Partners

The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.

The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. Sucuri.net blogged about https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html

Protect Your Site Now

If you are a Joomla user, check your logs right away. Look for requests from 146.0.72.83 or 74.3.170.33or 194.28.174.106 as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.

For securing your joomla 1.5/2.5 pages, just follow this link https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions. It is basically replacing one file.

We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.