I've just downloaded a backup of a 1.5 site with a view to migrating it to a new Joomla version, but appears we left it too long!
My virus scanner picked up on a trojan file geopic.php. I've now deleted this from the server but I've discovered a lot of rogue files in the root folder, containing this code with various URLs:
Code: Select all
<?php
$urls = array (
'http://realworkathomegooglejobs.com/indexer.php?a=269321&c=job&s=4j27z',
);
$n = mt_rand(0,count($urls) - 1);
$rand_url = $urls[$n];
?>
<meta http-equiv="refresh" content="1; url=<?php echo $rand_url;?> ">
This is a large site, otherwise I'd probably play safe and start with a fresh installation and copy data across manually, but it would really help if I could use the database. Having said that, I know the database structure is completely different after 1.5 so I don't know if I'll be able to do that anyway.
Any advice would be really helpful from someone who has more experience with these kind of problems. This is only the second time I've had to deal with a hacked site.
Thanks in advance
Jennie