Joomla Talk

[clybs]

Hi,

I have noticed that during the last months that I have used your components, a lot of hackers have been trying to get to my site via a specific component:

*component.s5clanroster**index.php?option=com_s5clanroster&view=xxxxxxxxxxx
**index.php?option=com_s5clanroster&view=xxxxxxxxxx
*component**index.php?option=com_s5clanroster&view=xxxxxxxxx

I have many components and plugins installed in my site but this one is the only one that gets their attention a lot. I think the s5clanroster is vulnerable to attacks and no one is still aware of this.

Just my observation.

Regards,
Burn

[mikek]

Hello,

Hacking is caused by security issues on servers, ie: misconfigured firewalls, shared resources, out dated apache, etc. and almost never caused scripts themselves. You should contact your host to have any security issues resolved on your site.

[pawblo]

 I tried to post the PHP code that was successful in the intrusion but it would not let me post it,  I am going to attach the access logs snippets  from my website. Now, clan roster is mentioned too many times in here to not be taken seriously. Thank you for responding so quickly, I hope we can resolve this somehow. Because, like I mentioned in my last post I really like your templates and I'm willing to pay for them, because of the hard work you put into them.

I am posting this in the new forum that you created as well

[mackinop]

I have had the same problem.  Repeated attacks leading to file upload, leading to mail and phishing from my site.  A real pain the the @$$ . . . see documented vulnerability below:

http://www.exploit-db.com/exploits/12231/

Vulnerability is published for all to see.  I like this component, but PLEASE update it to address security for your members!

[mikek]

Hello,

Unfortunately, most of these exploit sites are posted to without a lot of in depth testing. We have stated in several posts that our head programmer has reviewed the claims and looked for any vulnerabilities within the component and have found none. This component is actually being discontinued and we will not be making any updates to it.