The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: No administrator access
PostPosted: Tue Mar 10, 2015 9:21 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 09, 2011 8:35 am
Posts: 4
It seems our site has been hacked, and we no longer have admin access. The index.php file is no longer within the administrator site. I have read what I need to do with regards to deleting all joomla files and making a copy of the config file. However, excuse my ignorance but when reinstalling joomla and new extensions would this not make me lose all previous work? layouts? and many hours inputing data?

Again excuse my ignorance, I just need to know what I am letting myself in for before starting. Any help/advice would be greatly appreciated.

Problem Description :: Forum Post Assistant (v1.2.4) : 10th March 2015 wrote:
No administrator access
Log/Error Message :: Forum Post Assistant (v1.2.4) : 10th March 2015 wrote:
403 Forbidden
Forum Post Assistant (v1.2.4) : 10th March 2015 wrote:
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 2.5.15-Stable (Ember) 06-November-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: 11328 (uid: /gid: ) | Group: 2523 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-531.29.2.lve1.3.11.3.el5h.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/northernfootballclub.co.uk/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.36 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 32767 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: -1 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.41-cll-lve (Client:5.5.41) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 8.74 MiB | #of Tables:  261
Detailed Environment :: wrote:
PHP Extensions :: Core (5.4.36) | date (5.4.36) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bz2 () | calendar () | ctype () | curl () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | pcntl () | readline (5.4.36) | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | session () | standard (5.4.36) | shmop () | SimpleXML (0.1) | mbstring () | tokenizer (0.1) | xml () | cgi-fcgi () | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | wddx () | bcmath () | gd () | mysql (1.0) | fileinfo (1.0.5) | sockets () | zip (1.11.0) | xmlwriter (0.1) | snmp (0.1) | pgsql () | json (1.2.1) | exif (1.4 $Id: 637ebf9289b40d157fdf8edcdddeb3d907b28d9b $) | ldap () | sysvmsg () | sysvshm () | soap () | odbc (1.0) | xmlrpc (0.51) | sysvsem () | pspell () | mysqli (0.1) | imap () | dom (20031129) | pdo_sqlite (1.0.1) | Phar (2.0.1) | xmlreader (0.1) | posix () | mcrypt () | PDO_ODBC (1.0.1) | xsl (0.1) | mhash () | ionCube Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:
Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: HaniXavi/root/dev/shm/ (777) | test/app/ (777) | test/app/mejdi/ (777) | test/app/mejdi/Snd/ (777) | test/app/mejdi/Snd/rz/ (777) | test/app/mejdi/css/ (777) | test/app/mejdi/img/ (777) | test/app/mejdi/js/ (777) | test/app/mejdi/js/contrib/ (777) | test/app/mejdi/js/languages/ (777) |
Extensions Discovered :: wrote:
Components :: SITE :: com_mailto (2.5.0) | com_wrapper (2.5.0) | Default (3.0.1) | Default (3.0_Alpha1.2) |
Components :: ADMIN :: com_messages (2.5.0) | RokGallery (2.22) | com_admin (2.5.0) | com_search (2.5.0) | com_config (2.5.0) | com_banners (2.5.0) | RokSprocket (2.0.2) | com_cpanel (2.5.0) | Gantry (4.1.12) | com_media (2.5.0) | com_weblinks (2.5.0) | com_finder (2.5.0) | com_content (2.5.0) | com_modules (2.5.0) | com_menus (2.5.0) | RokCandy (2.0.0) | com_flashmagazinedeluxe (3.0.0 (build ) | com_languages (2.5.0) | com_templates (2.5.0) | com_installer (2.5.0) | com_checkin (2.5.0) | com_login (2.5.0) | com_categories (2.5.0) | com_redirect (2.5.0) | com_newsfeeds (2.5.0) | JoomSport (2.9.3) | com_users (2.5.0) | com_plugins (2.5.0) | Community (3.0.1) | Community (3.0.1) | com_cache (2.5.0) | com_joomlaupdate (2.5.0) | com_jckman (5.3) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | JTreeLink (1.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | JoomlaCK Pugin Manager Control (1.0.0 DEVELOP) |

