Astroid Framwork gehacked

Astroid Framwork gehacked was created by joflatz

Posted 3 days 8 hours ago #36392
The Astroid framework has reportedly been hacked for numerous Joomla users. A colleague from Vienna just alerted me to this.

Apparently, it can be identified by unusual plugins, such as payload.

Does anyone in the JoomlaPlates community know anything about this?
by joflatz

Please Log in or Create an account to join the conversation.

Replied by joomlaplates on topic Astroid Framwork gehacked - fixxed in Astroid 3.3.12

Posted 3 days 7 hours ago #36393
The reported vulnerability has been CONFIRMED and FIXED. The Astroid Framework for Joomla had a critical security flaw where admin-only AJAX endpoints relied solely on
Code:
Session::checkToken()
for authentication. This token validates CSRF protection but does not verify that a valid admin session exists. An unauthenticated attacker could obtain a token from the admin login form and use it to perform privileged actions.

If .htaccess blocks access to /administrator/, the attacker cannot reach the login page and therefore cannot obtain the token. In that case, the vulnerability is effectively not exploitable from outside.
Please protect your backend with .htaccess
PS We are working on a fix this nightHere's a quick forensic check that can often reveal within minutes whether a plugin payload or backdoor has been installed on a compromised Joomla! site.    
Dokumentation:
www.joomlaplates.de/dokumentation.html
Last Edit:2 days 12 hours ago by joomlaplates
Last edit: 2 days 12 hours ago by joomlaplates.

Please Log in or Create an account to join the conversation.

Replied by joflatz on topic Astroid Framwork gehacked

Posted 3 days 3 hours ago #36395
 Thanks for the reply, I'm looking forward to the patch like probably many other Astroid users - currently all my client sites are blocked.
by joflatz

Please Log in or Create an account to join the conversation.

Replied by joflatz on topic Astroid Framwork gehacked

Posted 2 days 17 hours ago #36396
Gibt es bereits eine reparierte Verision von Astroid framework. ich bin seit vielen Jahren Kunde von joomlaplates und bin aktuell sehr besorgt - denn mein Provider hat alle meine Kundenseiten gesperrt
auf denen das unsichere Astroid Framework im Einsatz ist - das ist für uns eine ultimative Katastrophe weil wir nicht mal ins Joomla Backend gelangen um ein alternatives framework zu installieren.
Welchen Support bieten Sie als Vertriebspartner von Astroid Ihren Kunden die nun das Problem haben dass deren Seiten von den Hostern gesperrt werden.

regards
Jo Flatz
by joflatz

Please Log in or Create an account to join the conversation.

Replied by joomlaplates on topic Astroid Framwork gehacked

Posted 2 days 12 hours ago #36397
Wir empfehlen folgendes
1. Backup vom Provider einspielen lassen oder selbst einspielen - Backup sollte vom 01.03.26 oder fruher sein
2. Danach sofort einen Backend .htaccess Schutz fur den Admin Bereich erstellen
3. Astroid  Version 3.3.12 oder groesser einspielen
Dokumentation:
www.joomlaplates.de/dokumentation.html
Last Edit:2 days 12 hours ago by joomlaplates
Last edit: 2 days 12 hours ago by joomlaplates.

Please Log in or Create an account to join the conversation.

Replied by WM-Loose on topic Astroid Framwork gehacked

Posted 1 day 10 hours ago #36398
Wurde mit der heute veröffentlichen Version Astroid 3.3.12 behoben.
 
JP-Admin
Joomla-Member in forum.joomla.de/
by WM-Loose

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum