My Site Hacked

[mhehm]

Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: amirgolsefidi (uid: 1/gid: 1) | Group: amirgolsefidi (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: 0 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-471.3.1.el5.lve0.8.72 | Technology: x86_64 | Web Server: Apache mod_fcgid/2.3.5 | Encoding: | Doc Root: /hsphere/local/home/amirgolsefidi/moviemag.ir | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 6135 | Log Errors To: /hsphere/local/var/httpd/logs/php_error.log | Last Known Error: | Register Globals: 0 | Magic Quotes: 0 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 45M | Max. POST Size: 50M | Max. Input Time: 60 | Max. Execution Time: 60 | Memory Limit: 64M

MySQL Configuration :: Connection Error: 2005:Unknown MySQL server host '67.22.140.250:3306' (3) ( may not be an error, check with host for remote access requirements. ) : Database Credentials Present? in Configuration...

PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | ctype () | dba () | dom (20031129) | filter (0.11.0) | ftp () | gd () | gettext () | hash (1.0) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | posix () | Reflection (0.1) | session () | SimpleXML (0.1) | SPL (0.2) | sockets () | standard (5.2.17) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | cgi-fcgi () | bcmath () | calendar () | curl () | dbase () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | fileinfo (0.1) | gmp () | htscanner (1.0.0) | iconv () | imap () | SourceGuardian (9.0.4) | ldap () | mailparse (2.1.5) | mysql (1.0) | mysqli (0.1) | odbc (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | pspell () | soap () | SQLite (2.0-dev) | xmlrpc (0.51) | zip (1.8.11) | ionCube Loader () | Zend Optimizer () | Zend Engine (2.2.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: Default (1.0.0) | Blueface (2.6.2) | Blackout (2.6.2) | Bubble (2.6.2) | Default (2.6.2) | User (1.5.0) | MailTo (1.5.0) | Wrapper (1.5.0) | WF_FORMATSELECT_TITLE (2.4.2) | WF_CONTEXTMENU_TITLE (2.4.2) | WF_AUTOSAVE_TITLE (2.4.2) | WF_PREVIEW_TITLE (2.4.2) | WF_VISUALCHARS_TITLE (2.4.2) | WF_IMGMANAGER_TITLE (2.4.2) | WF_NONBREAKING_TITLE (2.4.2) | WF_INLINEPOPUPS_TITLE (2.4.2) | WF_DIRECTIONALITY_TITLE (2.4.2) | WF_PRINT_TITLE (2.4.2) | WF_KITCHENSINK_TITLE (2.4.2) | WF_ANCHOR_TITLE (2.4.2) | WF_BROWSER_TITLE (2.4.2) | WF_TABLE_TITLE (2.4.2) | WF_ARTICLE_TITLE (2.4.2) | WF_SOURCE_TITLE (2.4.2) | WF_LISTS_TITLE (2.4.2) | WF_CHARMAP_TITLE (2.4.2) | WF_MEDIAMANAGER_TITLE (2.0.13) | WF_SEARCHREPLACE_TITLE (2.4.2) | WF_FONTCOLOR_TITLE (2.4.2) | WF_LINK_TITLE (2.4.2) | WF_STYLESELECT_TITLE (2.4.2) | WF_CLIPBOARD_TITLE (2.4.2) | WF_FONTSIZESELECT_TITLE (2.4.2) | WF_LAYER_TITLE (2.4.2) | WF_XHTMLXTRAS_TITLE (2.4.2) | WF_MEDIA_TITLE (2.4.2) | WF_FULLSCREEN_TITLE (2.4.2) | WF_VISUALBLOCKS_TITLE (2.4.2) | WF_STYLE_TITLE (2.4.2) | WF_SPELLCHECKER_TITLE (2.4.2) | WF_CLEANUP_TITLE (2.4.2) | WF_TEXTCASE_TITLE (2.4.2) | WF_FONTSELECT_TITLE (2.4.2) | WF_TEMPLATEMANAGER_TITLE (2.0.5) | WF_AGGREGATOR_[youtube]_TITLE (2.4.2) | WF_AGGREGATOR_VIMEO_TITLE (2.4.2) | WF_AGGREGATOR_VINE_TITLE (2.4.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.2) | WF_POPUPS_WINDOW_TITLE (2.4.2) | WF_LINK_SEARCH_TITLE (2.4.2) | K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.4.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.4.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.2) |
Components :: ADMIN :: Menus Manager (1.5.0) | PhocaGallery (2.8.1) | Default (1.0.0) | JomSocial (2.6.2) | Media Manager (1.5.0) | Frontpage (1.5.0) | RSSall (1.0) | Module Manager (1.5.0) | Mass Mail (1.5.0) | JoomlaStats (3.0.4.715 dev) | Weblinks (1.5.0) | JComments (2.3.0) | Installation Manager (1.5.0) | Contact Items (1.0.0) | Search (1.5.0) | com_kunena (2.0.4) | Kunena (2.0.4) | plg_system_kunena (-) | plg_system_kunena (2.0.4) | System - Kunena Forum (2.0.4) | plg_kunena_community (2.0.4) | Kunena - JomSocial Integration (2.0.4) | plg_quickicon_kunena (2.0.4) | Kunena - Joomla Integration (2.0.4) | plg_finder_kunena (2.0.4) | plg_kunena_joomla (2.0.4) | plg_kunena_kunena (2.0.4) | Kunena - Kunena Integration (2.0.4) | plg_kunena_gravatar (2.0.4) | Kunena - Gravatar Integration (2.0.4) | plg_kunena_comprofiler (2.0.4) | Kunena - CommunityBuilder Inte (2.0.4) | plg_kunena_finder (2.0.1) | plg_kunena_uddeim (2.0.4) | Kunena - UddeIM Integration (2.0.4) | plg_kunena_alphauserpoints (2.0.4) | Kunena - AlphaUserPoints Integ (2.0.4) | Kunena Menu (2.0.4) | mod_kunenamenu (2.0.4) | Polls (1.5.0) | Frontend User Article List (2.0b) | Translations Manager (1.5.2) | Template Manager (1.5.0) | Xmap (1.2.14) | Contacts Plugin (1.0.1) | Web Links Plugin (1.5.1) | Phoca Gallery (1.0.0) | Content Plugin (1.5.1) | Plugin Manager (1.5.0) | Newsfeeds (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Banners (1.5.0) | Configuration Manager (1.5.0) | JCE (2.4.2) | JCE (2.4.2) | Unknown (-) | ninjaXplorer (1.0.7) | Language Manager (1.5.0) | Content Page (1.5.0) | Admintools (2.2.10) | Control Panel (1.5.0) | Cache Manager (1.5.0) | Messaging (1.5.0) | Akeeba (3.4.3) |

Modules :: SITE :: Articles Listing (1.1.3) | Archived Content (1.5.0) | Login (1.5.0) | JComments Latest (3.0.3) | Activity Stream (2.6.2) | Who\'s Online (1.0.0) | S5 Register (1.5.0) | Kunena Latest (2.0.3) | Animate on hover (3.1a) | S5 Box (2.0.0) | Poll (1.5.0) | Breadcrumbs (1.5.0) | Statistics (1.5.0) | Yj Newsflash Ultimate (1.0) | S5 Live Search (1.0) | Feed Display (1.5.0) | Syndicate (1.5.0) | Footer (1.5.0) | Related Items (1.0.0) | JoomlaStats Activation (3.0.1.581 dev) | Frontpage SlideShow (by Joomla (2.8) | JComments Latest (2.5.4) | Sections (1.5.0) | Banner (1.5.0) | Ninja Clicky (2.0.0) | Most Read Content (1.5.0) | Menu (1.5.0) | Wrapper (1.0.0) | Random Image (1.5.0) | Latest Discussion (2.6.2) | Newsflash (1.5.0) | S5 Accordion Menu (1.5.0) | Latest News (1.5.0) | Search (1.0.0) | Custom HTML (1.5.0) | Phoca Gallery Category (1.5.0) | Phoca Gallery Image Module (2.7.5) | Sliding caption gallery (1.4.5) |
Modules :: ADMIN :: Admin Submenu (1.0.0) | Login Form (1.0.0) | Quick Icons (1.0.0) | User Status (1.5.0) | Admin Tools Joomla! Upgrade No (svn746) | Admin Tools Joomla! Upgrade No (2.2.9) | Title (1.0.0) | Popular Items (1.0.0) | Items Stats (1.0.0) | Feed Display (1.5.0) | Footer (1.0.0) | Online Users (1.0.0) | Unread Items (1.0.0) | Latest News (1.0.0) | Toolbar (1.0.0) | Admin Menu (1.0.0) | Logged in Users (1.0.0) | JCE File Browser (2.4.2) | Akeeba Backup Notification Mod (3.4.3) | Custom HTML (1.5.0) |

Plugins :: SITE :: Editor Button - JComments OFF (1.0) | Editor Button - JComments ON (1.0) | Button - Phoca Gallery (2.7.1) | Editor Button - My Photos (2.6.2) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | JComments - Avatar (3.8) | AcyMailing Tag : Date / Time (1.5.2) | AcyMailing Tag : Website links (1.5.2) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : content inser (1.5.2) | AcyMailing Template Class Repl (1.5.2) | AcyMailing Tag : Manage the Su (1.5.2) | AcyMailing Tag : CB User infor (1.5.2) | AcyMailing Tag : Joomla User I (1.5.2) | AcyMailing : Statistics Plugin (1.5.2) | AcyMailing : trigger Joomla Co (1.5.2) | AcyMailing Tag : Subscriber in (1.5.2) | Paste (1.5.1) | Image Manager (1.5.2) | File Browser (1.5.0 Stable) | Advanced Code Editor (1.5.0) | Paste (1.5.0) | Object Support (1.5.1) | Joomla! Links for Advanced Lin (1.2.0) | Advanced Link (1.5.1) | SpellChecker (2.0.0) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Editor - JCE (2.4.2) | Search - JComments (1.0) | Search - Categories (1.5) | Phoca Gallery Search Plugin (2.7.1) | Search - Weblinks (1.5) | Search - Content (1.5) | Search - Kunena (2.0.1) | Search - Contacts (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Content - Load Modules (1.5) | Content - VOTItaly (JOOMItaly) (1.2) | JoomlaXTC Countdown plugin (1.0.1) | Content - JComments (1.0) | پلاگین به اشتراک (1.1.0) | Content - Example (1.0) | Phoca Gallery Plugin (2.7.7) | Content - AllInOne (1.0) | Content - Auto banner (1.0) | Content - Email Cloaking (1.5) | Content - Related Articles Tag (1.3) | Content - Page Navigation (1.5) | Content - Vote (1.5) | Content - Code Highlighter (Ge (1.5) | Content - ExtraVote (1.4) | Content - Pagebreak (1.5) | System - osolCaptcha (1.0.6) | System - JCE MediaBox (1.1.17) | System - System Restore Points (3.4.3) | Jomsocial Update (2.6.2) | System - Log (1.5) | JCE Utilities (2.1.7) | System - One Click Action (1.0) | System - SEF (1.5) | Shape 5 - IE 6 Browser Warning (2.5) | System - Cache (1.5) | System - JComments (1.0) | System - Remember Me (1.5) | Azrul System Mambot For Joomla (2.6.2) | System - Legacy (1.5) | System - Admin Tools Update Em (1.0) | System - Backlinks (1.5) | System - Zend Lib (1.11.4) | Akeeba Backup Lazy Scheduling (3.3) | Shape 5 CSS and JS Compressor (1.0) | System - Admin Tools (2.2.9) | System - Joomla! Update Email (1.0) | System - Unicode Slugs (1.1) | System - Mootools Upgrade (1.5) | System - JCH_Optimize (1.3.4) | System - Kunena Forum (2.0.4) | System - Akeeba Backup Update (1.0) | jomsocialredirect (2.6.2) | System - Debug (1.5) | System - Jomsocial Facebook Co (2.6.2) | Authentication - Joomla (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Kunena - Joomla Integration (2.0.4) | Kunena - Gravatar Integration (2.0.4) | Kunena - JomSocial Integration (2.0.4) | Kunena - Kunena Integration (2.0.4) | Unknown (-) | Log (2.6.2) | MyBlog Toolbar (2.6.2) | Unknown (-) | Friend's Location (2.6.2) | My twitter updates (2.6.2) | Kunena Groups (2.0.1) | My Forum Posts (2.0.1) | MyBlog (2.6.2) | Unknown (-) | Events (2.6.2) | My Contacts (2.6.2) | Unknown (-) | My Articles (2.6.2) | My Tagged Videos (2.6.2) | Unknown (-) | Latest Photos (2.6.2) | Wordfilter (2.6.2) | hwdVideoShare (2.1.1 Build 2) | Input Processor (2.6.2) | My Latest Videos (2.6.2) | Walls (2.6.2) | Unknown (-) | My Forum Menu (2.0.1) | Events (2.6.2) | Feeds (2.6.2) | My kunena updates (2.6.2) | Invite (2.6.2) | User - Joomla! (1.5) | User - JComments (1.0) | User - Example (1.0) | User - Jomsocial User (2.6.2) |