Modules :: SITE :: Community - Dating Search (3.0.1) | mod_articles_latest (2.5.0) | mod_languages (2.5.0) | mod_articles_categories (2.5.0) | Community - Photos Module (3.0.1) | Community - Hello Me (3.0.1) | Community - Active Groups (3.0.1) | Community - Quick Search Modul (3.0.1) | mod_banners (2.5.0) | mod_weblinks (2.5.0) | Community - Latest group posts (3.0.1) | Community - JomSocial Connect (3.0.1) | Community - Photo Comments (3.0.1) | Community - Activity Stream (3.0.1) | mod_articles_category (2.5.0) | mod_breadcrumbs (2.5.0) | RokAjaxSearch (2.0.0) | mod_syndicate (2.5.0) | mod_users_latest (2.5.0) | mod_articles_popular (2.5.0) | Community - Events Module (3.0.1) | RokGallery Module (2.22) | Community - Whos Online (3.0.1) | mod_feed (2.5.0) | mod_custom (2.5.0) | mod_wrapper (2.5.0) | mod_menu (2.5.0) | Community - Latest Discussion (3.0.1) | Community - JomSocial Statisti (3.0.1) | mod_related_items (2.5.0) | mod_articles_archive (2.5.0) | mod_random_image (2.5.0) | Community - Videos Module (3.0.1) | Community - Jomsocial Notifica (3.0.1) | mod_login (2.5.0) | Flash Magazine Deluxe - Archiv (3.0.0 (build ) | mod_articles_news (2.5.0) | Community - Groups Module (3.0.1) | Community - Video Comments (3.0.1) | mod_finder (2.5.0) | mod_search (2.5.0) | Community - Members Module (3.0.1) | mod_whosonline (2.5.0) | RokNavMenu (2.0.3) | mod_footer (2.5.0) | mod_stats (2.5.0) | RokSprocket Module (2.0.2) | Community - Top Members (3.0.1) |
Modules :: ADMIN :: mod_quickicon (2.5.0) | mod_latest (2.5.0) | mod_status (2.5.0) | mod_popular (2.5.0) | mod_multilangstatus (2.5.0) | mod_feed (2.5.0) | mod_custom (2.5.0) | mod_menu (2.5.0) | mod_toolbar (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_submenu (2.5.0) | mod_version (2.5.0) | mod_title (2.5.0) | JoomlaCK Pugin Manager Control (1.0.0 DEVELOP) |

Plugins :: SITE :: Unknown (-) | Community - My Latest Videos (3.0.1) | Unknown (-) | Community - Events (3.0.1) | Community - Friend's Location (3.0.1) | Community - Latest Photos (3.0.1) | Unknown (-) | Community - Invite (3.0.1) | Unknown (-) | My twitter updates (3.0.1) | Community - Walls (3.0.1) | Kunena Groups (2.0.3) | Unknown (-) | Community - Feeds (3.0.1) | Unknown (-) | Community - My Contacts (3.0.1) | My Forum Menu (2.0.3) | Community - My Tagged Videos (3.0.1) | Unknown (-) | Community - My Articles (3.0.1) | Community - Input Processor (3.0.1) | Community - Wordfilter (3.0.1) | My Forum Posts (2.0.3) | Unknown (-) | Community - My Google Ads (3.0.1) | Community - My kunena updates (3.0.1) | plg_extension_joomla (2.5.0) | User - Jomsocial User (3.0.1) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_system_redirect (2.5.0) | plg_system_p3p (2.5.0) | System - RokSprocket (2.0.2) | plg_system_highlight (2.5.0) | System - RokBox (2.0.4) | plg_system_remember (2.5.0) | System - Jomsocial Redirect (3.0.1) | System - Gantry (4.1.12) | plg_system_sef (2.5.0) | System - RokCandy (2.0.0) | system - EUCookieDirectiveLite (1.0.9) | System - JCK Typography (3.5.0) | System - RokUpdater (1.0.8) | plg_system_languagecode (2.5.0) | Azrul System Mambot For Joomla (3.0.1) | plg_system_cache (2.5.0) | System - RokExtender (2.0.0) | Abivia.net SuperTable Plus Plu (1.8.2) | System - RokCommon (3.1.6) | plg_system_debug (2.5.0) | System - RokBooster (1.1.8) | plg_system_log (2.5.0) | plg_system_logout (2.5.0) | System - RokGallery (2.22) | System - JCK Modal (1.0) | plg_system_languagefilter (2.5.0) | Jomsocial Update (3.0.1) | System - Jomsocial Facebook Co (3.0.1) | Flash Magazine Deluxe - Button (3.0.0 (build ) | Button - RokBox (2.0.4) | Button - RokCandy (2.0.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_readmore (2.5.0) | Button - RokGallery (2.22) | plg_captcha_recaptcha (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | Editor - RokPad (2.1.5) | Editor - JoomlaCK (6.5.3) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (1.0) | Unknown (0.1) | Unknown (0.1) | System - JCK Typography (3.5.0) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | Content - RokBox (2.0.4) | Flash Magazine Deluxe - Conten (3.0.0 (build ) | plg_content_szaki_table (1.2) | plg_content_emailcloak (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - RokInjectModule (1.5) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_geshi (2.5.0) | plg_content_vote (2.5.0) | plg_content_finder (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_search_categories (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_newsfeeds (2.5.0) |
Templates Discovered :: wrote:
Templates :: SITE :: beez_20 (2.5.0) | rt_fracture (1.5) | beez5 (2.5.0) | atomic (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |


