Site takes several minutes to load

[geoffmack]

I have a website that is taking several minutes to load. This issue happened out of the blue and was not the result of any changes to the site.

My host, MediaTemple, said the server is fine (other sites of mine are loading fine) and static files load quickly. It also looks like the database is in good shape and not overloaded.

This site was one of the thousands hacked a few months back. I think it is clean now, but can you ever really know?

Any assistance or guidance you could provided would be welcome!

Joomla 3.5.1. site:lewissommer.com (shield your eyes... it is not the prettiest site.)

[geoffmack]

I tried copying over all of the Joomla install files to see if that worked. It didn't. The site still takes several minutes to load.

Here's my FPA results:

Joomla! Instance :: Joomla! 3.5.1-Stable (Unicorn) 05-April-2016
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (644) | Owner: gystmedia.com (uid: 1/gid: 1) | Group: gystmedia.com (gid: 1) | Valid For: 3.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 4.1.4mtv20 | Technology: x86_64 | Web Server: Apache/2.2.22 | Encoding: gzip, deflate | Doc Root: /home/78299/domains/lewissommer.com/html | System TMP Writable: Yes

PHP Configuration :: Version: 5.5.31 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /nfs:/tmp:/usr/local:/etc/apache2/gs-bin | Uploads: 1 | Max. Upload Size: 20M | Max. POST Size: 20M | Max. Input Time: -1 | Max. Execution Time: 120 | Memory Limit: 99M

MySQL Configuration :: Version: 5.1.63-rel13.4 (Client:5.5.47) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 14.48 MiB | #of Tables:  103

PHP Extensions :: Core (5.5.31) | date (5.5.31) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | ldap () | mbstring () | mcrypt () | standard (5.5.31) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 15d5c781cfcad91193dceae1d2cdd127674ddb3e $) | mysqli (0.1) | mysql (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | Phar (2.0.2) | posix () | pspell () | Reflection ($Id: dc76d2fe0f3e9c327c1d4ca617d94e26c7fae98d $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: ff29fdd0fa0b922fd32e2f5704857dcc8543f628 $) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | mhash () | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: WF_FULLSCREEN_TITLE (2.5.16) | WF_STYLESELECT_TITLE (2.5.16) | WF_XHTMLXTRAS_TITLE (2.5.16) | WF_PREVIEW_TITLE (2.5.16) | WF_TEXTCASE_TITLE (2.5.16) | WF_HR_TITLE (2.5.16) | WF_INLINEPOPUPS_TITLE (2.5.16) | WF_KITCHENSINK_TITLE (2.5.16) | WF_VISUALCHARS_TITLE (2.5.16) | WF_BROWSER_TITLE (2.5.16) | WF_STYLE_TITLE (2.5.16) | WF_PRINT_TITLE (2.5.16) | WF_NONBREAKING_TITLE (2.5.16) | WF_MEDIA_TITLE (2.5.16) | WF_AUTOSAVE_TITLE (2.5.16) | WF_FONTSELECT_TITLE (2.5.16) | WF_ANCHOR_TITLE (2.5.16) | WF_ARTICLE_TITLE (2.5.16) | WF_FONTCOLOR_TITLE (2.5.16) | WF_SEARCHREPLACE_TITLE (2.5.16) | WF_DIRECTIONALITY_TITLE (2.5.16) | WF_FORMATSELECT_TITLE (2.5.16) | WF_CLIPBOARD_TITLE (2.5.16) | WF_FONTSIZESELECT_TITLE (2.5.16) | WF_VISUALBLOCKS_TITLE (2.5.16) | WF_LINK_TITLE (2.5.16) | WF_SOURCE_TITLE (2.5.16) | WF_LISTS_TITLE (2.5.16) | WF_IMGMANAGER_TITLE (2.5.16) | WF_CHARMAP_TITLE (2.5.16) | WF_CONTEXTMENU_TITLE (2.5.16) | WF_CLEANUP_TITLE (2.5.16) | WF_SPELLCHECKER_TITLE (2.5.16) | WF_LAYER_TITLE (2.5.16) | WF_TABLE_TITLE (2.5.16) | K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.5.16) | WF_POPUPS_WINDOW_TITLE (2.5.16) | WF_POPUPS_JCEMEDIABOX_TITLE (2.5.16) | WF_AGGREGATOR_DAILYMOTION_TITL (2.5.16) | WF_AGGREGATOR_[youtube]_TITLE (2.5.16) | WF_AGGREGATOR_VIMEO_TITLE (2.5.16) | WF_AGGREGATOR_VINE_TITLE (2.5.16) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.5.16) | WF_LINK_SEARCH_TITLE (2.5.16) | WF_FILESYSTEM_JOOMLA_TITLE (2.5.16) | com_wrapper (3.0.0) | com_mailto (3.0.0) |
Components :: ADMIN :: com_komento (1.8.2) | Gantry (4.1.31) | com_newsfeeds (3.0.0) | com_templates (3.0.0) | com_menus (3.0.0) | JCE (2.5.16) | Unknown (-) | Droppics (2.0.3) | Editors-xtd - Droppics (2.0.3) | K2 - droppics (2.0.3) | Content - droppics (2.0.3) | com_redirect (3.0.0) | com_search (3.0.0) | com_cpanel (3.0.0) | com_admin (3.0.0) | com_content (3.0.0) | com_finder (3.0.0) | com_contenthistory (3.2.0) | com_messages (3.0.0) | com_weblinks (3.4.1) | com_ajax (3.2.0) | com_joomlaupdate (3.0.0) | com_media (3.0.0) | com_config (3.0.0) | com_login (3.0.0) | com_modules (3.0.0) | com_tags (3.1.0) | com_cache (3.0.0) | com_categories (3.0.0) | com_installer (3.0.0) | Akeeba (4.6.1) | com_plugins (3.0.0) | com_banners (3.0.0) | RokSprocket (2.1.12) | com_languages (3.0.0) | com_postinstall (3.2.0) | RokGallery (2.41) | com_checkin (3.0.0) | com_users (3.0.0) |

Modules :: SITE :: RokSprocket Module (2.1.12) | mod_wrapper (3.0.0) | mod_stats (3.0.0) | mod_syndicate (3.0.0) | mod_custom (3.0.0) | mod_login (3.0.0) | mod_languages (3.0.0) | mod_search (3.0.0) | mod_menu (3.0.0) | mod_articles_latest (3.0.0) | mod_random_image (3.0.0) | Komento Activities (1.0.4) | mod_finder (3.0.0) | mod_articles_popular (3.0.0) | RokGallery Module (2.41) | mod_related_items (3.0.0) | mod_articles_news (3.0.0) | mod_tags_popular (3.1.0) | mod_users_latest (3.0.0) | mod_tags_similar (3.1.0) | mod_banners (3.0.0) | mod_articles_category (3.0.0) | mod_breadcrumbs (3.0.0) | mod_feed (3.0.0) | mod_whosonline (3.0.0) | mod_articles_categories (3.0.0) | mod_articles_archive (3.0.0) | mod_footer (3.0.0) | mod_weblinks (3.4.1) | Komento Comments (1.0.7) | RokNavMenu (2.0. |
Modules :: ADMIN :: mod_version (3.0.0) | mod_custom (3.0.0) | mod_feed (3.0.0) | mod_stats_admin (3.0.0) | mod_logged (3.0.0) | mod_title (3.0.0) | mod_login (3.0.0) | mod_popular (3.0.0) | mod_latest (3.0.0) | mod_toolbar (3.0.0) | mod_submenu (3.0.0) | mod_multilangstatus (3.0.0) | mod_quickicon (3.0.0) | mod_status (3.0.0) | mod_menu (3.0.0) |

