Joomla! Forum - community, help and support

Yesterday, my Joomla 1.0.10 site was hacked. The hacker got through using a post method abusing extcalender 0.9.1. That post method accessed some .dat file.

As far as I can tell, the hacker put up an index.html file with an ugly picture and text bragging about the hack and some music. The image and music was hosted somewhere else.

Also another file, was placed on the server, r57.php, which was infected with a virus, PHP.RSTBackdoor.

I did not notice that any other files were affected, so I removed the links to extcalendar and renamed the extcalendar folders to something not easily guessed. I did not notice any weird sql entries. I deleted the 2 files the hacker put on the server.

Is there anything else I need to do or should be worried about?

Is there anything else I need to look out for or be worried about? Or did I take care of removing the problems already?

You may want to check out the recently updated extended calendar security fix that our devs have worked so hard on (but didn't have to) 

http://forum.joomla.org/index.php/topic,75390.120.html

I think you should also change all passwords in case they were able to extract them from files or from dumps of the database. The virus they installed makes this possible.