[en] Mass Joomla JDownload hack Attempt

Today i notice a change of the Joomla! Hack attempt, from the usual JCE attempt it switchs to jdownload attempt.

https://www.malekal.com/modsec/index.php?ip=194.247.30.166#302900
https://www.malekal.com/modsec/index.php?ip=91.121.115.147#302896
https://www.malekal.com/modsec/index.php?ip=176.31.116.128#302895
https://www.malekal.com/modsec/index.php?ip=212.227.98.244#302907
https://www.malekal.com/modsec/index.php?ip=79.98.23.8#302916
https://www.malekal.com/modsec/index.php?ip=77.222.61.87#302917
https://www.malekal.com/modsec/index.php?ip=46.4.53.77#302918
etc.
There is a lot of attempts.

We can see the increase (there is also more spam attempts because i improve the detections, so more has been caught) :

Joomla_attacks

All the attempts use an email address haxorid@gmail.com and are trying to upload a file called nyet.gif.

Example :
Joomla_Jdownload

Joomla_Jdownload2

 

name = defacerid
Maybe defacing indonesian hackers.

Joomla_Jdownload3

Probably the code used by the attacker  : http://pastebin.com/8rb8mnUS (mirror : http://pjjoint.malekal.com/files.php?read=20140927_i8z6h13m1415)

Seems the attack began on 09/11 but i didnt get any attempt on my website, only from today :
http://joomlaforum.ru/index.php?topic=300659.new
http://www.jdownloads.com/forum/index.php?topic=7336.0;all

The vulnerabilty Jdownload Bulletin (09/13/2014) : http://www.jdownloads.com/index.php?option=com_content&view=article&id=231:urgent-security-update-for-19-series&catid=51:news

For Joomla! 2.5: get jD1.9.1.6

For Joomla! 3.x: get jD1.9.2.11

If you use Joomla! JDownload, it’s very recommended to update.

 

Print Friendly, PDF & Email
(Visité 142 fois, 1 visites ce jour)

Vous pouvez aussi lire...

Les Tags : #Windows10 - #Windows - #Tutoriel - #Virus - #Antivirus - #navigateurs WEB - #Securité - #Réseau - #Internet