Joomla Bible Study

Can you let us know how it was hacked through the component by using the Private support link?

It will enable us to fully patch the software if necessary.

If this is the same exploit as this post: secunia.com/advisories/37896 then it is fixed in the current version.,

It was the same exploit Tom mentioned. I came to this site immediately after discovering which component was hacked and saw that you had a patch available. I applied the patch and had a lot of cleanup to do.

It would be nice if there were some way for you to email every registered user if or whenever a patch becomes available in the future. Since my sites have been hacked it as though you get put on some sort of list. Since I've installed OSE Anti-Hacker we've had 120 hack attempts on four sites, most of them being the directory traversal hacks.

Hi John,

That's a great idea. In the past (and when this exploit came to light in January) we let those that subscribed to the newsletter know. Plus, I searched for evidence that hackers had tried to infiltrate church websites and personally figured out who to contact at those sites so they could patch them.

In the future, we'll also try to email all registered users.

Security is very important to us - if in your travels your discover anything else fishy about the component that we need to shore up, don't hesitate to contact us directly or through a support ticket.

God bless!

Tom