Plugins :: SITE :: plg_extension_joomla (3.0.0) | User - Komento Users (1.0.0) | plg_user_joomla (3.0.0) | plg_user_contactcreator (3.0.0) | plg_user_profile (3.0.0) | Droppics - Carousel (2.0.3) | Droppics - Heapshot (2.0.3) | Droppics - Polaroid (2.0.3) | Droppics - Masonry (2.0.3) | Droppics - BxSlider (2.0.3) | plg_search_weblinks (3.4.1) | plg_search_content (3.0.0) | plg_search_categories (3.0.0) | plg_search_tags (3.0.0) | plg_search_contacts (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_authentication_joomla (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_cookie (3.0.0) | plg_installer_webinstaller (1.1.0) | plg_finder_content (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_categories (3.0.0) | plg_finder_weblinks (3.4.1) | plg_finder_tags (3.0.0) | K2 - droppics (2.0.3) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_jcefilebrowser (2.5.16) | plg_quickicon_akeebabackup (1.0) | plg_editors_codemirror (5.12) | plg_editors_tinymce (4.3.3) | Editor - RokPad (2.1.9) | plg_editors_jce (2.5.16) | System - HD-Date (1) | System - RokSprocket (2.1.12) | System - Komento (1.0) | System - RokCommon (3.2.4) | plg_system_jce (2.5.16) | System - RokBooster (1.1.15) | plg_system_debug (3.0.0) | System - RokGallery (2.41) | plg_system_cache (3.0.0) | plg_system_logout (3.0.0) | plg_system_languagecode (3.0.0) | plg_system_sef (3.0.0) | plg_system_log (3.0.0) | plg_system_stats (3.5.0) | plg_system_languagefilter (3.0.0) | plg_system_p3p (3.0.0) | plg_system_remember (3.0.0) | System - RokExtender (2.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_highlight (3.0.0) | System - RokBox (2.0.13) | System - Gantry (4.1.31) | plg_system_redirect (3.0.0) | plg_system_updatenotification (3.5.0) | plg_twofactorauth_totp (3.2.0) | plg_twofactorauth_yubikey (3.2.0) | plg_editors-xtd_module (3.5.0) | plg_editors-xtd_pagebreak (3.0.0) | Button - RokGallery (2.41) | plg_editors-xtd_image (3.0.0) | Button - RokBox (2.0.13) | Editors-xtd - Droppics (2.0.3) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_content_loadmodule (3.0.0) | plg_content_vote (3.0.0) | plg_content_finder (3.0.0) | Content - droppics (2.0.3) | plg_content_emailcloak (3.0.0) | plg_content_pagebreak (3.0.0) | plg_content_pagenavigation (3.0.0) | Content - RokBox (2.0.13) | Content - Komento (1.0) | Content - RokInjectModule (1.7) | plg_content_joomla (3.0.0) | plg_captcha_recaptcha (3.4.0) |

Templates :: SITE :: beez3 (3.1.0) | lewis_sommer (4.1.20) | rt_hadron (1.1) | protostar (1.0) | gantry (4.1.20) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |

[geoffmack]

I inspected the page with Chrome and looked at the console. There is something being loaded that I don't recognize.

jquery.min.php?c_utt=I92930&c_utm=http%3A%2F%2Fwww.lapicesdeanna.com%2Fjs%2Fjquery.min.php%3Fdefaul…:1 Uncaught SyntaxError: Unexpected token <

I have never heard of that site, lapicesdeanna.com, and my site is trying to load something from there???

Is there any to track down what is loading this file?

[Unisoftdev]

https://www.virustotal.com/en/ip-addres ... formation/

via terminal:

Code: Select all

egrep -w -R "word-1|word-2” directory-path

find and remove

[geoffmack]

Thanks! The malicious code was actually in my template's index.php file. Ouch! I've locked down permissions to that file, so hopefully it can't be edited again.

[Webdongle]

...
This site was one of the thousands hacked a few months back. I think it is clean now, but can you ever really know?...

Unless you deleted all the files and replaced with fresh ones(not backup files) then the hack is probably still on your server. Please see http://forum.joomla.org/viewtopic.php?f=714&t=757645

[Webdongle]

Thanks! The malicious code was actually in my template's index.php file. Ouch! I've locked down permissions to that file, so hopefully it can't be edited again.

Either the Template was compromised before you installed it or a script altered it. Either way you probably have other hack files/scripts on the server.

[leolam]

Not probably...This site is whacked/blacklisted forever. https://sitecheck.sucuri.net/results/lewissommer.com

@geoffmack: Your only option is to follow all steps as outlined here: http://forum.joomla.org/viewtopic.php?f=714&t=757645 and when all done request a review by Google...... (will take a few month perhaps)


Leo