I encounter a problem with my Joomla 1.5.26 version. You'll see technicals informations below.
The site is often redirect to a spam website, some files like index.php are modified (<?php eval(base64_decode('...') is injected in first line of the file), .htaccess was too, and news files like LICESNE.php was created...
I installed CrawlProtect to generate a custom htaccess file, I cleaned some files but the problem comes back regularly. I don't know how can I clean the entire site.
Thanks to help
Problem Description :: Forum Post Assistant (v1.2.3) : 27th June 2013 wrote:redirection / malicious code
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 27th June 2013 wrote:- Scanning site and remove malicious code
- installing crawlprotect
Forum Post Assistant (v1.2.3) : 27th June 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (644) | Owner: www-mm-preprod (uid: 1/gid: 1) | Group: www (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-bpo.5-amd64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /htdocs | System TMP Writable: Yes
PHP Configuration :: Version: 5.2.6-1+lenny16 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M
MySQL Configuration :: Version: 5.0.51a-24+lenny5-log (Client:5.0.51a) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 1.21 MiB | #of Tables: 160Detailed Environment :: wrote:PHP Extensions :: zip (2.0.0) | xmlwriter (0.1) | libxml () | xml () | wddx () | tokenizer (0.1) | sysvshm () | sysvsem () | sysvmsg () | session () | SimpleXML (0.1) | sockets () | soap () | SPL (0.2) | shmop () | standard (5.2.6-1+lenny16) | Reflection (0.1) | posix () | mime_magic (0.1) | mbstring () | json (1.2.1) | iconv () | hash (1.0) | gettext () | ftp () | filter (0.11.0) | exif (1.4 $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14 iliaa Exp $) | dom (20031129) | dba () | date (5.2.6-1+lenny16) | ctype () | calendar () | bz2 () | bcmath () | zlib (1.1) | pcre () | openssl () | xmlreader (0.1) | cgi-fcgi () | curl () | gd () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pgsql () | xsl (0.1) | Zend Engine (2.2.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (---) | tmp/ (777) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) :: tmp/ (777) |Extensions Discovered :: wrote:Components :: SITE :: Gantry (3.1.5) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_TEXTCASE_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_ARTICLE_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_CLEANUP_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | MailTo (1.5.0) | User (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: J2XML (1.5.4.73) | Configuration Manager (1.5.0) | RokCandy Bundle (1.3) | Joom!Fish (2.1.5) | Trash (1.0.0) | RokModule (1.2) | Plugin Manager (1.5.0) | AvReloaded (1.2.6) | Banners (1.5.0) | Gantry (3.1.5) | mod_cblogin (-) | plg_system_kunena (-) | AllEvents (-) | Unknown (-) | mod_sobipro_entries (-) | jUpgrade (2.5.11 FR) | Media Manager (1.5.0) | Content Page (1.5.0) | Search (1.5.0) | Mass Mail (1.5.0) | Messaging (1.5.0) | Version Verification Tool (2.0.3) | Weblinks (1.5.0) | JCE (2.3.2.4) | Unknown (-) | JCE (2.3.2.4) | Installation Manager (1.5.0) | Module Manager (1.5.0) | User Manager (1.5.0) | SpecImages (1.1) | Newsfeeds (1.5.0) | RokCandy (1.3) | Frontpage (1.5.0) | Menus Manager (1.5.0) | Cache Manager (1.5.0) | Contact Items (1.0.0) | Control Panel (1.5.0) | RokNavMenu Bundle (2.8) | yos_ammap (1.0.5.6) | AcyMailing Tag : Joomla User I (1.7.2) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Subscriber in (1.7.2) | AcyMailing : (auto)Subscribe d (1.7.2) | AcyMailing : share on social n (1.0.0) | AcyMailing : trigger Joomla Co (1.7.2) | AcyMailing : Statistics Plugin (1.7.2) | AcyMailing Tag : CB User infor (1.7.2) | AcyMailing Tag : content inser (1.7.2) | AcyMailing Tag : Date / Time (1.7.2) | AcyMailing table of contents g (1.0.0) | AcyMailing Module (1.7.2) | AcyMailing Template Class Repl (1.7.2) | AcyMailing Tag : Manage the Su (1.7.2) | AcyMailing Tag : Website links (1.7.2) | AcyMailing (1.7.2) | Template Manager (1.5.0) | Language Manager (1.5.0) | PhocaMaps (1.1.1) | Polls (1.5.0) |
