Problem Description :: Forum Post Assistant (v1.2.7) : 19th May 2016 wrote:Hacked site
Hello, I'm new with Joomla, and last few days I tried to google solution, and read here on this forum, but i can't find solution for now.Forum Post Assistant (v1.2.7) : 19th May 2016 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.3.6-Stable (Ember) 01-October-2014
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (644) | Owner: ftp2670732 (uid: 1/gid: 1) | Group: site2670732 (gid: 1) | Valid For: 3.3
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 1 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-604.16.2.lve1.3.54.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/.sites/563/site2670732/web | System TMP Writable: Yes
PHP Configuration :: Version: 5.6.20 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: E_ALL & ~E_NOTICE | Log Errors To: /var/log/httpd/php.log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /home/.sites/563/site2670732/web:/home/.sites/563/site2670732/tmp:/usr/share/pear | Uploads: 1 | Max. Upload Size: 200M | Max. POST Size: 200M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 75M
MySQL Configuration :: Version: 5.5.49 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 67.23 MiB | #of Tables: 316Detailed Environment :: wrote:PHP Extensions :: Core (5.6.20) | date (5.6.20) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (2.0) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.6.20) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | mysqli (0.1) | mysql (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.2) | posix () | Reflection ($Id: fbcf7a77ca8e3d4cd7501de8025235b947b8240f $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: f94e075e5a1ebe5108ef2729498d2f198df3c078 $) | suhosin (0.9.38) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.12.5) | cgi-fcgi () | mhash () | Zend Engine (2.6.0) |
Potential Missing Extensions ::
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) :: components/ (777) | components/com_weblinks/api/ (777) | docindexer/ (777) | engine/ (777) | engine/cache2fd4382af12289bcf3a50e7a58539221/ (777) | kickstart/ (777) | templates/darland/ (777) | templates/darland/cached16ccfc9bc3fced6a5f9d210020d8192/ (777) | templates/darland/html/mod_search/ (777) | templates/darland/html/mod_search/bb52f78d9b6c60d7765529d182ea4b28/ (777) |Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | K2 Links for JCE Link (2.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_TEXTCASE_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_ANCHOR_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | CB Mamblog Tab (1.2) | Yanc Integration (1.2) | AcyMailing CB Plugin (1.2) | CB Profile Pro (1.0) | CB Mambo Author Tab (1.2) | com_mailto (3.0.0) |
Components :: ADMIN :: com_content (3.0.0) | com_easybookreloaded (2.5-5) | com_config (3.0.0) | JE Testimonial (3.0.2) | Akeeba (4.6.1) | AcyMailing Editor (5.2.0) | AcyMailing : Handle Click trac (5.2.0) | AcyMailing : (auto)Subscribe d (5.2.0) | AcyMailing: override Joomla ma (5.2.0) | JEvents (3.0.13) | uddeIM (3.4) | com_messages (3.0.0) | com_cpanel (3.0.0) | Spider FAQ (1.3) | com_newsfeeds (3.0.0) | JiFile (2.3) | com_search (3.0.0) | com_admin (3.0.0) | com_plugins (3.0.0) | com_postinstall (3.2.0) | com_banners (3.0.0) | Unknown (-) | JCE (2.3.4.4) | com_users (3.0.0) | com_cbprofilepro (4.0.0) | com_categories (3.0.0) | com_contenthistory (3.2.0) | com_redirect (3.0.0) | Admintools (3.6.8) | com_login (3.0.0) | COM_MATUKIO (2.1.10) | Notice board (1.0) | com_ajax (3.2.0) | com_media (3.0.0) | com_weblinks (3.0.0) | com_seminarman (2.10.2) | com_joomlaupdate (3.0.0) | com_pbbooking (2.4.0.4) | jDownloads (1.9.2.3 Beta) | com_modules (3.0.0) | com_cache (3.0.0) | com_phocamaps (3.0.0 Beta) | com_rseventspro (1.0.0) | comprofiler (1.9.1) | comprofiler (1.9.1) | com_menus (3.0.0) | com_tags (3.1.0) | templateck (2.1.11) | jfusion Language Package de-DE (1.8) | com_jfusion (1.8.0-000) | com_finder (3.0.0) | mod_kunenamenu (3.0.5) | plg_system_kunena (-) | plg_kunena_gravatar (3.0.5) | plg_finder_kunena (3.0.5) | plg_kunena_joomla (3.0.5) | plg_kunena_uddeim (3.0.5) | plg_kunena_comprofiler (3.0.5) | plg_kunena_community (3.0.5) | plg_kunena_kunena (3.0.5) | plg_kunena_alphauserpoints (3.0.5) | plg_kunena_finder (3.0.5) | com_kunena (3.0.5) | com_checkin (3.0.0) | Doc Indexer (1.5.0) | com_installer (3.0.0) | com_languages (3.0.0) | com_templates (3.0.0) |
