raw raj
raw raj
Offline
0
Today I don't know why I updated B2J contact. I am not using it anymore as it (after you guys made it a paid only plugin and didnt give any chance for us to see if paying got us some features which were missing) became a paid plugin.
My website got hacked once like a file was uploaded (a this file was hacked by "script kiddie" group) I suspected it was B2j since it had not been upgraded for a long time I just forgot to remove it.
So I uninstalled it.
Deleted the files.
Strangely today I see an update notification and it B2J was there. I just blindly click update buttons.
Then While I was updating It struck me I don't use it anymore and had removed it last month.
So as soon as it got updated I must have just spent 5 minutes on another window and then uninstalled the component.
But I guess it was too late.
Same thing happened but think time my index.php fiile was hacked and the hacked page was showing.
My hosting company disabled my website.
I cleaned the code got the website delisted and then removed B2J component.
Now its gone but I thought I should let you know.
Even after the update there is some vulnerability in B2J contact.
Responses (5)
  • Accepted Answer

    Friday, January 05 2018, 11:12 AM - #Permalink
    0
    Hello,

    Thanks for letting us know.
    Can you help us regarding finding the cause? I have 2 concerns.

    #1 : When you have un-installed the component, then it should not show you to update, so might be component is not un-installed from your site.

    #2 : In your log folder there will be a log file related with B2J Contact, can you please send it to our email [email protected] ?

    Really appreciate it , if you can help us more. Looking forward to your reply.
    The reply is currently minimized Show
  • Accepted Answer

    raw raj
    raw raj
    Offline
    Sunday, January 07 2018, 01:59 PM - #Permalink
    0
    #1 yes that is logical. But when I tried to uninstall the B2J from a localhost copy it left one of the installations on. I just wanted to get rid of it in my localhost so I didnt se which one it was and just uninstalled it.
    If you got to manage extensions you will find 3 entries of B2J. So I am assuming same thing happened with my live site I didn't notice it.
    #2 I have uninstalled it from my servers will the log still be there? I will check if its there and email you

    BTW your notification email to the replies on this forum are going into spam on gmail
    The reply is currently minimized Show
  • Accepted Answer

    Gulp Twins
    Gulp Twins
    Offline
    Monday, January 15 2018, 02:59 PM - #Permalink
    0
    Hello,
    I like so much your extension but is now going to be hacked on each site I've used.
    Are you going to fix the security issues ?
    Isn't it available anymore in free version?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, January 15 2018, 09:49 PM - #Permalink
    0
    Hi ,

    We have fixed issues in the extension already months ago and updated our customers to use the latest version.
    Also provided the installable kit free of cost as it was a security release.
    You can download that kit from the below link.
    Download link : http://updates.codextrous.com/com_b2jcontact.2.1.16.zip

    We do not provide free version anymore and highly recommend to subscribe it for regular updates and support.

    Thank You
    Team Codextrous
    The reply is currently minimized Show
  • Accepted Answer

    Gulp Twins
    Gulp Twins
    Offline
    Wednesday, January 17 2018, 07:05 PM - #Permalink
    0
    Thank you so much, I'll upgrade it !!
    We would like to subscribe and keep it updated but, as you know, it is up to customer to decide...
    The reply is currently minimized Show
Your Reply