Modules :: SITE :: Login (1.5.0) | Newsflash (1.5.0) | Simple Image Rotator (1.2) | Simple Image Rotator (1.2) | RokAjaxSearch (2.1) | Wrapper (1.0.0) | Footer (1.5.0) | Feed Display (1.5.0) | AllVideos Reloaded (1.2.6) | Random Image (1.5.0) | Latest News (1.5.0) | RokNavMenu (2.8) | Banner (1.5.0) | Who\'s Online (1.0.0) | Poll (1.5.0) | Custom HTML (1.5.0) | Most Read Content (1.5.0) | Sections (1.5.0) | Breadcrumbs (1.5.0) | Menu (1.5.0) | Related Items (1.0.0) | YOS amMap (1.0) | AcyMailing Module (1.7.2) | RokNewsPager (1.7) | Search (1.0.0) | ccNewsletter (1.0.9) | JoomFish-Language Selection (2.1.5) | Archived Content (1.5.0) | RokSlideshow (4.2) | SpecImage (1.1) | Syndicate (1.5.0) | Statistics (1.5.0) |
Modules :: ADMIN :: Popular Items (1.0.0) | Login Form (1.0.0) | Footer (1.0.0) | Feed Display (1.5.0) | Quick Icons (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Admin Menu (1.0.0) | Title (1.0.0) | Custom HTML (1.5.0) | Logged in Users (1.0.0) | Direct Translation (2.1.5) | Online Users (1.0.0) | Unread Items (1.0.0) | Toolbar (1.0.0) | JCE File Browser (2.3.2.4) | Items Stats (1.0.0) | Latest News (1.0.0) |
Plugins :: SITE :: User - Example (1.0) | User - Joomla! (1.5) | Search - Content (1.5) | Search - Sections (1.5) | Search - Newsfeeds (1.5) | Search - Joomfish Weblinks (2.1.5) | Search - Weblinks (1.5) | Search - Joomfish Content (2.1.5) | Search - Joomfish Contacts (2.1.5) | Search - Joomfish Sections (2.1.5) | Search - Contacts (1.5) | Search - Categories (1.5) | Search - Joomfish Categories (2.1.5) | Search - Joomfish Newsfeeds (2.1.5) | Editor - XStandard Lite for Jo (1.0) | Editor - JCE (2.3.2.4) | Editor - TinyMCE 3 (3.2.6) | Editor - RokPad (1.7) | Content - Example (1.0) | Plugin- YOS Ammap (1.0) | Content - Custom Page Title (1.1) | Phoca Maps Plugin (1.1.0) | Content - AllVideos Reloaded (1.2.6) | Content - Code Highlighter (Ge (1.5) | Joomfish Alternative Language (2.1.5) | Content - Load Modules (1.5) | Content - Page Navigation (1.5) | Content - Vote (1.5) | Content - Pagebreak (1.5) | Content - Email Cloaking (1.5) | Content - RokBox (1.8) | Button - Readmore (1.5) | Button - AllVideos Reloaded (1.2.6) | Button - Pagebreak (1.5) | Button - RokCandy (1.3) | Button - Image (1.0.0) | Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - OpenID (1.5) | Authentication - LDAP (1.5) | System - SEF (1.5) | System - Debug (1.5) | System - RokCandy (1.3) | Joomfish - Abstraction Layer (2.1.5) | System - AllVideos Reloaded (1.2.6) | AcyMailing : (auto)Subscribe d (1.7.2) | System - Log (1.5) | System - IE8 Compatibility (1.2) | System - Cache (1.5) | System - Mootools Upgrade (1.5) | System - Title Manager (1.0.1) | Joomfish - Basic Router (2.1.5) | System - J2XML (1.5.3.10) | System - Remember Me (1.5) | System - Legacy (1.5) | System - Backlinks (1.5) | System - RokGantry Cache (1.0) | System - RokBox (2.6) | System - RokGZipper (1.11) | Joomfish - Missing Translation (2.1.5) | XML-RPC - J2XML API (1.5.3.8) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | RokNavMenu - Boost (2.8) | RokNavMenu - Extended Link (2.8) | AcyMailing Tag : content inser (1.7.2) | AcyMailing Tag : Joomla User I (1.7.2) | AcyMailing Template Class Repl (1.7.2) | AcyMailing Manage text (1.0.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : Statistics Plugin (1.7.2) | AcyMailing : trigger Joomla Co (1.7.2) | AcyMailing Tag : Date / Time (1.7.2) | AcyMailing Tag : Manage the Su (1.7.2) | AcyMailing Tag : Subscriber in (1.7.2) | AcyMailing Tag : CB User infor (1.7.2) | AcyMailing Tag : Website links (1.7.2) |Templates Discovered :: wrote:Templates :: SITE :: rt_paradox_j15 (1.5.0) | JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | beez (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |