Suspect compromised - reinstall help

Discussion regarding Joomla! 2.5 security issues.
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Suspect compromised - reinstall help

Postby random12 » Wed Jan 16, 2013 9:27 pm

Hello,
I suspect a site of being compromised and want to delete all files and upload the latest joomla (then replace config and upload images).
I have a few extensions installed, do I uninstall them first? Or how do you go about the extenstions I've installed, I guess the database will look for them?

Thank you

User avatar
bewebdev
Joomla! Ace
Joomla! Ace
Posts: 1017
Joined: Tue Apr 17, 2012 11:28 am
Location: Lincolnshire, UK

Re: Suspect compromised - reinstall help

Postby bewebdev » Thu Jan 17, 2013 12:03 am

see PhilD's response in this thread

viewtopic.php?f=621&t=785533

regards

@bewebdev ^AW
Joomla & Magento Specialists.
white label web talent
http://www.missingmojo.co.uk

random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Re: Suspect compromised - reinstall help

Postby random12 » Thu Jan 17, 2013 11:44 pm

Thanks,
I am getting closer - deleted all and uploaded a new joomla. Now I want to get back a few plugins. Is there any easy way to find out exactely where to put the plugin-files?

User avatar
bewebdev
Joomla! Ace
Joomla! Ace
Posts: 1017
Joined: Tue Apr 17, 2012 11:28 am
Location: Lincolnshire, UK

Re: Suspect compromised - reinstall help

Postby bewebdev » Fri Jan 18, 2013 10:39 am

random12

Plugins are usually installed using the Joomla extension manager, unless the developer of the particular plugin advises otherwise e.g. some JCE editor plugins are installed within the jce editor. However most common plugins, modules, and components are installed via the extension manager.

regards

@bewebdev ^AW
Joomla & Magento Specialists.
white label web talent
http://www.missingmojo.co.uk

random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Re: Suspect compromised - reinstall help

Postby random12 » Fri Jan 18, 2013 10:54 am

Thank you, I know that. What I meant was, since they already are installed I just need to upload the files again. So I need to know where to put them.
More info: From what I gather the database is still intact. So I deleted all files and uploaded a new Joomla. Now updated the configuration file and images and everything seems to be working. If I try to install a plugin the normal way I get an error message that the plugin is already installed. So I should just have to put the fresh files in the correct location, right?

User avatar
bewebdev
Joomla! Ace
Joomla! Ace
Posts: 1017
Joined: Tue Apr 17, 2012 11:28 am
Location: Lincolnshire, UK

Re: Suspect compromised - reinstall help

Postby bewebdev » Fri Jan 18, 2013 12:24 pm

random12

when you say plugins do you mean 'plugins' or 'module, components and plugins' as a generic meaning?

the reason why i ask is that depending on what you are trying to install, installing manually will be placed in a different directory?

regards

@bewebdev ^AW
Joomla & Magento Specialists.
white label web talent
http://www.missingmojo.co.uk

random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Re: Suspect compromised - reinstall help

Postby random12 » Sun Jan 20, 2013 10:52 am

Actually I think this applies to all non core extensions that I had installed. What I need to do is download fresh copies of the extensions unzip them and upload them to the right place. With one plugin it was very easy, all files in one folder (plugins/content/plugin-name). But does that apply to all extensions?

Missing files from extensions leads to this issue of not being able to edit articles. Maybe the extension-part could be a bit more informative in the pinned security post (simply reinstalling the normal way throws an error).

User avatar
bewebdev
Joomla! Ace
Joomla! Ace
Posts: 1017
Joined: Tue Apr 17, 2012 11:28 am
Location: Lincolnshire, UK

Re: Suspect compromised - reinstall help

Postby bewebdev » Sun Jan 20, 2013 5:06 pm

random12

looking at the instructions provided, i would have differed my approach to unistalling components using the extension manager first, by doing this you wouldn't be deleting your data, however when it came round to where you are now it would mean you could reinstall the components etc using the built in installation tool.

You will now need to as you say download fresh copies of all the components etc you had on the site, manually extract them onto your desktop and in theory uploading them via ftp they should install correctly, you may need to agree to overwrite specific files etc. I would do this in a step by step process, so upload, login, check, if successful backup move on, This way you can be sure that if something breaks your own only have to backup by one step rather than the lot.

regards

@bewebdev ^AW
Joomla & Magento Specialists.
white label web talent
http://www.missingmojo.co.uk

random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Re: Suspect compromised - reinstall help

Postby random12 » Sun Jan 20, 2013 6:53 pm

Yep, that sounds like a good approach. I suggest to update this post, and include the uninstall of 3rd party extensions.
I gather there is an installscript in each extension describing where to put the file. Any tips on where to find that? I mean it shold be easy to read the destination-folders and upload the files there.
Thanks

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 13486
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Suspect compromised - reinstall help

Postby mandville » Sun Jan 20, 2013 9:00 pm

random12 wrote:Yep, that sounds like a good approach. I suggest to update this post, and include the uninstall of 3rd party extensions.

that process is mentioned several times. and would be a matter of course if you follow the instructions
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security forums Moderator}

random12
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 101
Joined: Wed Jan 16, 2013 9:02 pm

Re: Suspect compromised - reinstall help

Postby random12 » Mon Jan 21, 2013 9:54 am

It's a great guide. For the not so gifted like myself, I think it would be improved by clearly writing: "if possible, uninstall all 3-rd party extensions" as one of the steps.


Return to “Security in Joomla! 2.5”

Who is online

Users browsing this forum: No registered users and 8 guests