We recently received an email from google webmaster tools with the subject line: Hacking suspected: http://joomlacode.org/
Unfortunately, it appears that joomlacode.org is infected with content spam. When we realized this, our only concern is to protect our users. This will involve taking down the service in the very near future. This is an inconvenience for project owners using JoomlaCode to host projects for, and we are truly sorry.
JoomlaCode.org is a resource for developers to build and manage Open Source software projects centred around Joomla. The Software that powers JoomlaCode allows project owners to manage code, documentation, and provide downloads to community members.
What happened?
Essentially, projects were created and files were uploaded to their repository that were used in emails to sell illegal pharmaceuticals. The issue is that sneaky little blackhat SEO’s can upload files that contain a link to their website. The hacker was trying to exploit a good website to drive traffic to, or improve rankings of, her less-reputable online business by adding spammy text or links to their site. No confidential user information was obtained, and quality hosted projects are not compromised.
In addition to the spam we’ve outgrown JoomlaCode. Our long term software provider GForge can no longer support the project. Because we will not be receiving long term support, site maintenance for this platform is not something we have the resources for.
Because of the limited resources we are unable to continually deal with spammers on a long term basis. Thus we need to act quickly to close JoomlaCode.
Finding and Fixing
We care about your security. We are in the process to remove all of the offending code. Here are the steps we took to assess the damage.
First we searched for common SPAM keywords to identify where the spam files are being stored. Next we logged into the server to do a more in-depth investigation. We looked for:
- modified existing pages or database records
- created entirely new spammy pages
- written functions to display spam
- backdoors that will allow the hacker re-entry to the site
- checked configuration files
- folder and file permissions
Action Plan to take down JoomlaCode
We will be moving ahead with a new infrastructure to host translations and Joomla releases in the next several weeks. Below are the steps we are taking to migrate Joomla’s own data and communicate with owners hosting projects on JoomlaCode:
- Establish a mailing list of all JoomlaCode project owners and appraise them about the situation
- We shall also work with the JED team to establish an additional communication channel with project owners
- Update the Joomla code home page to announce the impending closure.
- Copy all Joomla release packages to a new hosting platform and back up download statistics data for the same
- Copy all accredited Joomla translation packages to new hosting platform and back up download statistics data for the same
- Develop additional analytics tools for GitHub hosted downloads
What are the options available to Project Owners?
There are several project and repository hosting platforms available. A few recommendations are listed below:
- GitHub
- BitBucket
- Sourceforge
Besides these, there are plenty of other options available.
If you have a project on JoomlaCode and you need assistance with moving your project’s data, please ask for help on the general development mailing list or the forum.
To assist with copying project related data, we will offer some of our tools which assist with connecting to JoomlaCode’s SOAP API.
- https://github.com/mbabker/bug-squad-stuff/blob/master/components/com_code/helpers/gforge.php
- https://github.com/mbabker/bug-squad-stuff/blob/master/components/com_code/helpers/gforgelegacy.php
GForge API documentation:
We apologize for the inconvenience. We are deeply committed to providing the best and most secure infrastructure for our community. Thank you for the support and understanding.