Malicious Code in my website JTS-post Assistant Output

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
arefrasool2004
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 140
Joined: Wed Jan 16, 2008 9:24 am
Contact:
Contact arefrasool2004

Malicious Code in my website JTS-post Assistant Output

Post by arefrasool2004 » Mon Jan 30, 2012 8:17 am

JTS-post Diagnostic Information wrote:Joomla! Version: Joomla! 1.5.23 Stable [ senu takaa ama baji ] 04-March-2011 18:00 GMT
configuration.php: Writable (Mode: 755 ) | Architecture/Platform: Linux 2.6.18-374.3.1.el5.lve0.8.44PAE ( i686) | Web Server: Apache ( http://www.goldenpeacockawards.com ) | PHP Version: 5.2.13
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Enabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max.Execution Time: 30 seconds | File Uploads: Enabled
MySQL Version: 5.0.92-community-log ( Localhost via UNIX socket )
JTS-post Extended Information wrote:SEF: Disabled (without ReWrite) | Legacy Mode: Disabled | FTP Layer: Disabled | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi | MySQLi: Yes | Max. Memory: 256M | Max. Upload Size: 2M | Max. Post Size: 8M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 5.0.92 ( latin1 )
Arif Rasool Bhat
Top
arefrasool2004
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 140
Joined: Wed Jan 16, 2008 9:24 am
Contact:
Contact arefrasool2004

Re: Malicious Code in my website JTS-post Assistant Output

Post by arefrasool2004 » Mon Jan 30, 2012 8:23 am

I have checked .htaccess and also the content of the website there is nothing suspicious only when i check the cache of the webpages it shows malicious content.
Arif Rasool Bhat
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious Code in my website JTS-post Assistant Output

Post by mandville » Mon Jan 30, 2012 9:17 am

your joomla is out of date, run through checklist 7 safe route to recovery

[ ] Run the Forum Post Assistant / FPA Instructions available here and are also included in the download package.

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
Locked

Return to “Security in Joomla! 1.5”