My website send spam !

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
halloy
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Sep 05, 2011 9:42 am

My website send spam !

Post by halloy » Mon Sep 29, 2014 12:35 pm

Hi everybody, I'm sorry, I'm french ... I hope my english isn't too bad ...

Since a few days, my host stop the function mail of my website because it sends thousends spam. Effetivly, the website was hacked, I found a lot of bad files, unknow users, unknow admin ... I delete the bad files, the users, I changed the password and the login of the backend of the site, I changed the password of the database and the ftp ... But always the website sends spam ... And I always find into the directory "log" a php file from foxcontact with blocked mails because using bad words...

Now i need help because I've a lot of white hairs !!!

Please, can you help me ?

Thanks a lot !!
Problem Description :: Forum Post Assistant (v1.2.4) : 29th September 2014 wrote:My website send spam
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 29th September 2014 wrote:captcha, antispam
Forum Post Assistant (v1.2.4) : 29th September 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.24-Stable (Ember) 25-July-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: 3881 (uid: /gid: ) | Group: 100 (gid: ) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.45+nuxit-squeeze-grsec | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate | Doc Root: /web/facadiercavanie/cds-informatik | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.27 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.31-MariaDB-1~wheezy (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 12.65 MiB | #of Tables:  88
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.27) | date (5.3.27) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | session () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | standard (5.3.27) | SimpleXML (0.1) | soap () | Phar (2.0.1) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Strict Information Privacy was selected. Nothing to display.
Templates Discovered :: wrote:_FPA_STRICT Information Privacy Nothing to display.
Top
itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4025
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:
Contact itoctopus

Re: My website send spam !

Post by itoctopus » Mon Sep 29, 2014 1:55 pm

You will need to check your logs (Apache logs) to see which file (or extension) is sending the spam.

Deleting the files that you found and the users is not enough. You will need to clean the whole website.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: My website send spam !

Post by mandville » Mon Sep 29, 2014 9:00 pm

please report your fpa with less restrictions so we can see your extensions
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
halloy
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Sep 05, 2011 9:42 am

Re: My website send spam !

Post by halloy » Tue Sep 30, 2014 10:33 am

Hi and thanks for your help
The new fpa report with less restrictions :
Forum Post Assistant (v1.2.4) : 30th September 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.24-Stable (Ember) 25-July-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: 3881 (uid: /gid: ) | Group: 3881 (gid: ) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32.60+nuxit-grsec | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate | Doc Root: /web/facadiercavanie/cds-informatik | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.27 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.31-MariaDB-1~wheezy (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 12.70 MiB | #of Tables:  88
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.27) | date (5.3.27) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | session () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | standard (5.3.27) | SimpleXML (0.1) | soap () | Phar (2.0.1) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database _FPA_STATS :: Uptime: 25917887 | Threads: 7 | Questions: 30861483579 | Slow queries: 176084 | Opens: 145389471 | Flush tables: 308 | Open tables: 20480 | Queries per second avg: 1190.740 |
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (2.5.0) | WF_LINKS_JOOMLALINKS_TITLE (2.4.3) | WF_FILESYSTEM_JOOMLA_TITLE (2.4.3) | WF_LINK_SEARCH_TITLE (2.4.3) | WF_AGGREGATOR_VIMEO_TITLE (2.4.3) | WF_AGGREGATOR_VINE_TITLE (2.4.3) | WF_AGGREGATOR_[youtube]_TITLE (2.4.3) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.3) | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.3) | WF_POPUPS_WINDOW_TITLE (2.4.3) | WF_MEDIA_TITLE (2.4.3) | WF_SOURCE_TITLE (2.4.3) | WF_SPELLCHECKER_TITLE (2.4.3) | WF_ANCHOR_TITLE (2.4.3) | WF_NONBREAKING_TITLE (2.4.3) | WF_BROWSER_TITLE (2.4.3) | WF_TEXTCASE_TITLE (2.4.3) | WF_FONTCOLOR_TITLE (2.4.3) | WF_ARTICLE_TITLE (2.4.3) | WF_PREVIEW_TITLE (2.4.3) | WF_STYLE_TITLE (2.4.3) | WF_PRINT_TITLE (2.4.3) | WF_FONTSELECT_TITLE (2.4.3) | WF_IMGMANAGER_TITLE (2.4.3) | WF_FULLSCREEN_TITLE (2.4.3) | WF_SEARCHREPLACE_TITLE (2.4.3) | WF_KITCHENSINK_TITLE (2.4.3) | WF_CONTEXTMENU_TITLE (2.4.3) | WF_CLIPBOARD_TITLE (2.4.3) | WF_FORMATSELECT_TITLE (2.4.3) | WF_AUTOSAVE_TITLE (2.4.3) | WF_STYLESELECT_TITLE (2.4.3) | WF_CHARMAP_TITLE (2.4.3) | WF_LAYER_TITLE (2.4.3) | WF_CLEANUP_TITLE (2.4.3) | WF_LISTS_TITLE (2.4.3) | WF_VISUALBLOCKS_TITLE (2.4.3) | WF_INLINEPOPUPS_TITLE (2.4.3) | WF_XHTMLXTRAS_TITLE (2.4.3) | WF_VISUALCHARS_TITLE (2.4.3) | WF_DIRECTIONALITY_TITLE (2.4.3) | WF_TABLE_TITLE (2.4.3) | WF_LINK_TITLE (2.4.3) | WF_FONTSIZESELECT_TITLE (2.4.3) | com_mailto (2.5.0) |
Components :: ADMIN :: Akeeba (3.11.4) | com_messages (2.5.0) | com_media (2.5.0) | com_weblinks (2.5.0) | Unknown (-) | JCE (2.4.3) | com_languages (2.5.0) | com_login (2.5.0) | com_joomlaupdate (2.5.0) | com_newsfeeds (2.5.0) | com_redirect (2.5.0) | com_installer (2.5.0) | com_content (2.5.0) | com_cpanel (2.5.0) | com_categories (2.5.0) | com_plugins (2.5.0) | com_users (2.5.0) | com_banners (2.5.0) | com_templates (2.5.0) | com_search (2.5.0) | com_admin (2.5.0) | com_checkin (2.5.0) | com_modules (2.5.0) | Fox Contact Joomla 1.5 (-) | COM_FOXCONTACT (2.0.19) | com_finder (2.5.0) | com_config (2.5.0) | com_menus (2.5.0) | com_cache (2.5.0) |