Templates :: SITE :: Youshows (1.0) |
Templates :: ADMIN :: Khepri (1.0) |

[Bernard T]

You have pretty old Joomla on pretty old hosting server. I warmly suggest you move up with newer Joomla version and up to date server.

I don't know if you upgraded Joomla and extension before or after the hack.

For restoration you could try to follow this instructions:

1. Preparation
   • Note which version of Joomla you have. Download the "Joomla Full Install" package for this version. (we will upgrade later)
   • Also note which 3rd party extensions you have installed.
   • Review Vulnerable Extensions List to make sure any 3rd party extensions versions used don't appear on the Live Vulnerable list. If they do, note them and don't install them, search for alternative extension.
   • Download all 3rd party extensions packages in versions that are currently used. (we will upgrade later)
   • Review and action Security Checklist 7. Ensure you follow all of the steps stated.
2. Backup and remove all Website Files
   • Save a copy of the configuration.php file to your PC.
   • Delete ALL files in your Joomla installation. This is ONLY the files and directories in the joomla_root/ directory NOT the database!
   • Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Security Checklist 7 contains a list or recommended scanners.
   • Change all passwords and if possible user names for the website host control panel.
   • Change the Joomla database user name and password.
   • Use proper permissions on files and directories.
     • They should never be 777,
     • Use 644 for files and 755 for directories.
     • The configuration.php file can be set to 444 which is read only.
   • Check your .htaccess for for any odd code (i.e. code which is not in the standard htaccess.txt supplied as part of the Joomla installation).
   • Check the crontab or Task Scheduler for unexpected jobs/tasks.
   • Ensure you do not have anonymous FTP enabled.
   • Verify individually that any non-Joomla file that will be placed back on the website (such as, but not limited to, images, pdf files, files for download, and other documents and files) are valid and are supposed to be a part of your website.
3. Install the clean Joomla - the same version you had until now (we will upgrade later)
   • Extract/copy the Joomla files to your FTP root folder
   • Create a NEW database and install without sample data to it
   • Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
   • Edit the configuration.php file of the new Joomla to connect to your original database. (we installed some moments ago to new database, you can delete it thereafter)
4. Update Joomla and extensions
   • Make a backup
   • update your Joomla to the current stable version
   • update all extensions of your site to the current version (skip those that you found on Live VEL and don't have appropriate updates)
5. Reinstate the deleted files
   • Upload any non-Joomla files (images, movies, download documents etc.) that are necessary for your website.

IMPORTANT
Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the back-doors that may have been inserted and hidden in various files and directories.
More detailed information can be found in the security Checklist 7 link above.

[dpacadmin]

This plugin in your Site Plugins list looks out of place;
| پلاگین به اشتراک (1.1.0) |

[mhehm]

Thank you,
I will update my site to joomla 3.