RewriteRule ^(.*)$ http://xx.ru/in.cgi?4 [R=301,L]
I updated to Joomla 2.5.3 using the patch, and then woke up this morning to see the htaccess had been hacked again. Since then I've updated my FTP password details and am scanning my computer now.
Next thing will be to go through the vulnerable extensions list and extract the 2.5.3 full package to the account.
If anyone could help out with what I could do to clean this out that would be great.
Here's the FPA output: (I replaced the username with XXX)
Problem Description :: Forum Post Assistant (v1.2.0) : 31st March 2012 wrote:htaccess hacked http://xx.ru/in.cgi?4
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.0) : 31st March 2012 wrote:[31-Mar-2012 12:05:09 UTC] PHP Warning: date() [<a href=\'function.date\'>function.date</a>]: It is not safe to rely on the system\'s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected \'Antarctica/Macquarie\' for \'EST/10.0/no DST\' instead in /home/XXX/public_html/fpa-en.php on line 486
Actions Taken To Resolve by Forum Post Assistant (v1.2.0) 31st March 2012 wrote:Updated to latest Joomla. Re-created htaccess file and set permissions to 444
Forum Post Assistant (v1.2.0) : 31st March 2012 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.3-Stable (Ember) 15-March-2012
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: XXX (uid: 512/gid: 509) | Group: XXX (gid: 509) | Valid For: 1.7 and above
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.18-274.17.1.el5xen | Technology: x86_64 | Web Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_fcgid/2.3.6 | Encoding: gzip,deflate,sdch | Doc Root: /home/XXX/public_html | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.10 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: error_log | Last Known Error: 31st March 2012 23:06:58. | Register Globals: 1 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 4M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.1.61-log (Client:5.1.61) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 36.24 MiB | #of _FPA_TABLE: 284Detailed Environment :: wrote:PHP Extensions :: Core (5.3.10) | date (5.3.10) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.10) | Phar (2.0.1) | posix () | Reflection ($Revision: 321634 $) | imap () | SimpleXML (0.1) | sockets () | exif (1.4 $Id: exif.c 321634 2012-01-01 13:15:04Z felipe $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (Cloud/Grid): No
Potential Ownership Issues: MaybeFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) :: NoneDatabase Information :: wrote:Database _FPA_STATS :: Uptime: 1272935 | Threads: 2 | Questions: 26424962 | Slow queries: 36 | Opens: 3778739 | Flush tables: 1 | Open tables: 64 | Queries per second avg: 20.759 |Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (2.5.0) | Bubble (2.6.0) | Blackout (2.6.0) | Default (2.6.0) | Blueface (2.6.0) | WF_AGGREGATOR_VIMEO_TITLE (2.0.20) | WF_AGGREGATOR_[youtube]_TITLE (2.0.20) | WF_LINKS_JOOMLALINKS_TITLE (2.0.20) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.0.20) | WF_FILESYSTEM_JOOMLA_TITLE (2.0.20) | WF_POPUPS_WINDOW_TITLE (2.0.20) | WF_POPUPS_JCEMEDIABOX_TITLE (2.0.20) | WF_MEDIA_TITLE (2.0.20) | WF_PREVIEW_TITLE (2.0.20) | WF_TABLE_TITLE (2.0.20) | WF_CLEANUP_TITLE (2.0.20) | WF_NONBREAKING_TITLE (2.0.20) | WF_SPELLCHECKER_TITLE (2.0.20) | WF_LAYER_TITLE (2.0.20) | WF_INLINEPOPUPS_TITLE (2.0.20) | WF_LINK_TITLE (2.0.20) | WF_SOURCE_TITLE (2.0.20) | WF_PASTE_TITLE (2.0.20) | WF_CONTEXTMENU_TITLE (2.0.20) | WF_TEXTCASE_TITLE (2.0.20) | WF_DIRECTIONALITY_TITLE (2.0.20) | WF_AUTOSAVE_TITLE (2.0.20) | WF_SEARCHREPLACE_TITLE (2.0.20) | WF_BROWSER_TITLE (2.0.20) | WF_FULLSCREEN_TITLE (2.0.20) | WF_XHTMLXTRAS_TITLE (2.0.20) | WF_IMGMANAGER_TITLE (2.0.20) | WF_STYLE_TITLE (2.0.20) | WF_VISUALCHARS_TITLE (2.0.20) | WF_ARTICLE_TITLE (2.0.20) | WF_PRINT_TITLE (2.0.20) | com_mailto (2.5.0) |