Modules :: SITE :: mod_users_latest (3.0.0) | mod_menu (3.0.0) | mod_syndicate (3.0.0) | mod_random_image (3.0.0) | mod_login (3.0.0) | Speed Up Manager (3.2) | CB Online (1.9) | News Show SP2 (2.9) | JFusion Whos Online Module (1.8.0-000) | mod_footer (3.0.0) | System - Google Maps (3.2) | mod_tags_similar (3.1.0) | mod_banners (3.0.0) | Planyo.com online reservation (2.3) | Susnet Facebook Like Box (1.0.7) | AcyMailing Module (3.7.0) | mod_articles_popular (3.0.0) | JEvents View Switcher (3.0.13) | mod_search (3.0.0) | DB Show (0.9) | mod_matukio (2.1.10) | MyPuzzle Sudoku (1.1.0) | mod_tags_popular (3.1.0) | Notice board general (1.02) | mod_articles_archive (3.0.0) | mod_custom (3.0.0) | mod_articles_latest (3.0.0) | JEvents Legend (3.0.13) | mod_wrapper (3.0.0) | Latest JEvents (3.0.13) | mod_weblinks (3.0.0) | mod_languages (3.0.0) | MOD_VISITORCOUNTER (3-3) | Spider FAQ Lite (2.2.1) | mod_articles_news (3.0.0) | JEvents Calendar (3.0.13) | mod_related_items (3.0.0) | mod_finder (3.0.0) | JFusion Login Module (1.8.0-000) | mod_stats (3.0.0) | mod_articles_category (3.0.0) | JFusion User Activity Module (1.8.0-000) | JFusion Activity Module (1.8.0-000) | MOD_DB8SITELASTMODIFIED (2.6) | mod_seminarman_schedule (1.1.3) | mod_breadcrumbs (3.0.0) | uddeIM Notifier (3.4) | mod_articles_categories (3.0.0) | CB Login (1.9.1) | mod_whosonline (3.0.0) | Freetobook Widget (1.0.0) | mod_sw_kbirthday (1.9.0) | CB Workflows (1.9.1) | mod_feed (3.0.0) | mod_accordionfaq (3.0.4) | Sj Basic News (3.0) | JEvents Filter (3.0.13) | Birthday List (1.0.0) | MOD_RSEVENTSPRO_ATTENDEES (1.0) | MOD_SEMINARMAN_CALENDAR (1.2.5) |
Modules :: ADMIN :: mod_status (3.0.0) | mod_menu (3.0.0) | mod_latest (3.0.0) | mod_login (3.0.0) | MOD_VISITORCOUNTER_BACKEND_INF (3-3) | mod_stats_admin (3.0.0) | mod_version (3.0.0) | mod_custom (3.0.0) | mod_popular (3.0.0) | mod_multilangstatus (3.0.0) | mod_ccc_matukio_icons (2.1.10) | mod_submenu (3.0.0) | mod_ccc_matukio_overview (2.1.10) | mod_toolbar (3.0.0) | mod_quickicon (3.0.0) | mod_ccc_matukio_promotion (2.1.10) | mod_ccc_matukio_update (2.1.10) | mod_logged (3.0.0) | mod_feed (3.0.0) | mod_title (3.0.0) | mod_ccc_matukio_newsfeed (2.1.10) |
Plugins :: SITE :: plg_search_weblinks (3.0.0) | plg_search_seminarman_courses (1.0.3) | Search - Doc Indexer (1.0) | plg_search_tags (3.0.0) | plg_search_contacts (3.0.0) | plg_search_content (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_seminarman_tutors (1.0.3) | Search - JEvents (3.0.13) | plg_search_categories (3.0.0) | Search - JiFile (2.1) | plg_search_seminarman_categori (1.0.3) | plg_editors_tinymce (4.1.2) | plg_editors_codemirror (3.15) | plg_editors_jce (2.3.4.4) | AcyMailing Editor (5.2.0) | plg_seminarman_pdflist (1.0.2) | plg_seminarman_smanprices (1.2.1) | OSG Seminarman Advanced Bookin (1.4RC4) | plg_installer_webinstaller (1.0.5) | plg_content_emailcloak (3.0.0) | plg_content_loadmodule (3.0.0) | plg_content_vote (3.0.0) | plg_content_pagenavigation (3.0.0) | GJFields - a set of additional (1.0.27) | PLG_CONTENT_AUTOREADMORE_TITLE (4.0.7) | plg_content_vouchnote (1.0) | plg_content_joomla (3.0.0) | plg_content_finder (3.0.0) | plg_content_pagebreak (3.0.0) | Content - Load Spider FAQ (1.3) | Include Content Item (3.0.12) | plg_kunena_uddeim (3.0.5) | plg_kunena_kunena (3.0.5) | plg_kunena_gravatar (3.0.5) | plg_kunena_joomla (3.0.5) | plg_kunena_alphauserpoints (3.0.5) | plg_kunena_comprofiler (3.0.5) | plg_kunena_community (3.0.5) | AcyMailing Tag : VirtueMart in (4.9.3) | AcyMailing Tag : Subscriber in (5.2.