Top
 Profile  
 
PostPosted: Tue Mar 10, 2015 9:50 am 
Joomla! Ace
Joomla! Ace

Joined: Mon Nov 25, 2013 4:35 pm
Posts: 1768
Location: Montreal, Canada
Where did you read that you have to delete all your Joomla files to fix the hack?

In any case, try re-uploading the whole administrator folder to your website (don't delete the current one) and then you should clean your website from the hack and ensure that your website is secured and updated to the latest secure version of Joomla (you are running a very old version of Joomla, which is 2.5.15).

_________________
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter


Top
 Profile  
 
PostPosted: Tue Mar 10, 2015 10:00 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 09, 2011 8:35 am
Posts: 4
itoctopus wrote:
Where did you read that you have to delete all your Joomla files to fix the hack?

In any case, try re-uploading the whole administrator folder to your website (don't delete the current one) and then you should clean your website from the hack and ensure that your website is secured and updated to the latest secure version of Joomla (you are running a very old version of Joomla, which is 2.5.15).


In the sticky it says

Quote:
Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.


Am I misreading/understanding.

Thank you for the advice, I have the original administrator file at home and will try that tonight.


Top
 Profile  
 
PostPosted: Tue Mar 10, 2015 10:30 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Tue Mar 10, 2015 10:12 am
Posts: 2
you just need to upload all core files (after download a fresh version of the same version of yours) to replace core infected files.
But in you have deleted your template folder i hope you've got a backup...
All your content is contained in the database and is not deleted.
If you don't have a backup of your website try to ask your host, maybe he can reinstall a backup of your files


Top
 Profile  
 
PostPosted: Wed Mar 11, 2015 9:58 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 09, 2011 8:35 am
Posts: 4
I have tried uploading just the administrator file, but when I go to the admin login page it shows blank.

Looks like I will have to replace the core folders.

Again excuse my ignorance but Is there an easy way to back up my template? Is it as easy as copying the template folder and re-uploading?

Also I use rocketlauncher from rockettheme, would it be as easy as deleting all folders and reinstalling. Seeing as all content is kept in the database? Would I need to copy the current config file and re-upload it?


Top
 Profile  
 
PostPosted: Wed Mar 11, 2015 11:35 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12900
Location: The Girly Side of Joomla in Sussex
The instructions for deleting and replacing the core files are so that you delete any shell scripts and malware hidden.
Your install is very old.
Some of your extensions are old .
You have 777 folder permissions.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Mon Mar 16, 2015 10:47 am 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Feb 09, 2011 8:35 am
Posts: 4
mandville wrote:
The instructions for deleting and replacing the core files are so that you delete any shell scripts and malware hidden.
Your install is very old.
Some of your extensions are old .
You have 777 folder permissions.


I have done as suggested but now my website just shows a blank screen? I am quite lost as what to do next.

The 777 folder permissions are what I believe "the hack".


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 



Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group