Problems with site generating spam emails
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Enthusiast
- Posts: 210
- Joined: Wed Jan 06, 2010 2:19 pm
Problems with site generating spam emails
It seems that the account on my VPS has been compromised and the system is sending out spam emails, and the script that is generating this spam is located in public_html/tmp/javascript98.php. This is probably because Joomla version 2.5 has numerous security vulnerabilities but my question is whether it is possible to remove or replace this file without causing problems with the site. I don't really want to upgrade to another version at the moment as the site is quite heavy.
Last edited by toivo on Thu Jan 07, 2016 10:18 am, edited 1 time in total.
Reason: mod note: moved to 2.5 Security
Reason: mod note: moved to 2.5 Security
-
- Joomla! Virtuoso
- Posts: 4025
- Joined: Mon Nov 25, 2013 4:35 pm
- Location: Montreal, Canada
- Contact:
Re: Problems with site generating spam emails
You should secure your website if you don't want to update it. In any case, deleting this file shouldn't affect your website, unless there is a core file "requiring" this file. I suggest you rename the file, check your website (after emptying the cache) and then delete the file if everything goes well. If it doesn't go well, then you should find where that file is being called from.
There are no guarantees that removing this file will clean your website or fix the problem. Additionally, the problem will definitely return unless you apply the latest security patches and all the security best practices.
There are no guarantees that removing this file will clean your website or fix the problem. Additionally, the problem will definitely return unless you apply the latest security patches and all the security best practices.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter
https://twitter.com/itoctopus - Follow us on Twitter
-
- Joomla! Enthusiast
- Posts: 210
- Joined: Wed Jan 06, 2010 2:19 pm
Re: Problems with site generating spam emails
Hi itoctopus, thanks for the reply. Looking at the files in the backend of my installation and it's a mess. The tmp file is full of .php files marked as .suspected. Can I empty the tmp file, are any of these required for the system to work?
- toivo
- Joomla! Master
- Posts: 17443
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Problems with site generating spam emails
Files in the tmp folder can be deleted. However, the question is how those files got there and which vulnerability allowed them to the created in the first place. Were the files perhaps moved by your host from other folders or did the hacker post them to the tmp folder directly?
Follow the instructions in this sticky post at the 2.5 Security forum: http://forum.joomla.org/viewtopic.php?f=621&t=582854
You should also plan to upgrade to a supported version of Joomla.
Follow the instructions in this sticky post at the 2.5 Security forum: http://forum.joomla.org/viewtopic.php?f=621&t=582854
You should also plan to upgrade to a supported version of Joomla.
Toivo Talikka, Global Moderator
-
- Joomla! Enthusiast
- Posts: 210
- Joined: Wed Jan 06, 2010 2:19 pm
Re: Problems with site generating spam emails
I am trying to resolve this with my host but they are not very responsive. There were over a 100,000 files in the public_html directory alone! I see that a lot of other files and directories have been created since the middle of December 2015, is this a good indication of the files I should target?
-
- Joomla! Virtuoso
- Posts: 4025
- Joined: Mon Nov 25, 2013 4:35 pm
- Location: Montreal, Canada
- Contact:
Re: Problems with site generating spam emails
First you will need to block access to the website, you will the need to clean it, and then you will need to allow access to it. It's really hard to clean the website in your case without temporarily blocking access to it.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter
https://twitter.com/itoctopus - Follow us on Twitter
-
- Joomla! Enthusiast
- Posts: 210
- Joined: Wed Jan 06, 2010 2:19 pm
Re: Problems with site generating spam emails
Hi, I am taking the website down for a few hours to remove some of the files identified as suspect. Has anyone seen these files/folders before - josefte, jeylors, lookuper, uboners, runnerks
Regards
Regards
- toivo
- Joomla! Master
- Posts: 17443
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Problems with site generating spam emails
No.Has anyone seen these files/folders before - josefte, jeylors, lookuper, uboners, runnerks
Toivo Talikka, Global Moderator
-
- Joomla! Enthusiast
- Posts: 210
- Joined: Wed Jan 06, 2010 2:19 pm
Re: Problems with site generating spam emails
Thanks, I guess therefore these files are not required by Joomla and can be deleted
Regards
Regards
- Bernard T
- Joomla! Guru
- Posts: 782
- Joined: Thu Jun 29, 2006 11:44 am
- Location: Hrvatska
- Contact:
Re: Problems with site generating spam emails
How can you be sure you will find all of the malicious files all by yourself? If you miss only one of them your website will get hacked again.
Please follow the proper cleanup instructions in the topic that Toivo already linked
Please follow the proper cleanup instructions in the topic that Toivo already linked
VEL Team || Security Forum || PHP/Web Security Specialist || OWASP member
JAMSS author http://forum.joomla.org/viewtopic.php?f=621&t=777957
Twitter: @toplak
JAMSS author http://forum.joomla.org/viewtopic.php?f=621&t=777957
Twitter: @toplak