登录 注册

登录

问题 黑客警告使用 JoomDonation.com 团队产品的用户:你的网站已经被黑!

更多
2014年11月27日 07:29 - 2014年11月27日 07:30 #1 作者: Joomla之门
今天我的邮箱收到一封黑客的警告邮件,大意是说:他发现 JoomDonation.com 出品的 joomla 扩展其代码写得贼烂,所以他很容易就植入了自己的木马,从而入侵了大概 1万 个 Joomla 网站。下一步,如果站长不卸载 JoomDonation.com 的扩展,他的木马就会将网站黑掉……

邮件标题是:You're HACKED thanks to JoomDonation.com

邮件全文如下:

Hello baijianpeng

How the hell are you? No need to ask, I’m fine!

I’m the one who has hacked all of your sites, emails, accounts etc. that has been using JoomDonation.com site/components. Scaring? Hell Yea :-)

About 15 months ago, I was able to penetrate into several Joomla sites. One of these luckies was JoomDonation.com After a while I realised that their crappy components were used by other Joomla developers too so I injected my shells into JoomDonation.com components. As per result, I’ve a list of 300000+ Joomla users+emails and you’re just one of them, lucky thing :-)

Don’t you believe? Follow me on twitter.com/joomleaks or #joomleaks hashtag and you’ll see the database of JoomDonation.com as a beginning.

Yea Yea I know you all have scanners, firewalls, admin tools etc installed on your server/site but you what? F*ck em all. They’re just noob tools. Think about, I’ve injected my own shells into 10000+ Joomla sites and none of you or your magic tools have been awared of.

WARNING: You have 5 days to clean up your sites then my bot will start putting your sites down. If your site was not so valuable for me, removing the components would be enough. If so, then I will most probably blackmail you soon :-)

Want an advice from a hacker? Don’t use any script from Thailand/Vietnam developers, their code is so crappy :-) Try Indian quality.

This email was sent to all JoomDonation.com users. We’ll meet again if you have accounts registered to other Joomla developers :-)

This was my thanksgiving gift, keep yourself safe ;-)

JnLiau


邮件发件人邮箱显示的是 JoomDonation.com 的域名。姑且不论是否真的有那么多网站被侵入,单从黑客能够劫持 JoomDonaiton 的官方邮箱来发送这封邮件,就足以证明这起码不是一个玩笑。因为这邮件不是只发送给我一个人,在 JoomDonation 官方论坛可以看到很多人都收到了:

Got this email: You're HACKED thanks to JoomDonation.com

因此,Joomla之门在此提醒大家:做好网站备份,立即备份!同时,检查你网站上所有与 JoomDonation,甚至任何来自越南、泰国团队的 Joomla 扩展。在保持最大程度的警惕同时,使网站正常运行。我们会继续关注这个问题。

付费下载 Joomla 3 扩展汉化版: 我要付费支持 Joomla 之门!
最后修改: 2014年11月27日 07:30 由 Joomla之门. 原因: 修改错别字

登录 或者   注册一个会员帐号 来参与讨论

更多
2014年11月27日 07:41 #2 作者: Joomla之门
看起来这个事动静挺大,已经惊动了很多 Joomla 用户,连 Admin Tools (一款 Joomla 安全相关扩展)的作者 Nicholas 都撰文分析了:

Announcement regarding the JoomLeaks allegations

Nicholas 的建议也差不多:目前没有强有力证据证明黑客已经得手。尽快做好全站备份。更换不太安全的密码。保持警惕。

付费下载 Joomla 3 扩展汉化版: 我要付费支持 Joomla 之门!

登录 或者   注册一个会员帐号 来参与讨论