HACKED!!! Please help me fix my hacked site! - SOLVED

na3 · **Joined:** Mon Jul 17, 2006 3:57 am **Posts:** 18

I've been running a site using Joomla, and recently noticed my site was hacked through the Link Directory component. I reinstalled my component files, and realised that some of my directory permissions have been set at 777 (I just created the site, and hadn't chmod them back yet). I tried to chmod these files back using Joomlaxplorer and my Cpanel, but I've been logged out of my admin site. I also had globals_register set to on because I was having trouble with my TSMF forum and changed it so that it would work. I'm going to contact my host to get it turned off again, but I still need help!

I now get a message saying that I am forbidden to view the page (admin login), and I had my site turned offline while trying to fix this. I went into my Cpanel and changed the site to online, and I keep getting error messages saying that components aren't installed, etc.

I have no idea what to do to fix this, since I can't even login to my admin site. Oh please help me! I need my site back online ASAP!!!

Edit: I went into my Cpanel and upgraded to 1.10 (although I had already manually installed the patch from 1.08) and everything was back! A few minor formatting issues, but everything was back! And I added the line of code given elsewhere it linkdirectory to stop hackers... Hopefully problem solved.

TIA,

Na3

iNFERNO · **Joined:** Thu Sep 22, 2005 10:29 am **Posts:** 57

You should upgrade to J! 1.0.11 asap.

And check for files that got installed by the hackers, such as mailscripts / shells.

na3 · **Joined:** Mon Jul 17, 2006 3:57 am **Posts:** 18

How do I check for mailscripts etc?

rliskey · **Posted:** Tue Aug 29, 2006 6:48 pm

I would delete the whole directory, and reinstall everything. That's quicker than trying to find maliciously installed/modified files.
See this list for pointers: http://forum.joomla.org/index.php/topic,81058.0.html

na3 · **Joined:** Mon Jul 17, 2006 3:57 am **Posts:** 18

Yeah, I'd delete everything except I've worked for two months non-stop on this site, it's an online publication and yesterday I updated all my content, I'm advertising jobs available with my company as of yesterday, and it's almost time for me to get up and go to work.

So far everything seems ok, and I'm trying to upgrade to 1.0.11...

I have a backup, I just need my site to be stable for one day and then I can fix everything tonight.

If I'm using Fantastico, can I just uninstall and then load a backup, and everything will be as it was before the hack?

rliskey · **Posted:** Tue Aug 29, 2006 8:13 pm

If you have to use existing files, here's a script that may help you. It lists all the files on your site in order of mod date. Just look at the top of the list for files that should not have been modified lately.
http://www.joomlation.eu/index.php?opti ... &Itemid=35

I made a few tweaks to the original script to show more details, such as file permissions. Available here:
http://www.educationgrove.com/index.php ... Itemid=100

na3 · **Joined:** Mon Jul 17, 2006 3:57 am **Posts:** 18

Thanks so much Rliskey!

I'll test it out tonight and let you know how it goes

Edit: I've just upgraded to 1.0.11, and I'm now using your File permissions script to check all my files. Thanks again Rliskey, this is a life-saver of a script!

Joomla! Discussion Forums

HACKED!!! Please help me fix my hacked site! - SOLVED

Quick reply

Who is online