The Joomla! Forum ™

Download

Demo


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | Next topic 
Author Message
erbi
 Post subject: Banner Syntax Changed
PostPosted: Fri Apr 20, 2012 9:03 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 29, 2010 8:53 am
Posts: 27
Hello!

My Joomla is 2.5.4 and I add banner (modul banners) and this sintax:
Code:
<a href={CLICKURL}>Click to visit</a>

But today I find this:
Code:
<a href={CLICKURL}?phpMyAdmin=NDwUuHuEkpGsMJMEvXb21iIYiM8>Click to visit</a>

Is there anybody know what is this? Is this virus, hacked, ...?

Thanky and regards,
Ervin


Last edited by imanickam on Fri Apr 20, 2012 4:30 pm, edited 1 time in total.
Split from the post http://forum.joomla.org/viewtopic.php?f=9&t=707720 (Discuss Joomla! 2.5.4 Released)


Top
 Profile  
 
PhilD
PostPosted: Sun Apr 22, 2012 3:22 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2693
Location: Wisconsin USA
If the url has indeed been changed then it looks as if you have a vulnerable extension on the site, or you have been hacked. I would follow what is below. starting with posting the generated fpa results.

It would help us to help you if before you post your security/been hacked topic

You must state what version of Joomla you are using.

It is suggested to do all of the following. Failure to follow the suggestions below may leave your site vulnerable to being hacked again in the future.


[ ] Run the Forum Post Assistant / FPA Instructions available here and are also included in the download package.

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file. Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory), and fresh copies of extensions and templates used. Upload the copy of your configuration file. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories More detail can be found in the security Checklist 7 link below.

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 and 755 and 444 for the configuration.php file.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

Note: The forum post tool will work with 1.0.x, J1.6.x, J1.7.x, 2.5.x versions of Joomla.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator
Top
 Profile  
 
erbi
PostPosted: Mon Apr 23, 2012 5:04 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 29, 2010 8:53 am
Posts: 27
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.0) : 22nd April 2012 wrote:
[13-Apr-2012 11:48:47] PHP Fatal error: Class \'softpanel\' not found in /usr/local/softaculous/cron.php on line 73
Forum Post Assistant (v1.2.0) : 22nd April 2012 wrote:
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 2.5.4-Stable (Ember) 2-April-2012
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: radiobtest (uid: 10643/gid: 2523) | Group: psacln (gid: 2523) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-238.12.1.el5.028stab091.1 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/radio-bizjak.si/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.8 | PHP API: cgi-fcgi | Session Path Writable: Unknown | Display Errors: | Error Reporting: 22517 | Log Errors To: /usr/share/php/php.log | Last Known Error: 13th April 2012 11:48:47. | Register Globals: | Magic Quotes: 1 | Safe Mode: | Open Base: .:/var/www/vhosts:/tmp:/usr/share/php:/var/cache/php-eaccelerator:/usr/share/pear:/var/lib/php/session | Uploads: 1 | Max. Upload Size: 50M | Max. POST Size: 50M | Max. Input Time: 600 | Max. Execution Time: 600 | Memory Limit: 128M

MySQL Configuration :: Version: 5.1.57-log (Client:5.1.57) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 4.38 MiB | #of _FPA_TABLE: 83
Detailed Environment :: wrote:
PHP Extensions :: Core (5.3.8) | date (5.3.8) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | pcntl () | readline () | Reflection ($Revision: 313665 $) | session () | standard (5.3.8) | shmop () | SimpleXML (0.1) | sockets () | exif (1.4 $Id: exif.c 314376 2011-08-06 14:47:44Z felipe $) | tokenizer (0.1) | xml () | cgi-fcgi () | bcmath () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | imagick (3.0.1) | imap () | json (1.2.1) | mbstring () | mcrypt () | memcache (2.2.6) | mssql () | mysql (1.0) | mysqli (0.1) | OAuth (1.2.2) | odbc (1.0) | PDO (1.0.4dev) | pdo_dblib (1.0.1) | pdo_mysql (1.0.2) | PDO_ODBC (1.0.1) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | pspell () | soap () | sysvmsg () | sysvsem () | sysvshm () | wddx () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | mhash () | eAccelerator (0.9.6-svn358-dev) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:
Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: None
Extensions Discovered :: wrote:
Components :: SITE :: com_mailto (2.5.0) | com_wrapper (2.5.0) | WF_VISUALCHARS_TITLE (2.0.21) | WF_CONTEXTMENU_TITLE (2.0.21) | WF_AUTOSAVE_TITLE (2.0.21) | WF_SPELLCHECKER_TITLE (2.0.21) | WF_LAYER_TITLE (2.0.21) | WF_NONBREAKING_TITLE (2.0.21) | WF_FULLSCREEN_TITLE (2.0.21) | WF_SOURCE_TITLE (2.0.21) | WF_CLEANUP_TITLE (2.0.21) | WF_TABLE_TITLE (2.0.21) | WF_INLINEPOPUPS_TITLE (2.0.21) | WF_PRINT_TITLE (2.0.21) | WF_TEXTCASE_TITLE (2.0.21) | WF_BROWSER_TITLE (2.0.21) | WF_MEDIA_TITLE (2.0.21) | WF_SEARCHREPLACE_TITLE (2.0.21) | WF_ARTICLE_TITLE (2.0.21) | WF_STYLE_TITLE (2.0.21) | WF_IMGMANAGER_TITLE (2.0.21) | WF_PREVIEW_TITLE (2.0.21) | WF_PASTE_TITLE (2.0.21) | WF_LINK_TITLE (2.0.21) | WF_MEDIAMANAGER_TITLE (2.0.6) | WF_XHTMLXTRAS_TITLE (2.0.21) | WF_DIRECTIONALITY_TITLE (2.0.21) | WF_LINKS_JOOMLALINKS_TITLE (2.0.21) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.0.21) | WF_FILESYSTEM_JOOMLA_TITLE (2.0.21) | WF_AGGREGATOR_VIMEO_TITLE (2.0.21) | WF_AGGREGATOR_YOUTUBE_TITLE (2.0.21) | WF_POPUPS_JCEMEDIABOX_TITLE (2.0.21) | WF_POPUPS_WINDOW_TITLE (2.0.21) |
Components :: ADMIN :: com_media (2.5.0) | XCloner-BackupandRestore (3.0.9) | com_weblinks (2.5.0) | com_admin (2.5.0) | JEvents (2.1.14) | com_newsfeeds (2.5.0) | com_cache (2.5.0) | com_login (2.5.0) | com_languages (2.5.0) | com_redirect (2.5.0) | com_installer (2.5.0) | JCE (2.0.21) | Editor - JCE (2.0.21) | Unknown (-) | com_content (2.5.0) | com_modules (2.5.0) | Proforms (Basic 1.2) | com_plugins (2.5.0) | com_users (2.5.0) | com_categories (2.5.0) | com_joomlaupdate (2.5.0) | com_finder (2.5.0) | com_checkin (2.5.0) | com_messages (2.5.0) | com_xmap (2.2.1) | com_banners (2.5.0) | com_config (2.5.0) | com_search (2.5.0) | com_templates (2.5.0) | com_cpanel (2.5.0) | com_menus (2.5.0) |

