×
Kunena 5.1.7 Released - Security Release (20 Nov 2018)

The Kunena team has announce the arrival of Kunena 5.1.7 [K 5.1.7] which is now available for download as a native Joomla extension for J! 3.9.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Solved Kunena 3.0.3 hacked: Redirects to spam site

More
4 years 7 months ago - 4 years 7 months ago #1 by Grubbe
Hi

My Joomla 3.2 was hacked causing the main site to redirect to a spam site when visiting from iPad. The redirect only happened once in a day. I removed some suspicious code from the root index.php file and that solved the problem.

However, I am still getting redirected when I click the Forum link in my menu, e.g. when I visit the main page of Kunena Forum Component (front end). The redirect only occurs on iPad and only about once in a day. I've been going through all components/com_kunena files and I didn't find any suspicious code there (quick look). So my question goes: If I am getting redirected when visiting the Kunena main page (not other parts of my Joomla site) where is it possible that the malware code is placed?

This message contains confidential information


Thanks (to all the helping people and not to the **** hackers) :-)
Last edit: 4 years 7 months ago by rich. Reason: Link to the Web page made invisible

Please Log in or Create an account to join the conversation.

More
4 years 7 months ago - 4 years 7 months ago #2 by DTP2
I had exactly the same situation. I used sitedif to compare the uncompromised to the compromised website and was able to find the unwanted code. Three times the site got hacked and three times in different locations. But just removing this code isn't enough. There is a leak somewhere that has to be fixed to.

I did that whole fixing proces twice. The first time removed the code, change passwords and some other small stuff. Until the next hack and a message from my hoster my account was suspended because they got blacklisted.

Now my whole site is rebuild with alle the latest versions (also components and plugins), all the stuff I don't need is removed (for example Tapatalk integration), have Eyesite monitoring all the changes in the website's code and have a component to make a daily backup to prevent too much loss in case of a possible new hack.

Good luck with this and I will be reading all the other answers with much interest.
Last edit: 4 years 7 months ago by DTP2.
The following user(s) said Thank You: Grubbe

Please Log in or Create an account to join the conversation.

More
4 years 7 months ago #3 by Grubbe
Thanks. It seems like sitedif is only available for Windows. Do you know if something similar has been made for Mac?

Kunena and Jumi are my only extensions so I believe the security issue lies in Joomla or Kunena. As you say, I should fix the leak. Upgrading Joomla or Kunena is however a pain in the *** because of all the core hacks and customizations I have made. A simple update that only fixes the security issues would be appreciated - now I'm just dreaming.

Please Log in or Create an account to join the conversation.

More
4 years 7 months ago - 4 years 7 months ago #4 by Grubbe
I have now upgraded Kunena to the latest version and it took me only 1 hour to redo the customizations. I did that simply by changing the affected files with the old ones from my backup (I know the proper way would be only to change the affected code and not the complete files).

I hope that the malware code has disappeared during the update - I'll keep an eye on my site through iPad the next days. I also hope that the XSS vulnerability, that has been fixed in the latest version of Kunena, was the security issue that let the hackers in at my site. If that is the case I can skip upgrading my Joomla to the latest version (believing that the security issues in Joomla that has been fixed in the latest versions is not so severe) - a step that will cost me days of work.
Last edit: 4 years 7 months ago by Grubbe.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.094 seconds