Earlier today, Joomla! users were urged to upgrade to Joomla! 2.5.3 immediately after a serious vulnernability has been reported. Following simple steps, a user could gain access to your site and do all sorts of nasty things to you site. If you're using Joomla! 1.6, 1.7 or any 2.5 version PLEASE UPDATE TODAY.
Maybe you're trying to postpone it, by saying "How bad could it be?" Want a demonstration? Then read on.
Hacked under 2 minutes
To hack my own site, I needed the following:
- Firefox in combination with Firebug. This is VERY, VERY BASIC stuff.
- knowledge of the exploit (obviously)
- An editor to create a "Hack site". (Just a harmless site).
In less than two minutes, the exploit allowed me to gain access to the 2.5.2 site that I set up moments before. Once I had access, I managed to redirect visitors to a (harmless) site I control. This page doesn't do anything, but try using some imagination following the steps below.
- Let's try to visit http://www.toralkoweb.net/joomla25nl , which is your business website.
- What's that? That's not your Joomla! site. It's a hacker site! And it's kicking your puppies!
- You're now panicking, worrying that ultra leet hackers hacked your site.
You'd be right to panick. Not so right on the leet part. Anyone could use this exploit to deface your site in 2 minutes.
Update in less than two minutes
Know what takes less than two minutes, and which will keep your site safe? Updating your site to the latest version. We suggest using Admin Tools as it's the easiest way to do so.
He who hesitates, meditates on why he didn't do updates!