Menu Content

Podpora

> Diskusní fóra, FAQs & placená podpora
Welcome, Guest
Username Password: Remember me
Support forum for users using free edition of JoomSEF 3 (Joomla 1.5 compatible). These forums are mainly for mutual help between users.

Please note that due to our capacity limitations, we do not monitor these forums regularly.
  • Page:
  • 1

TOPIC: Site hacked

Site hacked 11 years, 9 months ago #4807

Hi,

I am using JoomSEF v2.2.6, Today when I looked at the SEF url I could see few new URLs has been generated in the site.

Here is the few e.g of the generated url

technology-3.html index.php?option=com_content&id=www.boomerbible.com/instapunk/MType/arch...k=view&Itemid=26
technology-4.html index.php?option=com_content&id=www.kidspace-epe.com/photos/enahur/avid/...k=view&Itemid=26
technology-5.html index.php?option=com_content&id=www.vlopezalvarez.com/Personal/Fotos/Via...k=view&Itemid=26
technology-6.html index.php?option=com_content&id=www.psikolojikyardim.org/etkinlik/includ...k=view&Itemid=26


I copied the same url and I changed the few words and tried it again in the browser, but the url wassent generated.

Can you please let me know what the problem is and how this url is generated.

Thanks,
John

Re:Site hacked 11 years, 8 months ago #4843

Hi,

I am having the same problem with joomsef. The redirection table generated few junk urls like

" http-3a-2f-2fwww.polarflug.de-2fsources-2fsinokof-2fo...w-2f/index.php"

when executing the below URL

'index.php?option=www.polarflug.de/sources/sinokof/osafuw/...amp;page=shop.browse' .

Also, some thing like

" http-3a-2f-2fwww.ipp.ro-2fdownloaded-pages-2fdeputati...q-2f/index.php"

when executing the below URL,

'index.php?option=www.ipp.ro/downloaded_pages/deputati/ind...ls&product_id=61'

Is there any way to prevent this ?

Thanks ,
Karthik.K

Re:Site hacked 11 years, 8 months ago #4844

  • dajo
  • OFFLINE
  • Posts: 5070
Hello,

The only way you can prevent this at the moment is not using the Non-SEF to SEF redirect function. We'll try to tighten up our security measures for URLs in next version.

Best regards,
ARTIO Support Team
ARTIO Support Team

Re:Site hacked 11 years, 6 months ago #5217

Hi!

I too have this same problem, i have tried it what you said but the result is same,
is there any way to solve it...

Please Help me.
Ramachandran

Re:Site hacked 11 years, 6 months ago #5219

Hi David,


With regard to your post, You have said that "The only way you can prevent this at the moment is not using the Non-SEF to SEF redirect function. We'll try to tighten up our security measures for URLs in next version.", Is this issue solved in JoomSEF v2.3.0? Please let us know at the earliest, We don't want our site to get the junk urls

e.g.
technology-3.html index.php?option=com_content&id=www.boomerbible.com/instapunk/MType/arch...k=view&Itemid=26
technology-4.html index.php?option=com_content&id=www.kidspace-epe.com/photos/enahur/avid/...k=view&Itemid=26
technology-5.html index.php?option=com_content&id=www.vlopezalvarez.com/Personal/Fotos/Via...k=view&Itemid=26
technology-6.html index.php?option=com_content&id=www.psikolojikyardim.org/etkinlik/includ...k=view&Itemid=26


Thanks,
John

Re:Site hacked 11 years, 6 months ago #5243

Hello ARTIO Support Team,

I worked around the code and has come up with a solution. Please let us know if this is ok.

####################################################
Here is the issue:
#####################################################
The redirection table generated few junk urls like

1. index.php?option=com_content&id=www.boomerbible.com/instapunk/MType/arch...k=view&Itemid=26
2. index.php?option=com_content&\';DECLARE @S CHAR(4000);SET @S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652

#####################################################
Here is the Solution:
#####################################################

JoomSEF rewrites every joomla URL to SEF URLS, our plan is to block the creation of SEF URLs if a Joomla URL contains special character.

For example in the below URL "http:" and "www." are the special character
"index.php?option=com_content&id=www.psikolojikyardim.org/etkinlik/includ...&Itemid=26"


Here are the few special characters that we will be checking for
1. http:
2. @
3. ' (single quotes)
4. charset

Please let me know if this is the valid solution
#####################################################

Code snippet of sef_ext.php (at line number 772)
#######################################################
// If 404 exists, rewrite it to the new URL
if (!is_null($id)) {
$sqlId = ((isset($Itemid) && $Itemid != '') ? ", `Itemid` = '$Itemid'" : '');
$query = "UPDATE #__redirection SET `newurl` = '".mysql_escape_string(urldecode($url))."'$sqlId WHERE `id` = '$id'";
$database->setQuery($query);

// If error occured.
if (!$database->query()) var_dump($query);
}
// Save it in the database as new record
else {
$col = $val = '';
if( isset($Itemid) && ($Itemid != '') ) {
$col = ', Itemid';
$val = ", '$Itemid'";
}
// WSX - START of the hack code
$wsx_Joomla_new_url=mysql_escape_string(urldecode($url));

$wsx_junk_keywords = array("www.", "(", "@", "CHAR(", "http");

$wsx_flag=100;

foreach($wsx_junk_keywords as $wsx_junk_temp )
{

$wsx_newstring = strstr($wsx_Joomla_new_url, $wsx_junk_temp);
if($wsx_newstring!="")
{
$wsx_flag=1999;
}

}

// WSX - END of the hack code
$query = 'INSERT INTO #__redirection (oldurl, newurl'.$col.') '.
"VALUES ('".$temploc."', '".mysql_escape_string(urldecode($url))."'$val)";
//WSX - If the condition is true for Junk char in URL, Stop inserting the URL into jos_redirection table
if($wsx_flag!=1999)
{
$database->setQuery($query);
}

// If error occured.
if (!$database->query()) var_dump($query);

}

#######################################################



Thanks,
John
Last Edit: 11 years, 6 months ago by valentinein1027.
  • Page:
  • 1
Přihlášení uživatele Prázdný