An urgent update to anybody who is using the Joomla component called “JoomlaStats”.
My server host and I have discovered a potential exploit in the JoomlaStats component that could heavily drain your servers resources and possibly leave your site at risk.
The issue was discovered earlier today when my hosts data center suspended my account due to excessive resource usage. This should never have happened of course, as there had been no new updates to any of my websites in recent days. Upon review of the Joomla Stats component, we found the following data, which as you can see, is completely out of the ordinary for my website.
On the 5th and 6th of July the number of visitors / hits to the site jumped by OVER 1000%!
Looking deeper, we found that the majority of the hits came in blocks of IP’s, such as the one below.
This is not necessarily a sign of hacker, script or bot, but for my site, this type of traffic is heavily out of the ordinary. Also, as you can see, the hits all came from the same host in this example, but different IP addresses and are all just seconds apart. What this image doesn’t display is that they were also from a range of differnt operating systems and browsers.
The graph on the right shows the sites total server usage for the month of July so far. The first few days of the month are as expected, but as you can see, the jump is quite drastic on the 5th and 6th.
To further add to the confusion, Google Analytics are not displaying a huge increase in visitors to the site. Why, we are not yet sure, but are looking into whether the JoomlaStats numbers are accurate, or if they are caused by this apparent exploit.
The Server Load
At the point the server suspended my account, the server load was almost 4 times what it should have been. Since disabling and removing the JoomlaStats component that has dropped back to what it should be.
My suggestion, if you use JoomlaStats, is to keep a close eye on your data and if possible, server load. The exploit may simply be a one-off thing, but it is always best to be safe when it comes to things like this.