Tech Stuffs

Remote Include Vulnerability in Mambo


If you are Mambo user and using Galleria, SimpleBoard, or ExtCalender components, then be careful. A Remote Include Vulnerability has been discovered, and a lot of Mambo run sites using one of these components are being hacked and defaced. To save yourself from this epidemic, check for this line on top of all the PHP files on your component directories:

defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' )

If it’s not there on every pages, then add it on the top. If available, it’s always the best option to update your modules and components to the latest stable version.

Remember: If or can get hacked, so can be yours. Be careful. Very careful. There’s nothing called security in this crazy world.

Leave a Reply