- Posts: 23
- Thank you received: 0
Kunena 6.3.0 released
The Kunena team has announce the arrival of Kunena 6.3.0 [K 6.3.0] in stable which is now available for download as a native Joomla extension for J! 4.4.x/5.0.x/5.1.x. This version addresses most of the issues that were discovered in K 6.2 and issues discovered during the last development stages of K 6.3
Solved Kunena security problem
- PieceOfCake
-
Topic Author
- Offline
- Junior Member
Less
More
8 years 7 months ago - 8 years 7 months ago #1
by PieceOfCake
Kunena security problem was created by PieceOfCake
Hello everyone,
I am actually experiencing some security problems with my Joomla! v3.4.4 (Kunena 4.0.5)
For the first time (since 2 years) I got spams on one (and only one) post of my forum. I deleted the spams, they continued to reply this post and this one only.
So I found as only solution to close the guilty post.
Before closing it I found the following lines in my raw logs :
Since I closed the entire post (forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal) I have no more spams.
Happy end ? not really since this moment, I have got a lot of connexions with a different IP each time and while analyzing my logs in details I found numerous entries which are all of this form :
it seems they are trying to use a task-change.html page which most of the time ends with a 404 error and although I am not sure this is the same hacker who spammed the post I had to close, I am not sure there is no security failure under that (seems they are trying to find one)
For the moment they could not spam my site again. I just have a bunch of unwanted connections recorded !
Do you have an idea of what is happening and how I have to manage that ?
you'll find my configuration report joined.
Best regards
I am actually experiencing some security problems with my Joomla! v3.4.4 (Kunena 4.0.5)
For the first time (since 2 years) I got spams on one (and only one) post of my forum. I deleted the spams, they continued to reply this post and this one only.
So I found as only solution to close the guilty post.
Before closing it I found the following lines in my raw logs :
I must say that I am using captcha - recaptcha and an API Key of Stop Forum Spam as protection for the forum (the entire site is protected with recaptcha API, aesecure and Honey Pot Project at global level)5.101.217.176 - - [20/Sep/2015:00:01:55 -0500] "GET /forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal.html HTTP/1.0" 200 14280 " www.guerrier-celeste.fr/forum/trucs-et-a...groupe-heal.html#465 " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
5.101.217.176 - - [20/Sep/2015:00:02:01 -0500] "POST /forum.html HTTP/1.0" 303 20 " www.guerrier-celeste.fr/forum/trucs-et-a...groupe-heal.html#465 " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
5.101.217.176 - - [20/Sep/2015:00:02:02 -0500] "GET /forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal.html HTTP/1.0" 200 14381 " www.guerrier-celeste.fr/51-le-warden-sou...groupe-heal.html#465 " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
5.101.217.176 - - [20/Sep/2015:00:02:06 -0500] "GET /forum/credits.html HTTP/1.0" 200 12155 " www.guerrier-celeste.fr/forum/credits.html " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
5.101.217.176 - - [20/Sep/2015:00:02:08 -0500] "GET /guide-de-survie/des-forums-des-reponses.html HTTP/1.0" 200 18681 " www.guerrier-celeste.fr/guide-de-survie/...ms-des-reponses.html " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36"
5.101.217.176 - - [20/Sep/2015:00:02:18 -0500] "GET /guide-de-survie/des-forums-des-reponses.html HTTP/1.0" 200 18681 " www.guerrier-celeste.fr/guide-de-survie/...ms-des-reponses.html " "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0"
5.101.217.176 - - [20/Sep/2015:00:02:26 -0500] "GET /guide-de-survie/des-forums-des-reponses.html?tmpl=component&print=1&page= HTTP/1.0" 200 5505 " www.guerrier-celeste.fr/des-forums-des-r...ponent&print=1&page= " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:28 -0500] "GET /forum/index.html HTTP/1.0" 200 14037 " www.guerrier-celeste.fr/forum/index.html " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:30 -0500] "GET /forum/messagesrecents.html HTTP/1.0" 200 15209 " www.guerrier-celeste.fr/messagesrecents.html " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:33 -0500] "GET /forum/aide.html HTTP/1.0" 200 16039 " www.guerrier-celeste.fr/aide.html " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:35 -0500] "GET /forum/recherche.html HTTP/1.0" 200 12551 " www.guerrier-celeste.fr/recherche.html " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:37 -0500] "GET /forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal/reply.html HTTP/1.0" 200 18177 " www.guerrier-celeste.fr/forum/trucs-et-a...oupe-heal/reply.html " "Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0"
5.101.217.176 - - [20/Sep/2015:00:02:42 -0500] "POST /forum.html HTTP/1.0" 303 20 " www.guerrier-celeste.fr/forum/trucs-et-a...oupe-heal/reply.html " "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0"
5.101.217.176 - - [20/Sep/2015:00:02:56 -0500] "GET /forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal.html HTTP/1.0" 200 16417 " www.guerrier-celeste.fr/forum/trucs-et-a...groupe-heal.html#594 " "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:38.0) Gecko/20100101 Firefox/38.0"
Since I closed the entire post (forum/trucs-et-astuces/51-le-warden-sous-eq2-builds-aa-raid-et-groupe-heal) I have no more spams.
