Why the 3.5.1 get hacked

popoguy · Post by **popoguy** » Wed Jun 22, 2016 1:39 am

1 of My websites was hacked, the script like
<"script type='text/javascript' src='//is[dot]gd/KlC6h2'></script">
The short url leads to onclickads.net/apu.php?zoneid=221675 then redirect to various AD urls.

Thanks for the post http://forum.joomla.org/viewtopic.php?t=861066, I found this script on the tpls/default.php of the template and removed it.

But do you know how they managed to inject the code to my website?
I am using the lastest version joomla 3.5.1 which should be the most safe version.

itoctopus · Post by **itoctopus** » Wed Jun 22, 2016 2:41 am

I can think of 2 reasons:

- You have a vulnerable extension installed (Check Joomla's VEL)
- Your website resides on a shared hosting server and the server is running an unpatched ImageMagick module.

ribo · Post by **ribo** » Wed Jun 22, 2016 6:58 am

Also a no updated template could be the reason

darb · Post by **darb** » Wed Jun 22, 2016 11:03 am

Or a pirated downloaded 3pds that you have installed and that create a back door to your site.

'Following Joomla since 2005 I see that this is the no1 problem for Joomla hacked sites together with bad hosting partner.

If you hosting is new and dont know what they are doing to prevent hackers then you can not do anything to stop them from hacking your site so no 1 priority is to choose a reliable Joomla hosting provider and not install any pirated 3pds bcs then you are asking for a 100% problem that cost you more then cheep hosting and free pirated 3pds extensions..

leolam · Post by **leolam** » Thu Jun 23, 2016 8:30 am

You will only know if you have a secure site now if you follow all that has been written http://forum.joomla.org/viewtopic.php?f=714&t=757645

Leo

popoguy · Post by **popoguy** » Fri Jun 24, 2016 5:26 pm

The website get hacked again, this time the code was found in line 36 "[templatename]/tpls/blocks/head.php"

ribo wrote:Also a no updated template could be the reason

This might be the problem, as this template was issued in 2014.

darb wrote:Or a pirated downloaded 3pds that you have installed and that create a back door to your site.

I stop using pirated 3pds after I transferred from J1.5 to J2.5
Do you know where to find and how to kill the back door?

leolam wrote:You will only know if you have a secure site now if you follow all that has been written http://forum.joomla.org/viewtopic.php?f=714&t=757645

Thanks, but there are tons of information, could you narrow it down?

ribo · Post by **ribo** » Sat Jun 25, 2016 4:46 pm

popoguy wrote:The website get hacked again, this time the code was found in line 36 "[templatename]/tpls/blocks/head.php"

ribo wrote:Also a no updated template could be the reason
This might be the problem, as this template was issued in 2014.

It might be one of the reasons that you ve been hacked, but all the other advices from joomla members are good to check the reason that you ve benn hacked , to not be hacked in the future and also very strong recommended to read carefully all the post that @leolam said you and use all the steps from there.

The Joomla! Forum™

Why the 3.5.1 get hacked

Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked

Re: Why the 3.5.1 get hacked