Support

Admin Tools

#17965 Akeeba Tools & JCE Editor

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by tampe125 on Friday, 25 October 2013 03:28 CDT

user79559
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Description of my issue:
Hello Support,
We are using Akeeba Backup tools ever since our Site was hacked. We are very happy with the product and its features.
Our question is...do we have any Security Issues because of the usage of JCE Editor? Because some say JCE is misused by hackers to hack the websites.
Thanks for your advice.
RamgeSoft

tampe125
Akeeba Staff
Hello,

as long as you keep JCE updated, you shouldn't have any problems with it.
There was a security bug, but it was discovered and fixed months ago.

However, you could have been hacked using another vulnerable extension, please take a look at the following instructions.
These are hints for a recently-hacked site, but it contains some useful information:

1. It is possible that the attacker is able to execute an arbitrary PHP file or exploit a vulnerability in a directly web accessible .php file. The .htaccess Maker front-end and back-end protection block, by default, access to all .php files except Joomla!'s index.php files. However, you can add exceptions. If you add an exception which allows specific .php files to be accessed and they are vulnerable then you've opened a back door to your site. If you enable direct access to all files (including .php) for a articular directory it is possible that the attacker found a way to upload a malicious script and execute it, hacking your site. If you have a secondary site, e.g. a Wordpress installation, inside your site's root and you allow access to it, it is possible that the attacker hacked it and used it as a back door to hack your Joomla! site. Of course there is also the possibility that if you didn't enable the front-end and back-end protection in Admin Tools .htaccess maker that a hacker found a vulnerability which allowed him to upload and execute a malicious script.

2. There's what I call the "under the radar" attack. On most shared hosts it is possible that if a hacker infiltrates another site on the same server he has write access to your site's files. It all depends on ownership and permissions. If the files are owned by the same user under which the web server runs for all sites hosted on the server (as opposed to being owned by your account's FTP user) then you are definitely vulnerable to this attack. Permissions with their second or third digit set to 6 or 7 (e.g. 664, 646, 775, 757 and so on) may also make you vulnerable to such an attack.

3. If you are using outdated software it is possible that it suffers by a vulnerability which cannot be prevented by a security solution. For example, Joomla! 1.6 and 1.7 allow malicious users to create Super Admin users if the user registration is enabled. Due to the nature of that bug no security solution can prevent this. Check the versions of everything you have installed.

Another possibility is the "exploited yesterday, ready to be hacked tomorrow" method. I've seen that many times. A site was infiltrated by a hacker months ago and they installed a back door. Months later they come back and hack your site. The thing is that all your backups are now "infected" with this back door. Restoring your site from a backup will allow the hacker to hack your site again and again and again.

Of course there is the low tech approach: somehow you admin or FTP credentials were stolen. Stealing admin or FTP credentials is dead simple, as long as the hacker is connected to the same network (wired or wireless) as you and your site does not use HTTPS. Stealing FTP logins can also be performed by malware such as keystroke loggers or by more specialised malware which steals, for example, FileZilla's saved connections INI file which contains the credentials in plain text.

I would recommend following the advice in our Unhacking Your Site walkthrough to first identify the point of entry, unhack your site and patch the security hole which made the hack possible in the first place.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!