Modules :: SITE :: mod_whosonline (2.5.0) | mod_weblinks (2.5.0) | mod_search (2.5.0) | mod_footer (2.5.0) | JEvents Calendar (2.1.3) | mod_wrapper (2.5.0) | mod_finder (2.5.0) | mod_feed (2.5.0) | mod_languages (2.5.0) | mod_related_items (2.5.0) | mod_articles_category (2.5.0) | mod_custom (2.5.0) | mod_stats (2.5.0) | mod_users_latest (2.5.0) | mod_banners (2.5.0) | mod_random_image (2.5.0) | mod_articles_popular (2.5.0) | mod_breadcrumbs (2.5.0) | mod_articles_categories (2.5.0) | mod_syndicate (2.5.0) | mod_menu (2.5.0) | mod_cdlogin (2.5.x.2.0.4) | mod_login (2.5.0) | mod_weather_gk4 (GK4 1.5) | ARI YUI Menu (2.0.5) | mod_articles_latest (2.5.0) | mod_articles_news (2.5.0) | mod_articles_archive (2.5.0) |
Modules :: ADMIN :: mod_status (2.5.0) | mod_feed (2.5.0) | mod_custom (2.5.0) | mod_popular (2.5.0) | mod_quickicon (2.5.0) | mod_submenu (2.5.0) | mod_latest (2.5.0) | mod_version (2.5.0) | mod_menu (2.5.0) | mod_login (2.5.0) | mod_multilangstatus (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_logged (2.5.0) |

Plugins :: SITE :: plg_finder_content (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.4.9) | Editor - JCE (2.0.21) | plg_content_finder (2.5.0) | plg_content_josdewplayer (2.0) | plg_content_emailcloak (2.5.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_vote (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_extension_joomla (2.5.0) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | plg_user_contactcreator (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_system_highlight (2.5.0) | plg_system_cache (2.5.0) | plg_system_cdscriptegrator (2.5.x.2.1.8) | PLG_SYSTEM_NNFRAMEWORK (12.3.1) | System - SEOSimple (2.1) | plg_system_redirect (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_logout (2.5.0) | plg_system_languagecode (2.5.0) | plg_system_debug (2.5.0) | plg_system_p3p (2.5.0) | Security - jHackGuard (1.2.2) | plg_system_remember (2.5.0) | PLG_SYSTEM_MODALIZER (2.6.4) | plg_system_log (2.5.0) | plg_system_sef (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_search_content (2.5.0) | plg_search_categories (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_contacts (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | Xmap - WebLinks Plugin (2.0) | Xmap - Virtuemart Plugin (2.0.0) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - Kunena Plugin (2.0.2) | Xmap - Content Plugin (2.0.3) | Xmap - SobiPro Plugin (2.0.1) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) |
Templates Discovered :: wrote:
Templates :: SITE :: ALLROUNDER-j1.6 (1.2) | beez5 (2.5.0) | beez_20 (2.5.0) | bizjak (1.3) | atomic (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |


Last edited by mandville on Mon Apr 23, 2012 8:55 am, edited 1 time in total.
disabled smilies


Top
 Profile  
 
mandville
PostPosted: Mon Apr 23, 2012 9:03 am 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
could it be a problem with the back up restore you used or softaculous?

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
erbi
PostPosted: Mon Apr 23, 2012 9:20 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 29, 2010 8:53 am
Posts: 27
For backup I use xCloner, every day with cron, and backup only sql.
Top
 Profile  
 
mandville
PostPosted: Mon Apr 23, 2012 9:29 am 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
what does your previous sql backups say?
recreate the link without having your cpanel open. just the site page and ensure your c&p clipboard is clean

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
erbi
PostPosted: Mon Apr 23, 2012 9:51 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Aug 29, 2010 8:53 am
Posts: 27
All sql backups before 21.04.2012 is clean.
15.04.2012 my hoster copy my joomla web page into new server vith php 5.3. In old server is php 2.17.
I'm testing one week and 21.04.2012 hoster change all record (DNS) for new page and delete old page.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 


Board index » Joomla! 2.5 - Ask Support Questions Here » Security in Joomla! 2.5

Who is online

Users browsing this forum: leolam, Slackervaara and 11 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group