ListMessenger Logo
ListMessenger For Joomla 1.5.x WordMark
Home FAQ Turbo! Blog About Contact

A warning to those customers who have not yet updated mosLM

A few weeks ago we let all mosListMesseger customers know about a possible security hole in mosListMessenger.

Since then there have been no known hacks using the security hole and details of it have not been in the public domain.

Today we received information that a certain hacker is aware of the remote file inclusion available through mosLM files and is attempting to compromise Joomla sites with mosLM installed.

The hack will only be successful if:
- You have not upgraded mosLM as per our instructions
- You have register_globals = On in your php.ini (TURN IF OFF!!)
- You have not paid attention to file permissions and set some folders to writable

PLEASE MAKE SURE YOU TAKE THE ABOVE STEPS to ensure you are not hacked through mosListMessenger! - You have been warned.

Here are a few links:
http://blog.phil-taylor.com/2006/08/09/information-on-moslistmessenger-security-hardening/
http://forum.joomla.org/index.php/topic,86460.msg439707.html#msg439707

Kindest regards
Phil.

Tags:Tags: , , , | August 16th, 2006 |

1 Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

Phil Taylor, Director of Blue Flame IT (Jersey) Ltd, Full Time Professional Joomla Expert. Phil is a Zend PHP5 Certified Engineer and is a member of a local Lifeboat Crew!

Search:
Copyright (C) 2008 Blue Flame IT (Jersey) Ltd. All Rights Reserved.

Joomla! is Free Software released under the GNU/GPL License.
This is not an official Joomla! Site, or Product. The use of the
word Joomla! is intended to describe what the product is designed
for and should not be considered an endorsement by the Joomla Project.