Site hacked

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
slow riot
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Tue Feb 26, 2008 7:15 pm

Site hacked

Post by slow riot » Tue May 21, 2013 12:12 pm

Hello. I got my website hacked, and it happened few times in the last month. I thought I got it cleaned, but apparently, there is some vulnerability. I don't know what to do - is it the time to upgrade from Joomla 1.5.26 to Joomla 2.5? That seems like a rather complicated job, but if that's what I have to do, than that's what I have to do.

Here is what FPA generated:
Forum Post Assistant (v1.2.3) : 21st May 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (644) | Owner: moo.urospopovic (uid: 1/gid: 1) | Group: www (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.44 | Technology: x86_64 | Web Server: Apache/2 | Encoding: gzip,deflate,sdch | Doc Root: /home/users/web/b2131/moo.urospopovic/rcudme | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.13 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 20M | Max. POST Size: 20M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.0.91-log (Client:5.0.51a) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 984.22 KiB | #of Tables:  69
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.13) | date (5.3.13) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | standard (5.3.13) | posix () | pspell () | Reflection ($Id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | imap () | SimpleXML (0.1) | sockets () | Phar (2.0.1) | SQLite (2.0-dev) | exif (1.4 $Id$) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | mhash () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: images/resized/ (777) | images/resized/images/ (777) | images/resized/images/slike/foto/ (777) | images/stories/slideshow/ (777) | media/com_akeeba/ (777) | media/k2/ (777) | modules/mod_tabmix_gk1/images/ (777) | modules/mod_tabmods_gk2/images/ (777) | plugins/content/ja_tabs/themes/ (777) | plugins/content/plugin_jw_sig/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: User (1.5.0) | MailTo (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: Trash (1.0.0) | Contact Items (1.0.0) | Newsfeeds (1.5.0) | Template Manager (1.5.0) | User Manager (1.5.0) | Akeeba (3.0.a3) | Cache Manager (1.5.0) | Module Manager (1.5.0) | Weblinks (1.5.0) | Messaging (1.5.0) | JA Ext Manager (1.5.0) | Content Page (1.5.0) | K2 (2.2) | JCE (1.5.7) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Control Panel (1.5.0) | Polls (1.5.0) | gk2_tabs_manager (2.2.0) | Installation Manager (1.5.0) | Search (1.5.0) | gk3_tabs_manager (3.1.2) | Frontpage (1.5.0) | Menus Manager (1.5.0) | Joom!Fish (2.0.4) | Configuration Manager (1.5.0) | gk2_photoslide (2.2) | Language Manager (1.5.0) | Plugin Manager (1.5.0) | Banners (1.5.0) |

Modules :: SITE :: Gavick TabMods GK2 (2.2) | Gavick TabMix GK1 (1.2.1) | Banner (1.5.0) | Sections (1.5.0) | Poll (1.5.0) | Most Read Content (1.5.0) | Gavick Tab GK1 (1.1.0) | JA Quickcontact (1.0.0) | News Show GK3 (3.2.0) | Gavick TabArts GK2 (2.2.1) | [youtube] playlist player (1.5) | AJAX Soft Fade-In Popup (1.5) | Statistics (1.5.0) | Syndicate (1.5.0) | JA Side News Module (1.0.1) | Login (1.5.0) | Random Image (1.5.0) | Footer (1.5.0) | K2 Content (2.2) | Newsflash (1.5.0) | JA Tabs (1.5.0) | Menu (1.5.0) | Latest News (1.5.0) | Archived Content (1.5.0) | JoomFish-Language Selection (2.0.4) | JA Twitter Module For Joomla 1 (1.0.2) | K2 Comments (2.2) | Search (1.0.0) | Ja HighSlide (1.5.0) | K2 Tools (2.2) | JA Bulletin (1.0.1) | GK Weather (1.0.0) | Custom HTML (1.5.0) | JA Slideshow2 Module (2.0.3) | Feed Display (1.5.0) | googleMaps (1.5) | Wrapper (1.0.0) | Breadcrumbs (1.5.0) | denVideo (2.1) | Who\'s Online (1.0.0) | K2 Login (2.2) | Related Items (1.0.0) | Gavick News Image I (2.2) |
Modules :: ADMIN :: Toolbar (1.0.0) | Online Users (1.0.0) | Custom HTML (1.5.0) | Admin Submenu (1.0.0) | Quick Icons (1.0.0) | Popular Items (1.0.0) | Unread Items (1.0.0) | Feed Display (1.5.0) | Direct Translation (2.0.4) | Items Stats (1.0.0) | Logged in Users (1.0.0) | K2 QuickIcons (admin) (2.2) | Title (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Latest News (1.0.0) | Footer (1.0.0) | User Status (1.5.0) |

