Simpleboard, ExtCalendar + Joomla ver. 1.0.10 HACKED!

Hello,

Just found out that on the web...

This is a quote from Phil Taylors email:

Quote:

"It is not often I write a personal plea in an email, but if I could give you
guys one bit of advice for today it would be this.

IF YOU ARE RUNNING ANY OF THE FOLLOWING JOOMLA COMPONENTS THEN PLEASE
CONTACT ME ASAP! (Or research using the links at the bottom of this letter)

* Simpleboard
* ExtCalendar
* Any version of Joomla less than version 1.0.10

## IF YOU ARE RUNNING THESE YOUR WHOLE SITE CAN BE HACKED! ##

(NOTE: None of these products are created by Phil Taylor, there are no known
security issues of this type in Phil Taylor components)

Today I have had the enduring task of fixing five hacked websites, all the
hacks were using well (now) know security holes (Which are just plain bad
programming on the part of the developers) in the above two Joomla
Components. Also running any version of Joomla less that the latest v1.0.10
version can also allow other attack attempts to be made.

If you need assistance in upgrading to Joomla 1.0.10 we would be happy to
help - we do loads of these a week!

Else, if you are running SimpleBoard or ExtCalendar then you should
remove/replace/fix/patch the files to stop hackers gaining access to your
server.

Here are some links to help you research:

http://www.phil-taylor.com/FixMySite/
* Simpleboard = http://forum.joomla.org/index.php/topic,75668.0.html
* ExtCalendar = http://forum.joomla.org/index.php/topic,75390.0.html
* Joomla = http://www.joomla.org/content/view/1510/74/

If you dont have any of the above, ignore this article! :-) "

From what I've read so far it might be fixed by placing

Code:

/** ensure this file is being included by a parent file */
defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );

On the top of com_extcalendar/extcalendar.php

But even the developer team is not fully sure about it....

Anyway, feel warned!

Best Regards,
Piotrek