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Tag : Date / Time (5.2.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Call To Actio (1.1.2) | AcyMailing Tag : Manage the Su (5.2.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : CB User infor (3.7.1) | AcyMailing Template Class Repl (5.2.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : Joomla User I (5.2.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing : Inbox actions (5.2.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Geolocation : Tag a (5.2.0) | AcyMailing : Handle Click trac (5.2.0) | AcyMailing Tag : Insert a Modu (5.2.0) | plg_editors-xtd_cbppmagicwindo (1.1.0) | PLG_EDITORS-XTD_TOOLTIPS (3.7.9FREE) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_editors-xtd_vouchbutton (-) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_extension_joomla (3.0.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_captcha_recaptcha (3.0.0) | plg_finder_weblinks (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_content (3.0.0) | plg_finder_jevents (3.0.13) | plg_finder_newsfeeds (3.0.0) | plg_finder_categories (3.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_redirect (3.0.0) | AcyMailing: override Joomla ma (5.2.0) | PLG_SYSTEM_TOOLTIPS (3.7.9FREE) | RSEvents!Pro Offline payment (1.0.0) | plg_system_p3p (3.0.0) | System - Admin Tools (3.6.8) | plg_system_debug (3.0.0) | eorisis_jquery (1.2.2) | plg_system_languagefilter (3.0.0) | AcyMailing : Handle Click trac (5.2.0) | plg_system_sef (3.0.0) | PLG_SYSTEM_JQUERYEASY (1.5.5) | Hikashop - VirtueMart Fallback (1.0.0) | AcyMailing : (auto)Subscribe d (5.2.0) | PLG_SYSTEM_NNFRAMEWORK (15.1.2) | plg_system_jdownloads (2.5) | plg_system_kunena (3.0.5) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_log (3.0.0) | System - RSEvents!Pro PDF plug (1.3.0) | plg_system_highlight (3.0.0) | plg_system_logout (3.0.0) | PLG_JSCSSCONTROL (3.1.0) | plg_system_remember (3.0.0) | System - Google Analytics (4.6.1) | plg_system_cache (3.0.0) | System - Perfect Joomla! 3 Use (1.8) | plg_system_languagecode (3.0.0) | plg_user_seminarman (1.0.6) | plg_user_profile (3.0.0) | plg_user_joomla (3.0.0) | plg_user_contactcreator (3.0.0) | My courses (0.1) | RSEvents!Pro - JomSocial plugi (1.0) | Unknown (-) | Teacher courses (0.1) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_kunena (3.0.5) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_jcefilebrowser (2.3.4.4) | plg_authentication_gmail (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_joomla (3.0.0) |Templates Discovered :: wrote:Templates :: SITE :: darland (2.5.0) | templatecreatorck (1.0.0) | Clever (3.1) | Cleanlogic-for-Joomla-3.X (1.2) | beez3 (3.1.0) | protostar (1.0) | clubys (3.0) |
Templates :: ADMIN :: hathor (3.0.0) | isis (1.0) |
My friend have some site, and he is victim of few malware. Sending spam, and now site not works anymore...
I downloaded that backup, installed it locally on xampp, scan folder with few antiviruses, and with malwarebytes.
I deleted about 15 reported malware files... I checked them also on virustotal, and few viruses was reported with more then 30 AVs...
I tried to clean it, but I don't have experience with Joomla, not even PHP... I'm not developer :). I'm just some kind of system administrator.
I removed what I think it is OK, but I have problems with few sides and errors on pages...
So, my question is,
is it possible to install old clean backup (I have from October), and somehow merge it with this current state?
Just to copy clean files, update tables in database, etc....
I believe this procedure is normal, and somewhere must be described, but I don't know how to google it... Which folder need to be copied, which tables from databases, etc...