Why you shouldn't use Joomla! warez - Backdoors for free!

Why you shouldn't use Joomla! warez - Backdoors for free!

Recently I was doing some research on sites offering our paid Joomla Pro extensions for "free" download. I took the first result of a simple Google search (Extension name + Download) and came to a huge Joomla and wordpress focused extension warez site (There were hundreds of paid Joomla extensions and templates for "free" download). The website did not look like the typical warez site, it looked pretty reliable, did not have dubious advertisements and they also provided a short description, extension voting and a direct link to the file (which downloaded without any pay-gates or any other typical warez troubles). There was also a virus total scan link which reportedly belonged to the downloadable file too.After downloading the first thing I noticed was that the filename was different to our normal naming scheme. So the next step was checking the md5 / sha sum of the file, you can do this on Linux / Unix directly with the terminal - on windows there are a lot of (GUI) programs for that too. These hash sums make files clearly recognizable, protecting you from man in the middle attacks or manipulated download packages. That's the reason we show them for every file on our download pages - you should always check if the sum matches the package ones.

The result was that the hash sums did not match - So somebody definitely changed something in the package. Funny fact is that the hash sum also didn't match to the provided virus total scan - so the scan was also a fake. So I run another virus total scan in expectation to get a very different result (e.g. trojans in it), but the result was none (!) of the 54 antivirus programs detected anything.So I unpacked the package and started with searching for changed files - I knew the packaging date of the original files was almost 350 days ago, so I looked for changed files since then. You can't completly rely on the modified date, because it is easy to manipulate it, but in this case they seemed to be too lazy for changing it back. So the result was that 4 files had been changed and 2 new were added, on February, 20th 2014 - almost 6 month after the release.In the list of the changed files was the main entry script for the extension installation, the script.php file and the hotspots.php in the administrator backend. The new added files were allegedly harmless images, both called social.png in two different folders. But let's take a look at the changes in the script.php first - they just added a single line at the end of the file:<?php include('images/social.png');?>There it is, a PHP include for the new "image" file. Funny fact is that they also closed the normal PHP tag before, so they don't seem to have much experience with PHP, but that does not make it less dangerous. The administrator hotspots.php file had just the same include at the end - let's take a look at this mysterious file (I formated it a bit).So if you installed that package - gratulations your website has been hacked and is probably now serving as a spam / malware host! The fake image file is a pretty large (52 KB!) obfuscated webshell PHP script. Funny fact is that it does not only support Joomla! installations but also wordpress based websites. What does the script do? Because the script is pretty large and it would require a lot of work to decode it complelty I just walk you through some obvious noticable things. First thing the script does is registering a new (plugin) handler to onAfterRender to your Joomla! system, which creates a new table called options (Yes the script also provides an easy settings storage for the owner of the script!) and installs itself into the system. Next it seems to collect some informations about your website and your host and sends that (via email) to an encoded address, with the subject "Phone Home".The script owner can now upload and change files, update / create database entries and do almost everything with your installation. The script even encrypts the communication with the control server with a nice openssl connection (They use the PHP function openssl_seal with a included ssh public key for that).

Continue reading
Rate this blog entry:
27
30161 Hits
28 Comments

What's new in Matukio 4.5

Since the release of Matukio 4.2 we had many minor releases and three major ones, which brought some nice new advanced features and some cool additions. In this blog post we are going to give you an overview about the changes.

Let's start with the biggest addition Matukio now has three new cronjobs for recurring automatic tasks (cli/matukio.php):

Continue reading
Rate this blog entry:
2
4084 Hits
0 Comments

Updates to our subscription plans

Since we have launched our new site back in December 2013 we have introduced the light, advanced & lifetime plans. Seven months later it is time for a refresh based on your feedback.

Here are the changes in detail:

Continue reading
Rate this blog entry:
2
3080 Hits
0 Comments

Setting up PHP cronjobs (recurring tasks) for Joomla! extensions on Linux

Setting up PHP cronjobs (recurring tasks) for Joomla! extensions on Linux

With Matukio 4.3 we introduced some new time-dependent features, like automatic cancellation or confirmation of events X days before the start or automatic invoices X days after it. For these recurring tasks with PHP you need cronjobs. Cronjobs just execute a script or programm in a fixed rythm, in our case the Matukio cronjobs should be executed only once a day, but you can also set cronjobs to run every X minute or just once every week.

Please note: Windows offers something similar with Windows Task Scheduler, but in this post we are going to focus on Linux systems.

Depending on your environment there are different ways to setup cronjobs. In Joomla! installations cronjobs are normally stored in the /cli folder and they are mostly normal PHP files implementing the Joomla API.In this first part I am going to show you how to setup cronjobs in an Linux vServer / Rootserver environment. There are, depending on the extension, different approaches for that, we are going to focus on the direct PHP execution.Simple cronjob on a Linux server with direct PHP execution:Login into your server with SSH - you shouldn't execute PHP scripts as root, so maybe it's a good idea to create a new normal user or depending on directory permissions you would like to use the webserver user. After logging into the server type:crontab -eIf you want, you can export your favorite editor (if you haven't done so in for example your .bashrc already) with export EDITOR=nano first - if you aren't familiar with Linux command line editors, I suggest you try out Nano, which is a pretty easy and straight forward cli editor.After hitting enter the editor opens and you see your users crontab file - in this you create the recurring tasks.The syntax is pretty straight forward - your code begins after the comments (the lines with the # at the beginning).

