1.0.10 site hacked via extcalender
Posted: Wed Jul 19, 2006 12:17 pm
Yesterday, my Joomla 1.0.10 site was hacked. The hacker got through using a post method abusing extcalender 0.9.1. That post method accessed some .dat file.
As far as I can tell, the hacker put up an index.html file with an ugly picture and text bragging about the hack and some music. The image and music was hosted somewhere else.
Also another file, was placed on the server, r57.php, which was infected with a virus, PHP.RSTBackdoor.
I did not notice that any other files were affected, so I removed the links to extcalendar and renamed the extcalendar folders to something not easily guessed. I did not notice any weird sql entries. I deleted the 2 files the hacker put on the server.
Is there anything else I need to do or should be worried about?
As far as I can tell, the hacker put up an index.html file with an ugly picture and text bragging about the hack and some music. The image and music was hosted somewhere else.
Also another file, was placed on the server, r57.php, which was infected with a virus, PHP.RSTBackdoor.
I did not notice that any other files were affected, so I removed the links to extcalendar and renamed the extcalendar folders to something not easily guessed. I did not notice any weird sql entries. I deleted the 2 files the hacker put on the server.
Is there anything else I need to do or should be worried about?