24 Jan

2013

JCE/Image Manager vulnerability? NOT on SiteGround servers anymore!

You should always update!

Few days ago our security team has come across a JCE related vulnerability that has the potential to affect many Joomla 1.5.x based websites. The problem is that an old version of one of the JCE addons called ImageManager has turned out to be vulnerable to attacks. The number of the affected websites is big, because many templates  providers include the JCE editor together with ImageManager as part of their template bundle installations. So many Joomla users have these extensions without having installed them themselves.

After we noticed that few of our customers are hacked this way, we have immediately intervened in order to prevent this from spreading on our servers. Our security team has added custom rules to our Apache servers that will block any attempts for hacking Joomla 1.5 sites through this security hole. In addition, files with malicious code have been identified and removed immediately. If you’re a SiteGround user and think your website is compromised, please contact our Technical Support Team and we will take a look at it immediately.

However, we strongly recommend that all Joomla 1.5 users check if JCE with ImageManager is included in their installation and make sure to update both to their latest versions.

And another side note: if you use Joomla 1.5 you should seriously consider moving to Joomla 2.5 as soon as possible. The whole 1.5 branch is no longer supported by Joomla and though it has been stable for a long time and has no known security issue at the moment, if one occurs in the future (say tomorrow) it will not be fixed. So as always the number one rule to stay safe is: always use up-to-date applications and extensions so you stay one step ahead of the hackers!

Author: Hristo Pandjarov

Product Development - Technical

Enthusiastic about all Open Source applications you can think of, but mostly about Joomla and WordPress. Add a pinch of love for web design, new technologies, search engine optimisation and you are pretty much there!

Comments (10):

  1. Asad says:

    With some updates I am satisfied that I am more ”hack-proof” with my 2.5 rather than the 1.5!

  2. Amila says:

    Great work SG, This has troubled me on more than 1 site!

  3. Seth says:

    I was troubled too but I was able to reinstall a backup and patch so as to prevent. It’s nice to know that SiteGround has instituted a policy to aid in better protection.

  4. Alan says:

    Many sites that I maintain are Joomla 1.5 setups, and while we try to keep them up to date a few slip through the cracks and were compromised not too long ago. I wish we had them hosted here, but they usually already have a host setup when we bring them on. At least I know my site is safer than most…

  5. amjad says:

    many sites that i maintain are html and php setups, and while we try to keep them up to date a fw slip through the cracks and were compromised not too long ago.
    but jce images is first time see.

  6. jonas oliveira says:

    Hoje desconbri que 5 sites meus foram invadido por Hackers, tudo depois que instalei o JCE 2.0… usava a versão 1.5.7.4 e nunca tive problema

  7. amit says:

    thanks.

  8. Sheogorath says:

    The problem is that an old version of one of the JCE addons called ImageManager has turned vulnerable to attacks.
    Bull####! The real problem is that an old version of one of the JCE addons called ImageManager was always vulnerable to attacks, but the vulnerability wasn’t known about until recently, when it was first discovered by those who would exploit it maliciously. How come someone who’s technically retarded and knows little about computers understands these facts better than you?

  9. [...] capture a link, blames Staines for hacking her when she had an insecure website (it looks to be an ImageManager hack), and generally Barbra Streisands all over the place. That Staines comes out looking like the good [...]

Favorite Tweets

Facebook

Archive