Continue reading
Rate this blog entry:
2
14472 Hits
1 Comment

CMC 1.5 now integrates Mailchimp even better with Joomla!

Yesterday, we've released a new CMC version out into the wild. With this version we've introduced some of the requested features on our forum.

For example - if a user is logged into your website we can now pre-fill his email & name in the newsletter form leaving him with one single action to do - and that is click the subscribe button. Our module is now also able to determine who is subscribed and show him an option to unsubscribe or to update his subscription.

Continue reading
Rate this blog entry:
3
6183 Hits
6 Comments

How to use Firebug to change the css of a Joomla extension

How to use Firebug to change the css of a Joomla extension

We are quite often asked how to change the style of an element in our Joomla extensions (for example changing the color in a heading etc.) or how to fix css problems in a custom Joomla! template. In this tutorial i am going to show you, how to easily find out these informations yourself, using the popular Firefox extension Firebug and how to apply them to your Joomla! template.Firebug is one of the must have add-ons for Firefox, not only helping you out with CSS, but also bringing various other useful development tools for debugging and monitoring HTML, CSS and JavaScript live in any web page.

So start by adding the addon to firefox by downloading it from the official addon page. After the installation you will notice a new icon in the firefox menu, if a webpage has any severe errors you will also see a red icon behind it (if script debugging is active).But in our tutorial we are going to use Firebug another way, let's say for example we want to change the heading color of the events in the Matukio eventlist overview: The color is, in this case, not directly set by the Joomla extension, but by your Joomla template. That does not change the procedure in any way. So we right click on one of the headings in Firefox and select "Inspect element with Firebug". After that firebug opens at the bottom of your browsers window. Don't get irritated by the immense output and options Firebug offers, we can already see the all informations we need.On the left side you see corresponding HTML code, on the right the CSS code which is affecting the layout of the element. We are searching for a color and you will notice that in our example it has none directly set, but only inherrited the color #333 from the body element (at least in our default Joomla template). But our h3 element isn't grey (#333) it is blue, that's the reason why this line is crossed out in Firebug. So where does the color come from? As you notice on the left side of Firebug currently the h3 (heading size 3) html element is selected (blue highlight), let's switch to the link element (<a>) by just clicking on it in Firebug. 

Continue reading
Rate this blog entry:
6
9135 Hits
0 Comments

Matukio 4(.2) is out!

It's been some time since we last blogged about Matukio (version 3 in november 2013), but as you might have noticed we've released a lot of new versions since then. We were busy improving the product and neglected the bloging for a while. So, that is why in this blog post I'll try to cover up all the important changes since version 3. That won't be that easy, as the changelog is really long.

To see Matukio 4 live in action take a look at the demo page and at the new live demo (including backend access)! Additionally we also have a "short" video showing the changes of Matukio 4: https://www.youtube.com/watch?v=HKjG4dgyRcM

Continue reading
Rate this blog entry:
0
6310 Hits
2 Comments

Hotspots 4 alpha 1 preview video!

Latetly a lot of people asked me "What's going on with Hotspots 4? When is it going to be released?" As usual I won't commit to a deadline - it's going to be released when it is ready :).

If you want to speed up that process - you can test the alpha version that I released in the dev. downloads section. Currently this alpha is missing some of the features that we already have in version 3 such as KML support, full screen view, print & rss. But the rest of the functionality is there! There are a few glitches, but as a whole it looks good! I've made a small video demo to show you how the new Hotspots user interface will look and behave.

Continue reading
Rate this blog entry:
3
2818 Hits
1 Comment

Get a cool compojoom T-Shirt by finding some bugs!

Get a cool compojoom T-Shirt by finding some bugs!

We are currently looking for some dedicated people helping us testing our upcoming releases and make our extensions better! New versions are bringing tons of new features and changes - and with that sadly also come new bugs and other problems, which need to be sorted out before a stable release. Because we don't want that bugs on your productive sites, we need your help!Just go to Downloads -> Development Releases, choose the extension you want to help testing with and download the latest development version. When not told elsewise you should install development releases in a "fresh" Joomla installation without prior versions installed.

As a "Thank you" the first five confirmed Bugs will get an awesome compojoom T-Shirt! (One per Person)

Continue reading
Rate this blog entry:
1
2344 Hits
0 Comments

Changes coming up with Hotspots 4

No matter if you have a good product or not, sooner or later one has to step back and rethink what one is doing. I've spent the last couple of weeks working on the Hotspots frontend. We are actually rewriting it to use Backbone & Backbone.Marionette. If the last 2 names doesn't ring a bell with you, don't worry! That are JavaScript frameworks and you don't need to know anything about them in order to use the new Hotspots. Those frameworks help us bring structure to our JavaScript and this improves the final product. You'll be able to style a lot of elements of the UI that you weren't previously able to do without hacking the core. Also since the Joomla project is slowly phasing out Mootools as the JavaScript framework of choice, we are also doing that and moving to jQuery. With the JS frameworks out of our way let's get back to the UI.

Continue reading
Tags:
Rate this blog entry:
3
5315 Hits
5 Comments