Latest Joomla! critical vulnerability being actively exploited in the wild.

by

Jerome Bruandet


Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later.

Someone published a python script to exploit the vulnerability and we are now seeing a large amount of hacking attempts targeting Joomla! websites.

If you are running Joomla!, you should update it as soon as possible.
If you can't, make sure you are running the latest version of our web application firewall, NinjaFirewall (Pro+/Pro) v3.2.1, which protects against that vulnerability.
Here is a sample of NinjaFirewall's log showing blocked attempts to exploit it:

28/Oct/16 02:57:52  #2302724  critical  1015  185.129.148.216  POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register]  
28/Oct/16 05:33:51  #4434732  critical  1015  185.129.148.216  POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register]  
28/Oct/16 08:18:55  #2514519  critical  1015  185.129.148.216  POST /index.php - Joomla <3.6.4 unauthorized account creation attempt - [REQUEST:task = user.register]  

In addition, we strongly recommend that you follow our Securing a Joomla! installation with NinjaFirewall (Pro+) article as it will provide a very tight security to your Joomla! installation.


Special discount offers on NinjaFirewall: 15% to 35% off

View NinjaFirewall Pro+ Edition discount offers.
View NinjaFirewall WP+ Edition discount offers.


NinjaMonitoring

Website Monitoring
for just $4.99 per month.



NinjaFirewall

Web Application Firewall
for PHP and WordPress.



NinjaRecovery

Malware removal
and hacking recovery.

Table of contents