Hacked and cannot remove user from database using phpMyAdmin
Posted: Fri Aug 14, 2009 8:38 pm
One of my Joomla 1.5 websites was hacked. The site is fully patched and directory permission are 755/644. The hacker has been loading files like crp.php and int.php in the /images folder as well as other places. These files when downloaded are showing up as Rst.G trojan and C99Shell. I have been deleting the files but more show up within a day. RSFirewall hasn't reported anything yet the hacks continue.
What really disturbs me is that he has taken over a super admin account and I cannot delete it. If I delete it in Joomla (first demoting it to admin) it is removed from the list but when I check the database the account is still there. If I delete the account directly from the database it returns immediately. Has this kind of thing happened to anyone else?
What really disturbs me is that he has taken over a super admin account and I cannot delete it. If I delete it in Joomla (first demoting it to admin) it is removed from the list but when I check the database the account is still there. If I delete the account directly from the database it returns immediately. Has this kind of thing happened to anyone else?