Components :: ADMIN :: com_jaextmanager (1.1.2) | Admintools (2.2.0) | com_admin (2.5.0) | COM_ADVANCEDMODULES (2.2.16) | Akeeba (3.4.3) | com_media (2.5.0) | Magic Zoom Plus (v4.4.8 [v1.0.) | Magic Zoom Plus module for Joo (v4.4.8 [v1.0.) | K2 (2.5.1) | com_installer (2.5.0) | com_modules (2.5.0) | com_plugins (2.5.0) | com_cpanel (2.5.0) | VirtueMart_allinone (-) | com_finder (2.5.0) | eXtplorer (2.1.0RC5) | JReviews (2.3.18.212) | com_jreviews (2.3.18.212) | JomSocial (2.6.0) | com_templates (2.5.0) | VIRTUEMART (-) | ECB Currency Converter (1.0) | com_categories (2.5.0) | com_users (2.5.0) | ChronoForms (4.0 RC3.11) | Editor - JCE (2.0.20) | JCE (2.0.20) | Unknown (-) | com_config (2.5.0) | com_checkin (2.5.0) | com_login (2.5.0) | com_menus (2.5.0) | Joomailer Mailchimp Signup (1.9) | com_languages (2.5.0) | JoomailerMailchimpIntegration (1.7.2) | COM_NONUMBERMANAGER (2.6.10) | Unknown (-) | com_redirect (2.5.0) | com_weblinks (2.5.0) | com_messages (2.5.0) | com_content (2.5.0) | Modules (1.5.0) | Components (1.5.0) | K2 (1.5. | JomSocial (1.5. | Menus (1.5.0) | Web Links (1.5.1) | News Feeds (1.5.1) | Content (1.5.3) | Plugins (1.5.0) | Users (1.5.0) | Banners (1.5.1) | com_acesearch (2.5.0) | AdAgency (3.0.15) | com_search (2.5.0) | com_cache (2.5.0) | com_s2framework (1.4.14.72) | S2Framework (1.4.14.72) | com_banners (2.5.0) | com_newsfeeds (2.5.0) |
Modules :: SITE :: AceSearch (1.5.0) | JReviews Directories Module (2.3) | Dating Search (2.6.0) | MailChimp Signup (1.7) | GeoMaps Module (2.3) | mod_syndicate (2.5.0) | Active Groups (2.6.0) | JReviews Favorite Users Module (2.3) | JReviews Listings Module (2.3) | mod_articles_archive (2.5.0) | mod_search (2.5.0) | Jomsocial Notification (2.6.0) | Latest group walls (2.2.4) | K2 User (2.5.1) | Top Members (2.6.0) | Simple Featured VM Products (0.1) | Ad Agency Menu (3.0.0) | mod_articles_news (2.5.0) | mod_custom (2.5.0) | Latest Discussion (2.6.0) | mod_languages (2.5.0) | Ad Agency Zone (3.0.3) | mod_wrapper (2.5.0) | mod_banners (2.5.0) | mod_virtuemart_search (2.0.0RC3) | Online Users (2.6.0) | Video Comments (2.6.0) | K2 Comments (2.5.1) | mod_virtuemart_manufacturer (2.0.0RC3) | mod_articles_category (2.5.0) | JReviews Reviews Module (2.3) | JReviews Fields Module (2.3) | mod_stats (2.5.0) | K2 Users (2.5.1) | mod_articles_categories (2.5.0) | mod_login (2.5.0) | VirtueMart Shopping Cart (2.0.0RC3) | JomSocial Statistics (2.6.0) | Latest Members (2.6.0) | JomSocial Connect (2.6.0) | K2 Content (2.5.1) | mod_articles_latest (2.5.0) | jReviews Advanced Search Modul (2.3) | mod_related_items (2.5.0) | Latest group posts (2.6.0) | mod_virtuemart_product (2.0.0RC3) | Dropdown MegaMenu (1.0.1) | Photo Comments (2.6.0) | mod_menu (2.5.0) | mod_whosonline (2.5.0) | Upcoming Events (2.6.0) | mod_footer (2.5.0) | JReviews Range Module (2.3) | mod_breadcrumbs (2.5.0) | mod_finder (2.5.0) | Hello Me (2.6.0) | Activity Stream (2.6.0) | mod_articles_popular (2.5.0) | mod_users_latest (2.5.0) | mod_virtuemart_category (2.0.0RC3) | mod_virtuemart_currencies (2.0.0RC3) | JReviews Totals Module (2.3) | mod_feed (2.5.0) | Magic Zoom Plus module for Joo (v4.4.8 [v1.0.) | mod_random_image (2.5.0) | K2 Tools (2.5.1) | K2 Login (2.5.1) | User Anywhere (0.1) | mod_weblinks (2.5.0) |
Modules :: ADMIN :: K2 QuickIcons (admin) (2.5.1) | mod_status (2.5.0) | mod_popular (2.5.0) | mod_version (2.5.0) | mod_multilangstatus (1.7.1) | mod_latest (2.5.0) | mod_custom (2.5.0) | mod_toolbar (2.5.0) | AceSearch - Quick Icons (1.5.0) | RSFinder (1.0.0) | MailChimp Stats (1.1) | K2 Stats (admin) (2.5.1) | mod_login (2.5.0) | Akeeba Backup Notification Mod (3.4.3) | Admin Tools Joomla! Upgrade No (2.2.0) | mod_menu (2.5.0) | mod_title (2.5.0) | mod_quickicon (2.5.0) | mod_logged (2.5.0) | mod_feed (2.5.0) | mod_submenu (2.5.0) | AceSearch (1.5.0) |
