which IRCbot they've discovered?  That should help you narrow down the search.

You should run rootkit hunter.  

http://www.rootkit.nl/projects/rootkit_hunter.html
0
Tutorial: Introduction to Managing a Linux Server

In this tutorial on systemd, we will explore:
-OS/Distro Adoption
-chkconfig and Other Legacy Commands
-Summary and Key Commands

 
LVL 58

Expert Comment

by:Gary
ID: 39913836
He's on shared hosting, he's not going to have root access. Anyway sounds like the host blocked it.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 300 total points
ID: 39914325
The most logical would be to restore your content from backup on fresh joomla and make sure to update it sometimes (subscribing to Xss or anouncement mailing list is good idea)
0
 

Author Closing Comment

by:stirlingit
ID: 40137086
Was not a solution, rather was just looking for information :)
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month9 days, 12 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question