During the last couple of weeks, we've noticed an increase in the number of attacks against web sites using the Joomla CMS. These seem to be part of a cyber attack towards primarily the USA. The attack – dubbed “Operation Ababil” – is organized by Iranian hackers, but is carried out by sympathizers all around the world.
The attack focuses on a vulnerability in Joomla's Content Editor (JCE), and provides the attackers with the possibility of uploading any file they like to the web site. Most often these are backdoors, which can later be used to carry out cyber attacks, send spam, post phishing pages, and much more.
It is hard to protect against this attack using firewalls or packet inspection equipment, because it can be made to look like legitimate traffic. However, we are happy to announce that we've managed to find a way to stop the attacks on thousands of Joomla sites hosted at Gigahost.
Furthermore, we have notified all of the customers, who have been found to use a vulnerable JCE component.
As always, the best way to avoid attacks is to always keep Joomla updated, along with any components, themes, and other add-ons.