Modules :: SITE :: mod_finder (2.5.0) | Fox Contact (2.0.19) | mod_articles_categories (2.5.0) | mod_articles_category (2.5.0) | mod_articles_latest (2.5.0) | mod_languages (2.5.0) | mod_search (2.5.0) | mod_template_selector (1.8.0) | mod_whosonline (2.5.0) | mod_wrapper (2.5.0) | mod_related_items (2.5.0) | mod_breadcrumbs (2.5.0) | mod_users_latest (2.5.0) | mod_feed (2.5.0) | mod_weblinks (2.5.0) | mod_menu (2.5.0) | mod_custom (2.5.0) | mod_articles_news (2.5.0) | mod_login (2.5.0) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | mod_syndicate (2.5.0) | Custom HTML advanced (JTricks. (1.0) | mod_stats (2.5.0) | mod_footer (2.5.0) | mod_articles_archive (2.5.0) | mod_random_image (2.5.0) |
Modules :: ADMIN :: mod_multilangstatus (2.5.0) | mod_logged (2.5.0) | mod_title (2.5.0) | mod_submenu (2.5.0) | mod_feed (2.5.0) | mod_menu (2.5.0) | mod_quickicon (2.5.0) | mod_version (2.5.0) | mod_toolbar (2.5.0) | mod_latest (2.5.0) | mod_custom (2.5.0) | mod_login (2.5.0) | mod_popular (2.5.0) | mod_status (2.5.0) |

Plugins :: SITE :: plg_content_joomla (2.5.0) | plg_content_vote (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_finder (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_geshi (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_categories (2.5.0) | plg_editors_jce (2.4.3) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_search_content (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_contacts (2.5.0) | plg_search_categories (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_system_remember (2.5.0) | plg_system_p3p (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_templateselector (1.8.0) | plg_system_cache (2.5.0) | plg_system_debug (2.5.0) | plg_system_logout (2.5.0) | plg_system_sef (2.5.0) | plg_system_redirect (2.5.0) | plg_system_highlight (2.5.0) | manage.myJoomla.com Secure Plu (n/a) | plg_system_languagecode (2.5.0) | plg_system_log (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_extension_joomla (2.5.0) | plg_quickicon_jcefilebrowser (2.4.3) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez5 (2.5.0) | AutoSave2 (1.1) | ProjetSiteMoi5 (1.1) | beez_20 (2.5.0) | cds_informatikc (1.1) | AutoSave (1.1) | cds_informatikb (1.1) | cds_informatikd (1.1) | jtouch25 (2.5.25) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: My website send spam !

Post by mandville » Tue Sep 30, 2014 10:53 am

Joomla. Out of date
Fox contact out of date.
Thats for starters
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
Locked

Return to “Security in Joomla! 2.5”