Plugins :: SITE :: User - K2 (2.2) | User - Joomla! (1.5) | User - Example (1.0) | Joomfish - Missing Translation (2.0.4) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Search - Joomfish Content (2.0.4) | Search - Categories (1.5) | Search - Joomfish Sections (2.0.4) | Search - Content (1.5) | Search - Joomfish Contacts (2.0.4) | Search - K2 (2.2) | Search - Joomfish Categories (2.0.4) | Search - Contacts (1.5) | Search - Sections (1.5) | Search - Newsfeeds (1.5) | Search - Joomfish Newsfeeds (2.0.4) | Search - Joomfish Weblinks (2.0.4) | Search - Weblinks (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Editor - XStandard Lite for Jo (1.0) | Editor - JCE 1.5.6 (1.5.6) | Object Support (1.5.1) | SpellChecker (2.0.0) | Advanced Code Editor (1.5.6) | Paste (1.5.0) | File Browser (1.5.0 Stable) | Paste (1.5.6) | Advanced Link (1.5.1) | Joomla! Links for Advanced Lin (1.2.1) | Image Manager (1.5.2) | Editor - TinyMCE 3 (3.2.6) | Button - Image (1.0.0) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Editor Button - SIGE Parameter (1.5-2-1) | System - Log (1.5) | Joomfish - Basic Router (2.0.4) | Joomfish - Abstraction Layer (2.0.4) | JA Popup (1.0.1) | System - SEF (1.5) | System - Remember Me (1.5) | System - K2 (2.2) | System - Legacy (1.5) | System - Debug (1.5) | System - Cache (1.5) | System - Backlinks (1.5) | JA Menu Parameters (1.0.2) | System - Mootools Upgrade (1.5) | Content - sigplus Image Galler (1.2.6.13) | Content - JPlayer (1.4) | Content - Pagebreak (1.5) | Content - CAPTCHA (1.5.12) | Highslide for Joomla! 1.5 (1.0) | SIGE (1.5-15) | Google Maps (2.12m) | Content - Email Cloaking (1.5) | JA Tabs for Joomla! 1.5 (1.0.1) | Joomfish Alternative Language (2.0.4) | Content - Vote (1.5) | load module into article (1.0.0) | Content - Code Highlighter (Ge (1.5) | Content - Load Modules (1.5) | Content - Example (1.0) | Content - denVideo (4.0b) | googleMaps (1.5.13) | Content - Page Navigation (1.5) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Norite (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |
Top
slow riot
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Tue Feb 26, 2008 7:15 pm

Re: Site hacked

Post by slow riot » Tue May 21, 2013 12:51 pm

A little update: I realized that there were [really stupidly] many folders with 777 permissions. I've changed them all. But the rest of this report I don't really understand as my knowledge isn't really great.
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Site hacked

Post by mandville » Tue May 21, 2013 3:09 pm

slow riot wrote:A little update: I realized that there were [really stupidly] many folders with 777 permissions. I've changed them all. But the rest of this report I don't really understand as my knowledge isn't really great.
how about your out of date k2 and numerous other extensions, or even worse your out of date and vulnerable version of jce?
follow checklist 7 safe route to disaster relief.
just changing your folder permissions after your repeated hacks is pointless, who knows how many or where the shell scripts, virus downloads, spam senders are
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
slow riot
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Tue Feb 26, 2008 7:15 pm

Re: Site hacked

Post by slow riot » Wed May 22, 2013 9:07 pm

How about now:
Forum Post Assistant (v1.2.3) : 22nd May 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (666) | Owner: 0 (uid: /gid: ) | Group: 0 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: No

