hacked headers in joomla

cbiadam · Post by **cbiadam** » Mon Aug 15, 2011 8:24 pm

my website www community-boating .org currently has had it's headers overwritten by someone who apparently is sending out spam for tramadol. How can I go about figuring out if the hack was in a file or in the mysql DB? Any thoughts?

thanks!
Adam

Webdongle · Post by **Webdongle** » Mon Aug 15, 2011 8:38 pm

By deleting all your files and replacing them with fresh ones like it says in http://forum.joomla.org/viewtopic.php?p ... 1#p1988191

I would keep the configuration.php

If you follow the instructions correctly then you will know if it was just in the files.

cbiadam · Post by **cbiadam** » Mon Aug 15, 2011 8:45 pm

thanks, trying that, also doing a word search in the files. the weird thing is when I look at the source in firefox it looks clean, but to google the source is totally polluted with spam

Webdongle · Post by **Webdongle** » Mon Aug 15, 2011 9:00 pm

In FF
Tools >>> Web developer >> view source >>> view generated source

It will display things that ordinary view source misses.

Chances are that the database is clean. But your computer may well be infected. If it was not infected before the exploit it may well have got infected from the site after. Thus perpetuating a loop if you upload files (and or change passwords) before checking your computer.

cbiadam · Post by **cbiadam** » Mon Aug 15, 2011 11:45 pm

thank you, restored from backup and am going to once again try to update to a slightly newer version of Joomla.

Webdongle · Post by **Webdongle** » Mon Aug 15, 2011 11:53 pm

So long as the backup has no infected files.

After deleting ALL the files on the server. You should have checked your computer. Then changed password. Then uploaded the files from a fresh download of Joomla.

leolam · Post by **leolam** » Tue Aug 16, 2011 11:56 am

cbiadam wrote:try to update to a slightly newer version of Joomla.

Slightly? You can only upgrade to one version and that is Joomla 1.5.23. All other versions below have security issues

Leo

cbiadam · Post by **cbiadam** » Tue Aug 16, 2011 12:01 pm

already at 1.5.23, i was thinking 1.7 but that is a reasonable undertaking... unfortunately.

PhilD · Post by **PhilD** » Tue Aug 16, 2011 12:20 pm

cbiadam wrote:already at 1.5.23, i was thinking 1.7 but that is a reasonable undertaking... unfortunately.

There are many sites that are on 1.5.23 and need to stay there at least until the next major release is stable and the 3rd party extensions used on the site are updated to work with that stable major release.

Also, to go from 1.5 to 1.6 or 1.7 and onwards, I believe there is a migration involved from the 1.5 platform (not an update) and many extensions do not yet work with 1.6/1.7 or beyond. If a site is new or going to be rebuilt from the ground up (including a new database) on a new platform then Versions of 1.6 should be skipped at this point in time and one should go directly to the latest 1.7.xx version.

The Joomla! Forum™

hacked headers in joomla

hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla

Re: hacked headers in joomla