Plugins :: SITE :: Editor - JCE (2.0.20) | plg_editors_tinymce (3.4.7) | plg_editors_codemirror (1.0) | plg_extension_joomla (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_content (2.5.0) | System - Joomla! Update Email (1.0) | plg_system_debug (2.5.0) | plg_system_redirect (2.5.0) | System - System Restore Points (3.4.3) | System - Jomsocial Facebook Co (2.6.0) | plg_system_remember (2.5.0) | iJoomlaUpgradeAlert (1.0) | iJoomla News (1.0.1) | plg_system_log (2.5.0) | plg_system_p3p (2.5.0) | Akeeba Backup Lazy Scheduling (3.3) | plg_system_logout (2.5.0) | JA T3 Framework (1.5.0) | PLG_SYSTEM_SOURCERER (2.11.3) | System - Akeeba Backup Update (1.0) | plg_system_languagecode (2.5.0) | PLG_SYSTEM_ADVANCEDMODULES (2.2.16) | System - K2 (2.5.1) | Button - JA Typography (1.1.2) | System - Admin Tools (2.2.0) | System - JB Library (1.2.1) | System - Zend Lib (1.11.4) | plg_system_highlight (2.5.0) | PLG_SYSTEM_MODULESANYWHERE (1.13.3) | System - Megamenu Framework (1.0.0) | plg_system_sef (2.5.0) | Azrul System Mambot For Joomla (2.6.0) | System - RSFinder (1.2.0) | Jomsocial Update (2.6.0) | System - Force Password Change (2.0) | System - joomlamailer MailChim (1.9) | plg_system_languagefilter (2.5.0) | System - One Click Action (1.0) | PLG_SYSTEM_NNFRAMEWORK (12.1.6) | plg_system_cache (2.5.0) | jomsocialredirect (2.6.0) | System - freakedout Mailchimp (1.0) | System - Admin Tools Update Em (1.0) | plg_captcha_recaptcha (2.5.0) | VMPAYMENT_PAYPAL (2.0.1) | VMPAYMENT_STANDARD (2.0.1) | VM - Payment, PayZen (1.2) | VM Payment - authorize.net AIM (2.0.1) | VMCustom - textinput (1.9. | VMCustom - specification (2.0.0RC3) | VMCUSTOM_STOCKABLE (1.9. | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_weblinks (2.5.0) | Search - K2 (2.5.1) | plg_search_content (2.5.0) | plg_search_virtuemart (1.5) | Input Processor (2.6.0) | Eventlist (2.2.4) | Unknown (-) | My Contacts (2.6.0) | Walls (2.6.0) | Unknown (-) | My twitter updates (2.6.0) | Unknown (-) | Events (2.6.0) | Events (2.6.0) | JomComment (2.2.4) | My Listings (2.3) | System (2.2.4) | Wordfilter (2.6.0) | MyBlog (2.6.0) | joomlamailer (1.0) | Unknown (-) | Feeds (2.6.0) | Allvideo (2.2.4) | Invite (2.6.0) | My Google Ads (2.6.0) | Unknown (-) | Log (2.6.0) | Editor - My Photos (2.2.4) | My Articles (2.6.0) | Friend's Location (2.6.0) | My Reviews (2.3) | My Tagged Videos (2.6.0) | Unknown (-) | Latest Photos (2.6.0) | Input Link (2.2.4) | Nice Talk (2.2.4) | Unknown (-) | My Latest Videos (2.6.0) | Unknown (-) | MyBlog Toolbar (2.6.0) | My Favorites (2.3) | plg_content_finder (2.5.0) | AllVideos (by JoomlaWorks) (4.4) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | JReviews (2.3.16) | plg_content_emailcloak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_pagebreak (2.5.0) | chronoforms (V4 RC2.0) | plg_content_vote (2.5.0) | plg_content_pagenavigation (2.5.0) | VMSHIPMENT_WEIGHT_COUNTRIES (2.0.1) | plg_user_contactcreator (2.5.0) | plg_user_profile (2.5.0) | User - K2 (2.5.1) | User - Jomsocial User (2.6.0) | plg_user_joomla (2.5.0) | plg_editors-xtd_readmore (2.5.0) | Button - Sourcerer (2.11.3) | plg_editors-xtd_image (2.5.0) | PLG_EDITORS-XTD_MODULESANYWHER (1.13.3) | plg_editors-xtd_article (2.5.0) | Editor Button - My Photos (2.6.0) | plg_editors-xtd_pagebreak (2.5.0) | Authentication - Master User (1.1.1) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) |Templates Discovered :: wrote:Templates :: SITE :: beez_20 (2.5.0) | ciyl (0.1) | digiflip-default-17 (1.0) | atomic (2.5.0) | ja_t3_blank (1.0.7) | beez5 (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |