HaCked !!!

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
bhushan5841
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Jan 27, 2015 5:47 am

Re: HaCked by [kudos] !!!

Post by bhushan5841 » Tue Jan 27, 2015 6:23 am

snowrat wrote:Ok, understood
Can anyone help with protection against various hacks, be it plugins that actually work or otherwise in these instances?
I am in same problem dude. I am owning a website name wordpress site
and it have been hacked 3 times. Using jhoomla can you tell me how I will be more secure.
Last edited by mandville on Tue Jan 27, 2015 12:17 pm, edited 2 times in total.
Reason: replaced
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: HaCked by [kudos] !!!

Post by mandville » Tue Jan 27, 2015 12:18 pm

bhushan5841 wrote:Using jhoomla can you tell me how I will be more secure.
as you are using a wordpress site have you asked them how you were hacked. it is not always about using the right cms, it is also about setting things up right
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
snowrat
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 133
Joined: Mon Dec 03, 2012 5:19 pm

Re: HaCked !!!

Post by snowrat » Tue Jan 27, 2015 1:26 pm

Feel like I am going around in circles here!
Deleted hacked site.
made new account with singel site in it.
Installed J 3.3.6
Installed extensions and updated them.
Deleted new databse and used config to connect to old clean copy from back up.
Site seemed to be working well but keep getting errors.
Myjoomla.com connector gets to 90% or so and then gets internal server error, no response I believe.
Editing at front end won't save. have reinstalled both JCE and JCK editors and tried both.
Images won't open in highside effect or joomla squeezebox.

Just realised no .htaccess so have fixed that. Can anyone spot anything that may help. thanks?

Here is my fpa result...
Problem Description :: Forum Post Assistant (v1.2.4) : 27th January 2015 wrote:Had hack still problems after 'clean' install
Log/Error Message :: Forum Post Assistant (v1.2.4) : 27th January 2015 wrote:Internal server error
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 27th January 2015 wrote:I installed 3.3.6 and added extensions, updated extensions. Then linked to new databse (clean old copy, but getting various errors.
Joomla reporting 2 installations.
Editing cannto save in front end view.
Forum Post Assistant (v1.2.4) : 27th January 2015 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.3.6-Stable (Ember) 01-October-2014
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: croslandheath (uid: 1/gid: 1) | Group: croslandheath (gid: 1) | Valid For: 3.3
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-498.el5.lve0.8.80xen | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /hsphere/local/home/croslandheath/croslandheath.co.uk | System TMP Writable: Yes

PHP Configuration :: Version: 5.5.11 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 30709 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 256M | Max. POST Size: 256M | Max. Input Time: 120 | Max. Execution Time: 120 | Memory Limit: 256M

MySQL Configuration :: Version: 5.1.68-cll-lve (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: bf9ad53b11c9a57efdb1057292d73b928b8c5c77 $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 28.52 MiB | #of Tables: 110
Detailed Environment :: wrote:PHP Extensions :: Core (5.5.11) | date (5.5.11) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | bz2 () | ctype () | dba () | dom (20031129) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | hash (1.0) | json (1.2.1) | mbstring () | mcrypt () | SPL (0.2) | PDO (1.0.4dev) | posix () | Reflection ($Id: 31d836a7ac92a37b5c580836d91ad4736fe2f376 $) | session () | SimpleXML (0.1) | sockets () | standard (5.5.11) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: bf9ad53b11c9a57efdb1057292d73b928b8c5c77 $) | cgi-fcgi () | bcmath () | calendar () | curl () | exif (1.4 $Id$) | gmp () | htscanner (1.0.1) | iconv () | imap () | ldap () | mysql (1.0) | mysqli (0.1) | odbc (1.0) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | shmop () | soap () | sqlite3 (0.7-dev) | xmlrpc (0.51) | zip (1.11.0) | mhash () | ionCube Loader () | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