Happy end ? not really since this moment, I have got a lot of connexions with a different IP each time and while analyzing my logs in details I found numerous entries which are all of this form :
141.101.132.169 - [22/Sep/2015:12:54:47 GET /guide-de-survie/des-forums-des-reponses.html?tmpl=component&print=1&page= HTTP/1.0 200 17578 www.guerrier-celeste.fr/des-forums-des-r...ponent&print=1&page= "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:49 GET /forum/index.html HTTP/1.0 200 55318 www.guerrier-celeste.fr/forum/index.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:51 GET /forum/messagesrecents.html HTTP/1.0 200 61263 www.guerrier-celeste.fr/messagesrecents.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:53 GET /forum/aide.html HTTP/1.0 200 57594 www.guerrier-celeste.fr/aide.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:56 GET /forum/recherche.html HTTP/1.0 200 47667 www.guerrier-celeste.fr/recherche.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:58 GET /forum/user/task-change.html?topic_layout=threaded&044210eedf6d79d08916d53e42e3b143=1 HTTP/1.0 303 - www.guerrier-celeste.fr/forum/user/task-...d08916d53e42e3b143=1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:55:00 GET /forum/user/task-change.html?topic_layout=threaded&044210eedf6d79d08916d53e42e3b143=1 HTTP/1.0 303 - www.guerrier-celeste.fr/task-change.html...d08916d53e42e3b143=1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:55:02 GET /task-change.html?topic_layout=threaded&044210eedf6d79d08916d53e42e3b143=1 HTTP/1.0 404 3139 www.guerrier-celeste.fr/task-change.html...d08916d53e42e3b143=1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:55:04 GET /forum.html HTTP/1.0 200 55901 www.guerrier-celeste.fr/forum.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:55:11 GET /forum/breves-de-comptoir.html HTTP/1.0 200 70447 www.guerrier-celeste.fr/forum/breves-de-comptoir.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:39.0) Gecko/20100101 Firefox/39.0"
141.101.132.169 - [22/Sep/2015:12:54:40 GET /guide-de-survie/des-forums-des-reponses.html HTTP/1.0 200 73729 www.guerrier-celeste.fr/guide-de-survie/...ms-des-reponses.html "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1"
it seems they are trying to use a task-change.html page which most of the time ends with a 404 error and although I am not sure this is the same hacker who spammed the post I had to close, I am not sure there is no security failure under that (seems they are trying to find one)
For the moment they could not spam my site again. I just have a bunch of unwanted connections recorded !
Do you have an idea of what is happening and how I have to manage that ?
you'll find my configuration report joined.
Best regards
This message contains confidential information
Database collation check: The collation of your table fields are correct
Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |
This message contains confidential informationhtaccess: Exists | PHP environment: Max execution time: 120 seconds | Max execution memory: 256M | Max file upload: 128M
Kunena menu details:
Warning: Spoiler!
ID Name Menutype Link Path In trash 414 forum kunenamenu view=home&defaultmenu=414 forum No 415 Index kunenamenu view=category&layout=list forum/index No 416 Sujets récents kunenamenu view=topics&mode=replies forum/messagesrecents No 417 Nouveau sujet kunenamenu view=topic&layout=create forum/nouveausujet No 418 Pas de réponse kunenamenu view=topics&mode=noreplies forum/sansreponse No 419 Mes sujets kunenamenu view=topics&layout=user&mode=default forum/mesrecents No 420 Profil kunenamenu view=user forum/profil No 421 Aide kunenamenu view=misc forum/aide No 422 Recherche kunenamenu view=search forum/recherche No
Joomla default template details : jsn_epic_pro | author: JoomlaShine.com | version: 6.0.9 | creationdate: Unknown
Kunena default template details : JSN Epic | author: Joomlashine Team | version: 6.0.8 | creationdate: 12/04/2014
Kunena version detailed: Kunena 4.0.5 | 2015-08-17 [ Turnau ]
| Kunena detailed configuration:| Kunena integration settings:Warning: Spoiler!
