dork or donkey

Are you a Dork?

Dork : An inept or foolish person

What does this have to do with Joomla? Well a dork is also the name given to the method hackers use to identify if a site is running a vulnerable extension.

As soon as a vulnerability in an extension is revealed in either the hacker forums or on responsible security sites such as milw0rm or The Open Source Vulnerability Database the hackers of the world use google to search the net for sites using that extension.

For example allinurl: com_fireboard will retun all the sites in the google database that are running the fireboard forum extension and from there the hacker can build a list of web sites to attack.

From that search the hacker has a very long list of sites to attack BUT quite often the reported vulnerability will already have been fixed and the majority of the sites on the list will be safe.

But the hacker isnt stupid, why waste their time probing all the sites on the list when they only want to probe those sites running the vulnerable version. Sadly Joomla exposes the version of any and every extension you have installed on your site so with a couple of extra searches the hacker can create a target list of sites to attack that are all vulnerable.

Although I do not believe in "security through obscurity" I am not going to publish how these version numbers are exposed.

It was reported to the Joomla development team in March 2008 and also to the Joomla Security Strike Team in August 2008 together with a simple fix that would "protect" the vast majority of Joomla web sites.