Elevated Permissions (First 10) :: cache/ (777) | components/ (777) | libraries/ (777) | modules/ (777) | plugins/ (777) | plugins/authentication/ (777) | plugins/captcha/ (777) | plugins/extension/ (777) | plugins/system/ (777) | plugins/user/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: com_mailto (3.0.0) | com_wrapper (3.0.0) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.6) | WF_LINKS_JOOMLALINKS_TITLE (2.4.6) | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.6) | WF_POPUPS_WINDOW_TITLE (2.4.6) | WF_LINK_SEARCH_TITLE (2.4.6) | WF_FILESYSTEM_JOOMLA_TITLE (2.4.6) | WF_AGGREGATOR_[youtube]_TITLE (2.4.6) | WF_AGGREGATOR_VIMEO_TITLE (2.4.6) | WF_AGGREGATOR_VINE_TITLE (2.4.6) | WF_LAYER_TITLE (2.4.6) | WF_PREVIEW_TITLE (2.4.6) | WF_ANCHOR_TITLE (2.4.6) | WF_DIRECTIONALITY_TITLE (2.4.6) | WF_PRINT_TITLE (2.4.6) | WF_TABLE_TITLE (2.4.6) | WF_IMGMANAGER_TITLE (2.4.6) | WF_CLIPBOARD_TITLE (2.4.6) | WF_VISUALBLOCKS_TITLE (2.4.6) | WF_SOURCE_TITLE (2.4.6) | WF_CHARMAP_TITLE (2.4.6) | WF_FONTSELECT_TITLE (2.4.6) | WF_NONBREAKING_TITLE (2.4.6) | WF_STYLESELECT_TITLE (2.4.6) | WF_SPELLCHECKER_TITLE (2.4.6) | WF_TEXTCASE_TITLE (2.4.6) | WF_CLEANUP_TITLE (2.4.6) | WF_INLINEPOPUPS_TITLE (2.4.6) | WF_FULLSCREEN_TITLE (2.4.6) | WF_LINK_TITLE (2.4.6) | WF_ARTICLE_TITLE (2.4.6) | WF_LISTS_TITLE (2.4.6) | WF_FONTSIZESELECT_TITLE (2.4.6) | WF_SEARCHREPLACE_TITLE (2.4.6) | WF_XHTMLXTRAS_TITLE (2.4.6) | WF_BROWSER_TITLE (2.4.6) | WF_FORMATSELECT_TITLE (2.4.6) | WF_AUTOSAVE_TITLE (2.4.6) | WF_FONTCOLOR_TITLE (2.4.6) | WF_CONTEXTMENU_TITLE (2.4.6) | WF_KITCHENSINK_TITLE (2.4.6) | WF_MEDIA_TITLE (2.4.6) | WF_VISUALCHARS_TITLE (2.4.6) | WF_STYLE_TITLE (2.4.6) |
Components :: ADMIN :: com_config (3.0.0) | com_postinstall (3.2.0) | com_categories (3.0.0) | com_templates (3.0.0) | com_media (3.0.0) | com_tags (3.1.0) | com_plugins (3.0.0) | com_users (3.0.0) | com_cpanel (3.0.0) | com_banners (3.0.0) | com_finder (3.0.0) | com_installer (3.0.0) | com_menus (3.0.0) | com_contenthistory (3.2.0) | com_joomlaupdate (3.0.0) | com_newsfeeds (3.0.0) | COM_EASYFRONTENDSEO (3-3) | Admintools (3.4.3) | com_content (3.0.0) | com_login (3.0.0) | com_redirect (3.0.0) | com_admin (3.0.0) | com_weblinks (3.0.0) | com_messages (3.0.0) | com_checkin (3.0.0) | JCE (2.4.6) | Unknown (-) | com_languages (3.0.0) | com_ajax (3.2.0) | com_modules (3.0.0) | com_search (3.0.0) | Akeeba (4.1.1) | com_cache (3.0.0) |

Modules :: SITE :: mod_users_latest (3.0.0) | mod_random_image (3.0.0) | mod_whosonline (3.0.0) | mod_footer (3.0.0) | BT Google Maps (2.0.4) | mod_weblinks (3.0.0) | ARI Image Slider (2.1.11) | ARI Image Slider (2.1.11) | mod_stats (3.0.0) | mod_articles_latest (3.0.0) | mod_tags_similar (3.1.0) | mod_articles_categories (3.0.0) | mod_articles_archive (3.0.0) | mod_breadcrumbs (3.0.0) | WDS Twitter Widget (1.2) | mod_banners (3.0.0) | mod_articles_popular (3.0.0) | MOD_ITPFBLIKEBOX (1.7) | mod_tags_popular (3.1.0) | mod_search (3.0.0) | mod_feed (3.0.0) | ARTICLES_PLACED_ANYWHERE (1.1.2) | mod_menu (3.0.0) | Optimized FB Like Box (3.3.0) | mod_login (3.0.0) | mod_articles_news (3.0.0) | mod_related_items (3.0.0) | mod_finder (3.0.0) | mod_syndicate (3.0.0) | mod_wrapper (3.0.0) | mod_custom (3.0.0) | mod_articles_category (3.0.0) | mod_languages (3.0.0) |
Modules :: ADMIN :: mod_logged (3.0.0) | mod_toolbar (3.0.0) | mod_version (3.0.0) | mod_feed (3.0.0) | mod_menu (3.0.0) | mod_stats_admin (3.0.0) | mod_submenu (3.0.0) | mod_latest (3.0.0) | mod_quickicon (3.0.0) | mod_title (3.0.0) | mod_login (3.0.0) | mod_popular (3.0.0) | mod_custom (3.0.0) | mod_status (3.0.0) | mod_multilangstatus (3.0.0) |

