ListMessenger Logo
ListMessenger For Joomla 1.5.x WordMark
Home FAQ Turbo! Blog About Contact

Information on mosListMessenger security hardening

Below is a copy of an email sent to all mosListMessenger customers on 07/19/2006 11:34

This email is being sent to all mosListMessenger Customers and relates to a possible security hole in mosLM component. As you may be aware, certain hackers are attempting to hack many Joomla websites through custom components.

mosLM is a custom Joomla Component developed by one of our partner developers (Matt Simpson) and integrated to Joomla by Phil Taylor.

We have been quick to review the components we have developed, within mosLM the original developer had already implemented an internal check that would die if the file was used through a direct url - this has provided good security.

As an additional level of security we have now implmented the Joomla check to see if the file has been included through Joomla. This will provide even better protection.

In our internal review of our components it has come to light the, under very specifc conditions, it may be possible to include nasty files using a specially crafted url to a few specific files in mosLM, which could result in your site being hacked.

We have already addressed these issues within mosLM and you can download the latest version from our site at http://www.phil-taylor.com/cc

You should upgrade your site to Joomla 1.0.10 and upgrade mosListMessenger to the latest files (No version change) as soon as practically possible.

You should upgrade your site to Joomla 1.0.10 and upgrade mosListMessenger to the latest files (No version change) as soon as practically possible.

As a customer of ours, we would be happy to upgrade mosListMessenger for you FOR FREE! If you would like to take us up on this offer please fill in the form at http://www.phil-taylor.com/send-request and we will action it as soon as possible.

May I stress that we have not heard of ANY successful hacking attempts through any of our components and we are working behind the scenes to ensure this continues to be the case. We are also providing good advice to other custom Joomla Component developers,

Tags:Tags: , , | August 9th, 2006 |

1 Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Phil Taylor, Director of Blue Flame IT (Jersey) Ltd, Full Time Professional Joomla Expert. Phil is a Zend PHP5 Certified Engineer and is a member of a local Lifeboat Crew!

Search:
Copyright (C) 2008 Blue Flame IT (Jersey) Ltd. All Rights Reserved.

Joomla! is Free Software released under the GNU/GPL License.
This is not an official Joomla! Site, or Product. The use of the
word Joomla! is intended to describe what the product is designed
for and should not be considered an endorsement by the Joomla Project.