Tag Archives for " Joomla! "

Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1

With PHP 7.1, some PHP web applications fail because of deprecated code usage. This may result in an error message like [] operator not supported for strings for various Joomla! components. Here’s how to fix this code for PHP 7.1+.

Continue reading

Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit

Yesterday, Melvin Lammerts wrote an article on the account creation with elevated privileges vulnerability in Joomla! < 3.6.4. And included a PoC exploit. This Joomla! vulnerability makes it easy for an attacker to create an user account, even when user registration is turned off. Yikes!

Continue reading

Critical 0-day vulnerability in Joomla patched, update to 3.4.6 now!

The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.

Continue reading

Joomla! websites abused as open proxy for Denial-of-Service attacks

Joomla! logo

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy -or launchpad- for launching Denial-of-Service (DoS) attacks. Eventhough the vulnerability details in Googlemaps plugin file plugin_googlemap2_proxy.php were released over one and a half (1,5) years ago, I still see this abuse and DoS-attacks happening on a regular basis…

Continue reading

8 Tips to improve Joomla! performance

Joomla! logo

Joomla! performance tuning: learn how to improve & speed up Joomla! with these 8 simple and important tips. Add caching, gzip compression, set your sessions & optimize MySQL database functions… Provide your visitors with a blazing fast Joomla! website!

Continue reading

How to fix a Joomla! HTTP 500 error after updates

How to fix Joomla! HTTP 500 error after updates? Over the last week we, at Vevida, received quite some problem reports by customers who updated Joomla! to version 3.2.0. After logging on to their administrator back-end, they received an HTTP 500.0 error with error code 0x8007000d. Let’s investigate and resolve this Joomla! Administrator login HTTP 500 error.

Continue reading

Joomla Media Manager Attacks in the Wild

Web monitory and malware clean up company Sucuri writes about (massive) Joomla Media Manager attacks in the wild. The recent discovered and patched vulnerability in Joomla’s Media Manager is actively exploited.

Continue reading

“Simple Hack Threatens Outdated Joomla Sites”

Update your Joomla site… yet again. If you run a site powered by the Joomla content management system and haven’t yet applied a critical update for this software released less than two weeks ago, please take a moment to do so: A trivial exploit could let users inject malicious content into your site, turning it into a phishing or malware trap for visitors., Says Brian […]

Continue reading

Grep for forensic log parsing and analysis on Windows Server IIS

How to use GnuWin32 ported tools like grep.exe and find.exe for forensic log file analysis in Windows Server. In this article I’ll give some real live examples of using these ported GnuWin tools like grep.exe for logfile analysis on Windows servers. The article provides three example, as an alternative to LogParser, because finding spam scripts fast is often very important.

Continue reading

“Joomla sites misused to deploy malware” – Update

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in […]

Continue reading