Host Configuration :: OS: Windows NT | OS Version: 6.1 | Technology: i586 | Web Server: Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 | Encoding: gzip,deflate,sdch | Doc Root: C:/xampplite/htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.1 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 128M | Max. Input Time: 60 | Max. Execution Time: 60 | Memory Limit: 128M

MySQL Configuration :: Database Credentials incomplete or not available Nothing to display.
Missing credentials detected: Database Password missing |
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.1) | bcmath () | calendar () | com_dotnet (0.1) | ctype () | date (5.3.1) | ereg () | filter (0.11.0) | ftp () | hash (1.0) | iconv () | json (1.2.1) | mysqlnd (mysqlnd 5.0.5-dev - 081106 - $Revision: 289630 $) | odbc (1.0) | openssl () | pcre () | Reflection ($Revision: 287991 $) | session () | SPL (0.2) | standard (5.3.1) | tokenizer (0.1) | zlib (1.1) | libxml () | dom (20031129) | bz2 () | SimpleXML (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | apache2handler () | Phar (2.0.1) | mbstring () | exif (1.4 $Id: exif.c 287372 2009-08-16 14:32:32Z iliaa $) | fileinfo (1.0.5-dev) | gd () | gettext () | imap () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | PDO_ODBC (1.0.1) | pdo_sqlite (1.0.1) | soap () | sockets () | SQLite (2.0-dev) | sqlite3 (0.7-dev) | xmlrpc (0.51) | zip (1.9.1) | ming () | pdf (2.1.6) | mhash () | Zend Engine (2.3.0) |
Potential Missing Extensions :: curl | suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | mod_win32 | mpm_winnt | http_core | mod_so | mod_actions | mod_alias | mod_asis | mod_auth_basic | mod_auth_digest | mod_authn_default | mod_authn_file | mod_authz_default | mod_authz_groupfile | mod_authz_host | mod_authz_user | mod_cgi | mod_dav | mod_dav_fs | mod_dav_lock | mod_dir | mod_env | mod_headers | mod_include | mod_info | mod_isapi | mod_log_config | mod_mime | mod_negotiation | mod_rewrite | mod_setenvif | mod_ssl | mod_status | mod_autoindex_color | mod_php5 | Apache/2.2.14 (Win32) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l mod_autoindex_color PHP/5.3.1 |
Potential Missing Modules :: mod_expires | mod_deflate | mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

Elevated Permissions (First 10) :: administrator/ (777) | administrator/backups/ (777) | administrator/cache/ (777) | administrator/components/ (777) | administrator/components/com_admin/ (777) | administrator/components/com_admin/tmpl/ (777) | administrator/components/com_akeeba/ (777) | administrator/components/com_akeeba/akeeba/ (777) | administrator/components/com_akeeba/akeeba/abstract/ (777) | administrator/components/com_akeeba/akeeba/assets/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_ARTICLE_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_CLEANUP_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_TEXTCASE_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | MailTo (1.5.0) | User (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: Akeeba (3.4.3) | Banners (1.5.0) | Cache Manager (1.5.0) | Configuration Manager (1.5.0) | Contact Items (1.0.0) | Content Page (1.5.0) | Control Panel (1.5.0) | Frontpage (1.5.0) | gk2_photoslide (2.2) | Installation Manager (1.5.0) | JA Ext Manager (1.5.0) | JCE (2.3.2.4) | JCE (2.3.2.4) | Unknown (-) | Joom!Fish (2.2.3) | Language Manager (1.5.0) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Menus Manager (1.5.0) | Messaging (1.5.0) | Module Manager (1.5.0) | Newsfeeds (1.5.0) | Plugin Manager (1.5.0) | Polls (1.5.0) | Search (1.5.0) | Template Manager (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Weblinks (1.5.0) |

