Kunena 5.2 RC 1 Released (25 Oct 2020)

The Kunena team is thrilled to announce the first public release candidate of Kunena 5.2, a native Joomla extension for Joomla 3.9. This is a development release and should be only be used for testing; this version is not recommended for live websites at this stage.

The purpose of this release is to encourage testing by downloading, installing and identifying any problems or shortcomings that people may discover. K 5.2.0 RC1 is stable and we are aware that people will discover defects. We encourage you to use the forum to report defects, as soon as they are discovered, so that the development team can work through the problems before the release of K 5.1 as a stable product. Reporting defects does not mean that the problems can or will be fixed. The Kunena team is looking forward to hearing your feedback on how well we have achieved our design goals.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Solved Kunena 3.0.3 hacked: Redirects to spam site

6 years 6 months ago - 6 years 6 months ago #1 by Grubbe

My Joomla 3.2 was hacked causing the main site to redirect to a spam site when visiting from iPad. The redirect only happened once in a day. I removed some suspicious code from the root index.php file and that solved the problem.

However, I am still getting redirected when I click the Forum link in my menu, e.g. when I visit the main page of Kunena Forum Component (front end). The redirect only occurs on iPad and only about once in a day. I've been going through all components/com_kunena files and I didn't find any suspicious code there (quick look). So my question goes: If I am getting redirected when visiting the Kunena main page (not other parts of my Joomla site) where is it possible that the malware code is placed?

This message contains confidential information

Thanks (to all the helping people and not to the **** hackers) :-)
Last edit: 6 years 6 months ago by rich. Reason: Link to the Web page made invisible

Please Log in or Create an account to join the conversation.

6 years 6 months ago - 6 years 6 months ago #2 by DTP2
I had exactly the same situation. I used sitedif to compare the uncompromised to the compromised website and was able to find the unwanted code. Three times the site got hacked and three times in different locations. But just removing this code isn't enough. There is a leak somewhere that has to be fixed to.

I did that whole fixing proces twice. The first time removed the code, change passwords and some other small stuff. Until the next hack and a message from my hoster my account was suspended because they got blacklisted.

Now my whole site is rebuild with alle the latest versions (also components and plugins), all the stuff I don't need is removed (for example Tapatalk integration), have Eyesite monitoring all the changes in the website's code and have a component to make a daily backup to prevent too much loss in case of a possible new hack.

Good luck with this and I will be reading all the other answers with much interest.
Last edit: 6 years 6 months ago by DTP2.
The following user(s) said Thank You: Grubbe

Please Log in or Create an account to join the conversation.

6 years 6 months ago #3 by Grubbe
Thanks. It seems like sitedif is only available for Windows. Do you know if something similar has been made for Mac?

Kunena and Jumi are my only extensions so I believe the security issue lies in Joomla or Kunena. As you say, I should fix the leak. Upgrading Joomla or Kunena is however a pain in the *** because of all the core hacks and customizations I have made. A simple update that only fixes the security issues would be appreciated - now I'm just dreaming.

Please Log in or Create an account to join the conversation.

6 years 6 months ago - 6 years 6 months ago #4 by Grubbe
I have now upgraded Kunena to the latest version and it took me only 1 hour to redo the customizations. I did that simply by changing the affected files with the old ones from my backup (I know the proper way would be only to change the affected code and not the complete files).

I hope that the malware code has disappeared during the update - I'll keep an eye on my site through iPad the next days. I also hope that the XSS vulnerability, that has been fixed in the latest version of Kunena, was the security issue that let the hackers in at my site. If that is the case I can skip upgrading my Joomla to the latest version (believing that the security issues in Joomla that has been fixed in the latest versions is not so severe) - a step that will cost me days of work.
Last edit: 6 years 6 months ago by Grubbe.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to edit your message.
Time to create page: 0.084 seconds