Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later.
Someone published a python script to exploit the vulnerability and we are now seeing a large amount of hacking attempts targeting Joomla! websites.
If you are running Joomla!, you should update it as soon as possible.
If you can’t, make sure you are running the latest version of our web application firewall, NinjaFirewall (Pro+/Pro) v3.2.1, which protects against that vulnerability.
Here is a sample of NinjaFirewall’s log showing blocked attempts to exploit it:
28/Oct/16 02:57:52 #2302724 critical 1015 185.129.148.216 POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register] 28/Oct/16 05:33:51 #4434732 critical 1015 185.129.148.216 POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register] 28/Oct/16 08:18:55 #2514519 critical 1015 185.129.148.216 POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register]
In addition, we strongly recommend that you follow our Securing a Joomla! installation with NinjaFirewall (Pro+) article as it will provide a very tight security to your Joomla! installation.