Support for SermonSpeaker 3.x is canceled as it is for Joomla 1.5. I will gladly assist you with minor issues but I will not fix any bugs anymore in this releases.
The fix is to upgrade to SermonSpeaker 4.x, which is better anyway.

sermon feed got hacked

More
10 Nov 2011 23:06 #1172 by David Perry
Just noticed that our sermon feed got hacked about a week ago. It stopped sending updates to iTunes, so I checked the feed in a validator and saw a bunch of spam links had been inserted towards the bottom.

I'm on Joomla 1.5, and running SermonSpeaker 3.4.3 with SermonCast 3.4.3. I can include a link to the feed validator results if that will help.

What's the correct protocol for cleaning up the feed? Looks like I'm running the most recent version for 1.5. Are these database items I need to flush (and if so where do they get injected) or is it something else?

Any help appreciated, thanks!

Please Log in or Create an account to join the conversation.

More
10 Nov 2011 23:11 #1173 by Andrei Chernyshev
wow, they probably modified a file then. I'd scan your directories for any off the wall files and folders. When our church site got hacked about 3-4 months ago i've found 2-3 back doors and and about 3 phishing sites (i.e. bankofAmerica and so on).

Please Log in or Create an account to join the conversation.

More
10 Nov 2011 23:40 #1174 by David Perry
Thanks for the tip, I did just go in and looked for modified files within the general time frame. I've now removed the actual spam files, but haven't found the back door yet. As in, my feed still doesn't validate because it now just has an error where it can't find the database file where the spam list used to be.

My podcast feed has the ending /rss tag, and then is followed by a couple of br tags and then the errors. I'm not sure exactly how the feed is put together so not sure where exactly it's happening. I did check the sermoncast files against a new copy and they looked fine.

Please Log in or Create an account to join the conversation.

More
10 Nov 2011 23:48 #1175 by Andrei Chernyshev
if I'm not mistaken feed files are here \components\com_sermonspeaker\views\feed\tmpl\
the way i found a back door is they had a file labeled something like config or configuration when i opened that file and scanned through it there was a line that said "b@ckdoor Installed successfully". B) but this doesn't mean that they'll they haven't learned and changed their tactics. in my line of work h@ckers and m@lware people learn quickly.

Please Log in or Create an account to join the conversation.

More
10 Nov 2011 23:49 #1176 by David Perry
Just an update, I think I got it (at least for now...). The main index.php file was compromised, even though the date on it didn't show that it had been modified. Swapped in a new index file, as well as a new .htaccess for good measure and looks like things are working again. Still need to do some testing, but at least it seems to be cooperating now.

Please Log in or Create an account to join the conversation.

More
11 Nov 2011 12:29 #1179 by Thomas Hunziker
To make sure all SermonSpeaker files are intact, you could just install SermonSpeaker over your existing installation.
It will do nothing with your database and settings, it just copies the files over again.

Please Log in or Create an account to join the conversation.

Time to create page: 0.101 seconds
Powered by Kunena Forum