Security Issue - Joomla & Backups

**pizzicar** · October 11th, 2006, 2:29 AM

I was going to post this in the updates forum but don't have thread access there - as I believe this will affect more then just Joomla. While this is Joomla specific, if you store site backups in your web root directory, you should read this.

From the Joomla site: "It has come to our attention that Google has released a new product, Google Code Search, that is capable of indexing and crawling through archive files stored in the public directories of web servers. We are reporting this as a security advisory because we have discovered that some site administrators are storing archives / backups of their website in the web root. Because of this, Google Code Search is able to crawl the archives and read unparsed PHP files as if they were plain text. This has resulted in the disclosure of some sensitive information including MySQL passwords and SMTP credentials."

The full article can be read at Joomla.org

Bottom line - due to caching - if you have backups stored in your web root - You might consider changing your passwords for your site. Read the article and decide for yourself.

**Kayla** · October 11th, 2006, 3:27 PM

Thank you for posting this.

krusada also posted this and I put it under Site Maintenance. Hopefully this news will get around to everyone.

This is really.. really.. crazy.

October 11th, 2006, 2:29 AM	#1 (permalink)
pizzicar Surpass Fan On a golden path... Joined in Feb 2006 Lives in Arizona 344 posts Gave thanks: 3 Thanked 16 times	Security Issue - Joomla & Backups I was going to post this in the updates forum but don't have thread access there - as I believe this will affect more then just Joomla. While this is Joomla specific, if you store site backups in your web root directory, you should read this. From the Joomla site: "It has come to our attention that Google has released a new product, Google Code Search, that is capable of indexing and crawling through archive files stored in the public directories of web servers. We are reporting this as a security advisory because we have discovered that some site administrators are storing archives / backups of their website in the web root. Because of this, Google Code Search is able to crawl the archives and read unparsed PHP files as if they were plain text. This has resulted in the disclosure of some sensitive information including MySQL passwords and SMTP credentials." The full article can be read at Joomla.org Bottom line - due to caching - if you have backups stored in your web root - You might consider changing your passwords for your site. Read the article and decide for yourself. __________________ "Argue for your limitations, and sure enough, they are yours"

October 11th, 2006, 3:27 PM	#2 (permalink)
Kayla Marketing Maven Surpass Staff Joined in May 2003 Lives in Chicago 24,757 posts Gave thanks: 946 Thanked 807 times	Thank you for posting this. krusada also posted this and I put it under Site Maintenance. Hopefully this news will get around to everyone. This is really.. really.. crazy. __________________ Follow Surpass on Twitter and Facebook And there's my own Twitter and LinkedIn

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Rate This Thread
Rate This Thread:

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)