Site hacked

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
JackBauer
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Sun Apr 09, 2006 3:28 am

Site hacked

Post by JackBauer » Tue Jun 29, 2010 8:56 pm

[quote="JTS-post Problem Description"]Site hacked[/quote][quote="JTS-post Actions Taken To Resolve"]Nothing yet[/quote]
JTS-post Diagnostic Information wrote:Joomla! Version: Joomla! 1.0.12 Stable [ Sunfire ] 25 December 2006 01:00 UTC
configuration.php: Writable (Mode: 644 ) | RG_EMULATION:
Architecture/Platform: Linux 2.6.27-grsec4 ( i686) | Web Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.2.11 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 | PHP Version: 5.2.8
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Enabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max.Execution Time: 30 seconds | File Uploads: Enabled
MySQL Version: 5.0.90-community-log ( Localhost via UNIX socket )
JTS-post Extended Information wrote:SEF: Enabled | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi | MySQLi: Yes | Max. Memory: 32M | Max. Upload Size: 2M | Max. Post Size: 8M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 5.0.90 ( latin1 )
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Site hacked

Post by mandville » Wed Jun 30, 2010 10:25 pm

you are 3 versions of (old) joomla behind and lord knows what else.
for a start frontpage extensions installed are bad..


[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] For the malicious code topic

[ ] If you are on godaddy - read this topic http://forum.joomla.org/viewtopic.php?f=432&t=515398

If you feel none of the above applies to you read these admin tips and the what went wrong post
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
JackBauer
Joomla! Apprentice
Joomla! Apprentice
Posts: 35
Joined: Sun Apr 09, 2006 3:28 am

Re: Site hacked

Post by JackBauer » Thu Jul 01, 2010 10:15 pm

I'll check into this soon. Also, I have the same problem with another site I run that is 1.5.17 I think?
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Site hacked

Post by mandville » Thu Jul 01, 2010 11:02 pm

for the 1.5.17 site, run treat that on its own in the in the main security forum
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
Locked

Return to “Security - 1.0.x”