Missing index.php in hacked site

[richard_2btrue]

The server quarantined the index.php file of my site and no backup of the file is immediately available. I appreciate the secuity information in the posts, but right now despite being very inexperienced with Joomla I need to be able to generate an index.php that will get the site running again urgently............

The web site index.php was found to have malicious code. The server quarantined the index.php file but no backup can be located! How to get an new index.php for this site??

Warning: require_once(/home/rbridger/public_html/includes/framework.php) [function.require-once]: failed to open stream: No such file or directory in /home/rbridger/public_html/index.php on line 22

Joomla! Instance :: Not Found
Joomla! Configured :: Not Found

Host Configuration :: OS: Linux | OS Version: 2.6.18-408.8.2.el5.lve0.8.61.3 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/rbridger/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: | Last Known Error: | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Database Credentials incomplete or not available Nothing to display.

PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dbase () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mysql (1.0) | SimpleXML (0.1) | posix () | pspell () | Reflection (0.1) | imap () | SPL (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi () | eAccelerator (0.9.6.1) | timezonedb () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | ionCube Loader () | Zend Optimizer () | Zend Engine (2.2.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

[Marcus Stafford]

Either download a fresh copy of the Joomla version you have and use a file from that or let me know via PM and I'll email a copy.

[richard_2btrue]

Thanks for the suggestion, I did that, there were a number of index.php to choose from in the Joomla folder but I tried the index.php in the root folder, uploaded it to the public_html folder but the resulting error message is....
No configuration file found and no installation code available. Exiting...

Same result when I uploaded the index2.php and configuration.php-dist and renamed it to configuration.php.

Any other ideas would be appreciated!

[Marcus Stafford]

You need to rename your configuration.php-dist file to configuration.php and configure it correctly.

[richard_2btrue]

I did rename it and you are right it needs to be configured, but how!?
Thanks

[Marcus Stafford]

You'll need to add in the correct database credentials and set the tmp and log paths for a start. The paths will depend on your server config but you should already have the db details.

[richard_2btrue]

The ISP had a backup in the end and are doing that now. I am reviewing the security. There is alot of information in the Joomla documentation, and a post by Mandville covering similar material.

Upgrading Joomla seems to be one of the most important steps. I think my site was still on Joomla 1.6, the documentation is not very clear what is my upgrade path so my question is.... is it best to upgrade from 1.6 to 3.1 , or just 1.6 to 2.5, and then wait for 3.5 to be released?

I'm not interesed in new features yet I just want a secure site!

Thanks

[richard_2btrue]

The site is back online and it is Joomla 1.5.7. I am trying to use the guide at http://docs.joomla.org/J2.5:Upgrading_f ... ng_version, but the extension manager is very different from mine so its not clear how to upgrade from this documentation. Any links would be appreciated>

[Marcus Stafford]

You need to install something like this : http://archive.extensions.joomla.org/ex ... lers/14398

It will allow you to update to 1.5.26 quickly. Otherwise you'll have to download the patch file and overwrite via FTP.

Then you can plan to upgrade to 2.5 soon after.

[richard_2btrue]

Thanks, that worked fine and its now 1.5.25 instead of 1.5.26 but that does not seem to matter too much for migration purposes.
I'm trying to upgrade to 2.5 but wondering the 2.5 upgrade is mostly about features rather than security. So is 1.5.25 pretty much as secure as 2.5??

[Marcus Stafford]

Try running it again. You really need to be at 1.5.26 at least.

2.5 is more secure and more importantly it's a more workable platform.

There are plenty of extensions which will allow you to upgrade a simple site to 2.5 or 3.0 quite easily. Have a look in the JED. SP Upgrade is a good one.

[richard_2btrue]

I just tried to upgrade to 1.5.26 with the packages at JoomlaCode.org pages link below.
But not sure if I simply need to just ftp the contents to the web site??


http://joomlacode.org/gf/project/joomla ... mcct%3D%2F

[Marcus Stafford]

No. Download this package, extract it on your desktop and FTP it to your site overwriting the folders/files already there. It only contains updated files so will only update them.

http://joomlacode.org/gf/download/frsre ... ackage.zip

[richard_2btrue]

Thanks, I am looking to use SP Upgrade to move to version 3.x.

But this morning I checked the hard earned first page Google links and they are broken, going to some Brazial Google page! (Adwords links seem OK though)

I'm assuming that the jUpgrade Extension has caused this. So I am hoping that reverting to my 1.5.7 web site, then using SP Upgrade to go to 3.x will preserve the Google links, as their marketing claims.

I'm sure there is some problem with this plan so any input would be much appreciated.

Thanks