Joomla! Discussion Forums

Hello everybody,

Today my provider phoned be about a problem on my website joomla 1.5.7 (last update)

They found a script in the media directory here is the text :

------------------------------------------------------------------------------

Mod note script removed.
-----------------------------------------------------------------------------


I looked around in google and don't find any articles about this concerning joomla (but the problem in known for other php CMS).

Two weeks ago I have been hacked by [name removed] (then I have updated from 1.5.2 to 1.5.7 and the problem disappeared).

Must I erase the script ? (the provider has renamed the file as it can not be active)


Thank you for your job. My provider said me that in this period many hacked have been occured against joomla sites.

Regards

Antinoos

Are your file permissions secure? How do you know this file was not placed there when you were running an insecure version of Joomla?

DO NOT post hackers name or hacking scripts please, and also, PLEASE read this: http://docs.joomla.org/Joomla!_Administ ... _Checklist

just a quick guess...

your joomla was allready been hacked at the time of your update..
because 1.57 is in the wild since month now...

so i would think about to delete everything, restore a backup , and then update.

check your backups for the script...

Maybe as part of the installation process, Joomla! (and other applications, for that matter) need to have a small questionaire to determine whether we wish to have our high-quality application running on their "potentially" low-quality service. If less than 90% is acheived, due to lack of knowledge, experience or capabilities of the hosting company, we refuse to install on such an inadaquate host..!!

Your hosts statement is not only irrelavent, but inflametory, innacurate and only serves to highlight their limited knowledge of the service that you are actually paying them for.

If your telephone company was unable to provide you adaqaute service, constantly sending your calls to others, and their calls to you, would you still use them, or pay them even?

I am currently dealing with a similar problem.

When I signed into the back end of my site, (it is at a testing domain), I can click around in the back interface, but as soon as I go to action a specific element ( Menu item, or anything - it actually looks like it is activated after the first request) I get my PC Tools spy ware warning - or maybe it is a firefox warning(?) "Reported Attack Site!"

I have a separate copy running on my wamp server localhost I checked the database, so I am doing a systematic check. But in the end I assume that deleting and reestablishing the database on the upload is the way I will fix it.

I don't know how it happened. I check the permissions. There is nothing above 755.
I did have a set of folder with the CB_community builder install files, all of them sitting on the server - not sure if that is how the hack was actioned?

I am a little new when it comes to my server / php / database skills.
(I am a designer, and css / html developer - who also decided to pick up joomla templates as a skill and found out I kind of really like Joomla!)

Anyway. I hope some of the problem description helps.

Vdst.