Plugins :: SITE :: plg_extension_joomla (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_joomla (3.0.0) | plg_system_cache (3.0.0) | plg_system_languagefilter (3.0.0) | plg_system_p3p (3.0.0) | PLG_EASYFRONTENDSEO (3-3) | plg_system_logout (3.0.0) | manage.myJoomla.com Secure Plu (n/a) | plg_system_highlight (3.0.0) | plg_system_sef (3.0.0) | PLG_SYS_BYEBYEGENERATOR (1.11) | plg_system_log (3.0.0) | plg_system_redirect (3.0.0) | plg_system_debug (3.0.0) | plg_system_languagecode (3.0.0) | plg_system_cupdater (1.0) | plg_system_remember (3.0.0) | System - Asynchronous Tracking (1.8) | System - Admin Tools (3.4.3) | plg_user_profile (3.0.0) | plg_user_contactcreator (3.0.0) | plg_user_joomla (3.0.0) | plg_captcha_recaptcha (3.0.0) | plg_twofactorauth_totp (3.2.0) | plg_twofactorauth_yubikey (3.2.0) | plg_search_tags (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_weblinks (3.0.0) | plg_search_contacts (3.0.0) | plg_search_categories (3.0.0) | plg_search_content (3.0.0) | plg_installer_webinstaller (1.0.5) | plg_finder_tags (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_weblinks (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_categories (3.0.0) | plg_finder_content (3.0.0) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_jcefilebrowser (2.4.6) | plg_editors_tinymce (4.1.2) | plg_editors_jce (2.4.6) | plg_editors_codemirror (3.15) | plg_content_loadmodule (3.0.0) | plg_content_vote (3.0.0) | plg_content_finder (3.0.0) | plg_content_pagenavigation (3.0.0) | plg_content_emailcloak (3.0.0) | plg_content_joomla (3.0.0) | plg_content_pagebreak (3.0.0) | smartresizer (1.18 J25-30) |
Templates Discovered :: wrote:Templates :: SITE :: 365 (1.0) | protostar (1.0) | beez3 (3.1.0) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |
Top
User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 17443
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: HaCked !!!

Post by toivo » Tue Jan 27, 2015 2:35 pm

Before you go live, the directory permissions should be fixed. Akeeba has a good writeup about it and you seem to have AdminTools installed already: https://www.akeebabackup.com/documentat ... sions.html

The error_reporting option in PHP is set to 30709, or:

Code: Select all

E_ALL & ~(E_NOTICE | E_WARNING | E_STRICT)
You could display or log the errors into the PHP error log. The following setting for error_reporting in PHP returns the numeric value 22517:

Code: Select all

E_ALL & ~(E_NOTICE | E_WARNING | E_STRICT | E_DEPRECATED)
Toivo Talikka, Global Moderator
Top
User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2637
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:
Contact JAVesey

Re: HaCked !!!

Post by JAVesey » Tue Jan 27, 2015 5:03 pm

snowrat wrote:Can anyone spot anything that may help. thanks?
Start by correcting those "777" folder permissions.

Folders should be "755", files "644" and, if you like, configuration.php can be "444".
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Top
snowrat
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 133
Joined: Mon Dec 03, 2012 5:19 pm

Re: HaCked !!!

Post by snowrat » Thu Jan 29, 2015 5:32 pm

Made those changes, just working through the code errors after the upgrade to 3.3.6
Top
User avatar
darb
Joomla! Hero
Joomla! Hero
Posts: 2042
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden

Re: HaCked !!!

Post by darb » Tue Feb 17, 2015 10:57 am

Tips about this advice you got:
Check you computer and others that have ftp/admin/super admin access
This could be that your own computer is infected and make your ftp client automatically upload files into your directories. This also can come from you have installed some warez software on your computer. And also dont use warez Joomla extensions bcs then you are asking for problems..
Top
Locked

Return to “Security in Joomla! 3.x”