Modules :: SITE :: AJAX Soft Fade-In Popup (1.5) | Archived Content (1.5.0) | Banner (1.5.0) | Breadcrumbs (1.5.0) | Custom HTML (1.5.0) | denVideo (2.1) | Feed Display (1.5.0) | Footer (1.5.0) | Gavick News Image I (2.2) | Gavick Tab GK1 (1.1.0) | JA Bulletin (1.0.1) | Ja HighSlide (1.5.0) | JA Quickcontact (1.0.0) | JA Side News Module (1.0.1) | JA Slideshow2 Module (2.0.3) | JA Tabs (1.5.0) | JA Twitter Module For Joomla 1 (1.0.2) | JoomFish-Language Selection (2.2.3) | K2 Comments (2.2) | K2 Content (2.2) | K2 Login (2.2) | Latest News (1.5.0) | Login (1.5.0) | Menu (1.5.0) | Most Read Content (1.5.0) | Newsflash (1.5.0) | News Show GK3 (3.2.0) | Poll (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | Search (1.0.0) | Sections (1.5.0) | Statistics (1.5.0) | Syndicate (1.5.0) | Gavick TabArts GK2 (2.2.1) | Gavick TabMods GK2 (2.2) | Who\'s Online (1.0.0) | Wrapper (1.0.0) | [youtube] playlist player (1.5) |
Modules :: ADMIN :: Akeeba Backup Notification Mod (3.4.3) | Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.0.0) | JCE File Browser (2.3.2.4) | Latest News (1.0.0) | Logged in Users (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Items Stats (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Direct Translation (2.2.3) | Unread Items (1.0.0) |

Plugins :: SITE :: Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Content - CAPTCHA (1.5.12) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | Highslide for Joomla! 1.5 (1.0) | JA Tabs for Joomla! 1.5 (1.0.1) | Joomfish Alternative Language (2.2.3) | Content - JPlayer (1.4) | Content - Load Modules (1.5) | load module into article (1.0.0) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | Content - sigplus Image Galler (1.2.6.13) | Content - Vote (1.5) | Editor - JCE (2.3.2.4) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Editor Button - SIGE Parameter (1.5-2-1) | Joomfish - Missing Translation (2.2.3) | Search - Categories (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Joomfish Categories (2.2.3) | Search - Joomfish Contacts (2.2.3) | Search - Joomfish Content (2.2.3) | Search - Joomfish Newsfeeds (2.2.3) | Search - Joomfish Sections (2.2.3) | Search - Joomfish Weblinks (2.2.3) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Weblinks (1.5) | Akeeba Backup Lazy Scheduling (3.3) | System - Backlinks (1.5) | System - Cache (1.5) | System - Debug (1.5) | Joomfish - Abstraction Layer (2.2.3) | Joomfish - Basic Router (2.2.3) | System - Legacy (1.5) | System - Log (1.5) | System - Mootools Upgrade (1.5) | JA Menu Parameters (1.0.2) | JA Popup (1.0.1) | System - Remember Me (1.5) | System - SEF (1.5) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Norite (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |
I don't understand why it says that I have denVideo, GavickTab etc. when I removed them [like few other extensions, including K2]. Permissions will be changed, I deleted the site and now am working offline.
Top
User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:
Contact PhilD

Re: Site hacked

Post by PhilD » Tue May 28, 2013 11:38 pm

I see the two FPA results are from different installs (one remote and one local) as the second reported configuration reports it is from xampp and so some of the configuration reported

In the first report you have Register Globals: 1 which means it is on. Register Globals should never ever be on, period. It is not on by default in php 5 and should never be turned on for any reason. There is no reason one can make to justify it being on. If this was done by the host then shame on them and find another host. If this was done by you, then you should rectify this asap. It is also possible a hack altered this for easier access to your site, so you need to know how Register Globals was turned on.

Second, is the permissions issues. For whatever reason (perhaps the hack did this) your permissions are all 777. They should never be higher than 644 for files and 755 for directories. (Note: It generally does not matter on a local development setup if such server is not reachable from the web.) The permissions can be reset easily by using the commands and instructions provided within the checklist http://docs.joomla.org/Security_Checkli ... d_and_cron

Uninstalling an extension will usually leave the directories it creates, some or all the files it installed, usually all the user added files (including hacks), and all the tables it creates. To fully remove extensions you will need to get rid of all the directories, files within the directories, and any tables an extension may create.
PhilD
Top
Locked

Return to “Security in Joomla! 1.5”