Kunena config settings: board_offline 0 enablerss 1 threads_per_page 20 messages_per_page 6 messages_per_page_search 15 showhistory 1 historylimit 6 shownew 1 disemoticons 0 template jsn_epic showannouncement 1 avataroncat 0 catimagepath category_images showchildcaticon 1 rtewidth 450 rteheight 300 enableforumjump 1 reportmsg 1 username 1 askemail 0 showemail 0 showuserstats 1 showkarma 0 useredit 1 useredittime 0 useredittimegrace 600 editmarkup 1 allowsubscriptions 1 subscriptionschecked 1 allowfavorites 1 maxsubject 60 maxsig 300 regonly 0 pubwrite 1 floodprotection 5 mailmod 0 mailadmin 0 captcha 1 mailfull 1 allowavatarupload 1 allowavatargallery 1 avatarquality 75 avatarsize 512 imageheight 800 imagewidth 800 imagesize 150 filetypes txt,rtf,pdf filesize 120 showranking 1 rankimages 1 userlist_rows 30 userlist_online 1 userlist_avatar 1 userlist_posts 1 userlist_karma 0 userlist_email 0 userlist_joindate 1 userlist_lastvisitdate 1 userlist_userhits 1 latestcategory 0 showstats 1 showwhoisonline 1 showgenstats 1 showpopuserstats 1 popusercount 5 showpopsubjectstats 1 popsubjectcount 5 showspoilertag 1 showvideotag 0 showebaytag 0 trimlongurls 1 trimlongurlsfront 40 trimlongurlsback 20 autoembedyoutube 0 autoembedebay 0 ebaylanguagecode en-us sessiontimeout 1800 highlightcode 0 rss_type topic rss_timelimit month rss_limit 100 rss_included_categories rss_excluded_categories rss_specification rss2.0 rss_allow_html 1 rss_author_format name rss_author_in_title 1 rss_word_count 0 rss_old_titles 1 rss_cache 900 defaultpage recent default_sort asc sef 1 showimgforguest 1 showfileforguest 1 pollnboptions 4 pollallowvoteone 1 pollenabled 1 poppollscount 5 showpoppollstats 1 polltimebtvotes 00:15:00 pollnbvotesbyuser 100 pollresultsuserslist 1 maxpersotext 260 ordering_system mesid post_dateformat ago post_dateformat_hover datetime hide_ip 1 imagetypes jpg,jpeg,gif,png checkmimetypes 1 imagemimetypes image/jpeg,image/jpg,image/gif,image/png imagequality 50 thumbheight 32 thumbwidth 32 hideuserprofileinfo put_empty boxghostmessage 0 userdeletetmessage 0 latestcategory_in 1 topicicons 1 debug 0 catsautosubscribed 0 showbannedreason 0 showthankyou 1 showpopthankyoustats 1 popthankscount 5 mod_see_deleted 0 bbcode_img_secure text listcat_show_moderators 1 lightbox 1 show_list_time 720 show_session_type 0 show_session_starttime 0 userlist_allowed 1 userlist_count_users 1 enable_threaded_layouts 1 category_subscriptions post topic_subscriptions every pubprofile 0 thankyou_max 10 email_recipient_count 0 email_recipient_privacy bcc captcha_post_limit 0 keywords 0 userkeywords 0 image_upload registered file_upload registered topic_layout flat time_to_create_page 0 show_imgfiles_manage_profile 1 hold_newusers_posts 0 hold_guest_posts 0 attachment_limit 8 pickup_category 0 article_display intro send_emails 1 fallback_english 1 cache 1 cache_time 60 iptracking 1 rss_feedburner_url autolink 1 access_component 0 statslink_allowed 0 superadmin_userlist 0 legacy_urls 1 attachment_protection 0 categoryicons 1 avatarresizemethod 1 avatarcrop 0 user_report 1 searchtime 365 teaser 0 ebay_language 0 twitter_consumer_key twitter_consumer_secret max_links 6 userlist_name 0 usernamechange 0 version_check 1 | Joomla! detailed language files installed:Warning: Spoiler!Kunena - AlphaUserPoints Disabled
Kunena - Community Builder Disabled
Kunena - Gravatar Enabled: avatar=1
Kunena - JomSocial Disabled
Kunena - Joomla Enabled: access=1 login=1
Kunena - Kunena Enabled: avatar=1 profile=1
Kunena - UddeIM Disabled
Warning: Spoiler!
Joomla! languages installed: pt-PT Português (pt-PT) it-IT Italian (IT) pl-PL Polish (PL) en-GB English (en-GB) fi-FI Finnish (Suomi) fr-FR French (FR) nl-NL Dutch (NL) de-DE German (DE-CH-AT) es-ES Spanish (español) cs-CZ Czech (Ceština)
Third-party components: None
Third-party SEF components: None
Plugins: None
Modules: None
Last edit: 8 years 7 months ago by rich. Reason: Configuration report correctly inserted
Please Log in or Create an account to join the conversation.
8 years 7 months ago #2
by 810
Replied by 810 on topic Kunena security problem
this is not a security problem, just spammers, Like here on k.org we also need to delete some post each day.
You have set everything ok.
The only what you can do is block some countries on the server part. But if you have real visitors from that country, you can't do that.
You have set everything ok.
The only what you can do is block some countries on the server part. But if you have real visitors from that country, you can't do that.
Please Log in or Create an account to join the conversation.
- PieceOfCake
-
Topic Author
- Offline
- Junior Member
Less
More
- Posts: 23
- Thank you received: 0
8 years 7 months ago - 8 years 7 months ago #3
by PieceOfCake
Replied by PieceOfCake on topic Kunena security problem
These are not really the spams that cause me problems (I could easily claims to the non registered users to be validate by a moderator).
No ! Problems are all those unwanted connections that are trying to find a way to enter the forum out of control. One try about every 6 minutes.
Regards
No ! Problems are all those unwanted connections that are trying to find a way to enter the forum out of control. One try about every 6 minutes.
Regards
Last edit: 8 years 7 months ago by PieceOfCake.
Please Log in or Create an account to join the conversation.
Time to create page: 0.551 seconds