Support

Admin Tools

#21566 6scan.com : Your site is open to attack!

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by bobpit on Thursday, 27 November 2014 08:54 CST

Thursday, 27 November 2014 08:09 CST

bobpit
I came across this website scanner: http://6scan.com/

It found two similar errors for my site. This is one:

P‌ossib‌le SQ‌L inj‌ectio‌n cou‌ld al‌low h‌acker‌s to ‌manip‌ulate‌, ste‌al an‌d des‌troy ‌your ‌data

This is the recommended fix:
>>>>>>>>>>>>>>>>>>
Backup the /index.php file
Add the next lines right after '<?php' tag:

if ( isset( $_GET['itemid']) ){ $filtered_var = mysql_escape_string( $_GET['itemid'] ); $_GET['itemid'] = $filtered_var;}
if ( isset( $_POST['itemid']) ){ $filtered_var = mysql_escape_string( $_POST['itemid'] ); $_POST['itemid'] = $filtered_var;}
if ( isset( $_REQUEST['itemid']) ){ $filtered_var = mysql_escape_string( $_REQUEST['itemid'] ); $_REQUEST['itemid'] = $filtered_var;}
<<<<<<<<<<<<<<<<<<<

Nicholas, what do you think? All Joomla sites need to make this update?

Thursday, 27 November 2014 08:46 CST

nicholas
For the love of God (or if you're an atheist: for the love of Cthulu) PLEASE DO NOT MODIFY JOOMLA! CORE FILES! The suggestion by this service is outright MORONIC. Only a complete idiot who has absolutely no clue about PHP development and/or how Joomla! works could have possibly suggested something so outright wrong, ridiculous and just plain stupid as DESTROYING all incoming data to Joomla!.

Ask these morons for a refund. A drunk and lobotomised monkey with debilitating brain injury could have given you better security advice than this self-described security service. I can't believe there are charlatans like them out there, scamming you from your money AND killing off your sites. The only possible outcome from their dangerous advice is that you'd conclude that Joomla! is broken and its developers incompetent, then move to another CMS – all because you modified core Joomla! files in a way which destroys your data AND doesn't offer ANY KIND of protection agains SQL injection.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 27 November 2014 08:54 CST

bobpit
lol, I love your language.

It was a free scan. Guess I will not use them again.

Thank you Nicholas.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!