Author Topic: how to protect Component Jdownloads exploitation  (Read 3349 times)

0 Members and 1 Guest are viewing this topic.

Offline Ta

  • Newbie
  • *
  • Posts: 16

I have inherited a joomla 1.5 site which was hacked via the com_jdowanlods, and the hacker had access to relevant data, I had to upgrade to joomla 3.2, however i dont know how to go about in securing the jdownloads component.
is there someone who can lead me in the right direction in solving this matter.  ???

Offline ColinM

  • jD Tester
  • *
  • Posts: 3.303
Re: how to protect Component Jdownloads exploitation
« Reply #1 on: 30.10.2014 14:49:47 »
Do you still have access to the old 1.5 site?  If you do then you can get copies of the jdownloads and images/jdownloads folders.  Also you can do a jDownloads backup which gets the database stuff.  You need to go through all the files and images to detect any corrupted ones - rather tedious!! I have presumed you do not have access to the originals but I personally would start from a pre-attack site backup

What version of jDownloads were you running on Joomla 1.5?  If it was jd1.8 series then there are some docs about upgrading from 1.8 series to 1.9.2.x series.  Suggest your first objective would be to get to jD There is upgrade/migration documentation to jD3.2 series.  The jD3.2 series is very close to stable, the number of outstanding bugs is rapidly diminishing.  However not all the plugins have yet been transferred so you need to asses which of those you need, or should wait for.

There are several topics in the 1.9 series which discuss cleaning up after attack

Offline Ta

  • Newbie
  • *
  • Posts: 16
Re: how to protect Component Jdownloads exploitation
« Reply #2 on: 03.11.2014 06:57:55 »
Thanks for the quick reply and apologies for the delayed response instead of upgrading the jdownloads 1.9.2 from joomla 1.5, i got frantic and once i upgraded to joomla 3.2 i installed the jdownload 3.2 version and re uploaded the files from a pre hack backup version, now i have checked the net on how the jdownloads is hacked, i want to know how protect the one in use now on joomla 3.2 (jdownloads 3.2) please if you can tell me how to escape the explotations

Offline Arno

  • Administrator
  • ***
  • Posts: 12.138
    • jDownloads.com
Re: how to protect Component Jdownloads exploitation
« Reply #3 on: 03.11.2014 11:20:51 »
in the older series existed a bug in the frontend uplod form. This bug was exploit from hackers. But with the security fix was closed this leak.
The new jD series use a complete other source code.
Best Regards / Gruß
Please make a Donation for jDownloads and/or write a review on the Joomla! Extensions directory!