JCE/Image Manager vulnerability? NOT on SiteGround servers anymore!
Few days ago our security team has come across a JCE related vulnerability that has the potential to affect many Joomla 1.5.x based websites. The problem is that an old version of one of the JCE addons called ImageManager has turned out to be vulnerable to attacks. The number of the affected websites is big, because many templates providers include the JCE editor together with ImageManager as part of their template bundle installations. So many Joomla users have these extensions without having installed them themselves.
After we noticed that few of our customers are hacked this way, we have immediately intervened in order to prevent this from spreading on our servers. Our security team has added custom rules to our Apache servers that will block any attempts for hacking Joomla 1.5 sites through this security hole. In addition, files with malicious code have been identified and removed immediately. If you’re a SiteGround user and think your website is compromised, please contact our Technical Support Team and we will take a look at it immediately.
However, we strongly recommend that all Joomla 1.5 users check if JCE with ImageManager is included in their installation and make sure to update both to their latest versions.
And another side note: if you use Joomla 1.5 you should seriously consider moving to Joomla 2.5 as soon as possible. The whole 1.5 branch is no longer supported by Joomla and though it has been stable for a long time and has no known security issue at the moment, if one occurs in the future (say tomorrow) it will not be fixed. So as always the number one rule to stay safe is: always use up-to-date applications and extensions so you stay one step ahead of the hackers!
Comments ( 10 )
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through
Asad
With some updates I am satisfied that I am more ''hack-proof'' with my 2.5 rather than the 1.5!
Amila
Great work SG, This has troubled me on more than 1 site!
Seth
I was troubled too but I was able to reinstall a backup and patch so as to prevent. It's nice to know that SiteGround has instituted a policy to aid in better protection.
Alan
Many sites that I maintain are Joomla 1.5 setups, and while we try to keep them up to date a few slip through the cracks and were compromised not too long ago. I wish we had them hosted here, but they usually already have a host setup when we bring them on. At least I know my site is safer than most...
amjad
many sites that i maintain are html and php setups, and while we try to keep them up to date a fw slip through the cracks and were compromised not too long ago. but jce images is first time see.
jonas oliveira
Hoje desconbri que 5 sites meus foram invadido por Hackers, tudo depois que instalei o JCE 2.0... usava a versão 1.5.7.4 e nunca tive problema
amit
thanks.
Sheogorath
The problem is that an old version of one of the JCE addons called ImageManager has turned vulnerable to attacks. Bull####! The real problem is that an old version of one of the JCE addons called ImageManager was always vulnerable to attacks, but the vulnerability wasn't known about until recently, when it was first discovered by those who would exploit it maliciously. How come someone who's technically retarded and knows little about computers understands these facts better than you?
Hristo Siteground Team
Thank you for the feedback. It was a wording issue that caused the misunderstanding which is now fixed :)
England's Adviser On The Commercialization And Sexualisation Of Childhood Finds Website Hacked, Blames Everyone | CB Smithwick
[...] capture a link, blames Staines for hacking her when she had an insecure website (it looks to be an ImageManager hack), and generally Barbra Streisands all over the place. That Staines comes out looking like the good [...]
Start discussion
Thanks! Your comment will be held for moderation and will be shortly published, if it is related to this blog article. Comments for support inquiries or issues will not be published, if you have such please report it through