leolam,
I am a new joomla 3.1.5 beginner. I have been hacked and the most difficult things for me to understand when trying to dehack my site are knowing how to do and/or how to find certain things/files.
What do you mean by this...."Delete all files in your Joomla installation, saving a copy of the configuration.php file."
All of what files in my joomla installation? To me that sound like wiping out my entire site.
3.1.5 Site infected with malware
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Fri Jul 12, 2013 1:43 am
- leolam
- Joomla! Master
- Posts: 20652
- Joined: Mon Aug 29, 2005 10:17 am
- Location: Netherlands/ Germany/ S'pore/Bogor/ North America
- Contact:
Re: Site infected with malware
You do not wipe out your entire site. You replace the actual files and folders with clean and proper ones. Simple a matter of reloading the default stuffsomeone1 wrote:All of what files in my joomla installation? To me that sound like wiping out my entire site.
Leo
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
-
- Joomla! Apprentice
- Posts: 6
- Joined: Fri Jul 12, 2013 1:43 am
Re: Site infected with malware
Thank you for responding.
I wish it were simple.
I do not seem to have a public_html to put the FPA into.
I wish it were simple.
I do not seem to have a public_html to put the FPA into.
You do not have the required permissions to view the files attached to this post.
-
- Joomla! Apprentice
- Posts: 6
- Joined: Fri Jul 12, 2013 1:43 am
Re: Site infected with malware
Ok, I think I have used the FPA correctly. Here are the results.
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 13th October 2013 wrote:I've only taken my site offline. I do not know how to do it the htaccess method.
Forum Post Assistant (v1.2.3) : 13th October 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.1.5-Stable (Ember) 01-August-2013
Joomla! Platform :: Joomla Platform 12.2.0-Stable (Neil Armstrong) 21-September-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: snbrown (uid: 1/gid: 1) | Group: pg4727688 (gid: 1) | Valid For: 3.1
Configuration Options :: Offline: 1 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32.36-hardened | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/snbrown/homestest.dreamhosters.com | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.13 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: | Last Known Error: | Register Globals: 0 | Magic Quotes: 0 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 7M | Max. POST Size: 7M | Max. Input Time: -1 | Max. Execution Time: 30 | Memory Limit: 90M
MySQL Configuration :: Version: 5.1.56-log (Client:5.0.51a) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 5.69 MiB | #of Tables: 141Detailed Environment :: wrote:PHP Extensions :: Core (5.3.13) | date (5.3.13) | ereg () | libxml () | pcre () | sqlite3 (0.7-dev) | filter (0.11.0) | mbstring () | SPL (0.2) | PDO (1.0.4dev) | Reflection ($Id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | pdo_sqlite (1.0.1) | hash (1.0) | cgi-fcgi () | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | session () | ftp () | gd () | gettext () | standard (5.3.13) | iconv () | imap () | json (1.2.1) | mcrypt () | mysql (1.0) | mysqli (0.1) | openssl () | pcntl () | pdo_mysql (1.0.2) | posix () | pspell () | exif (1.4 $Id$) | SimpleXML (0.1) | soap () | sockets () | SQLite (2.0-dev) | suhosin (0.9.32.1) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | zlib (1.1) | mhash () | Zend Engine (2.3.0) |
Potential Missing Extensions ::
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_mailto (3.0.0) | com_wrapper (3.0.0) | WF_LINKS_JOOMLALINKS_TITLE (2.3.3.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.3.2) | WF_LINK_SEARCH_TITLE (2.3.3.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.3.2) | WF_POPUPS_WINDOW_TITLE (2.3.3.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.3.2) | WF_AGGREGATOR_[youtube]_TITLE (2.3.3.2) | WF_AGGREGATOR_VINE_TITLE (2.3.3.2) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.3.2) | WF_AGGREGATOR_VIMEO_TITLE (2.3.3.2) | WF_CLIPBOARD_TITLE (2.3.3.2) | WF_ANCHOR_TITLE (2.3.3.2) | WF_LAYER_TITLE (2.3.3.2) | WF_TEXTCASE_TITLE (2.3.3.2) | WF_TABLE_TITLE (2.3.3.2) | WF_ARTICLE_TITLE (2.3.3.2) | WF_IMGMANAGER_TITLE (2.3.3.2) | WF_VISUALCHARS_TITLE (2.3.3.2) | WF_PRINT_TITLE (2.3.3.2) | WF_XHTMLXTRAS_TITLE (2.3.3.2) | WF_NONBREAKING_TITLE (2.3.3.2) | WF_PREVIEW_TITLE (2.3.3.2) | WF_CLEANUP_TITLE (2.3.3.2) | WF_AUTOSAVE_TITLE (2.3.3.2) | WF_INLINEPOPUPS_TITLE (2.3.3.2) | WF_MEDIA_TITLE (2.3.3.2) | WF_STYLE_TITLE (2.3.3.2) | WF_BROWSER_TITLE (2.3.3.2) | WF_SPELLCHECKER_TITLE (2.3.3.2) | WF_KITCHENSINK_TITLE (2.3.3.2) | WF_CHARMAP_TITLE (2.3.3.2) | WF_FULLSCREEN_TITLE (2.3.3.2) | WF_VISUALBLOCKS_TITLE (2.3.3.2) | WF_SOURCE_TITLE (2.3.3.2) | WF_LISTS_TITLE (2.3.3.2) | WF_DIRECTIONALITY_TITLE (2.3.3.2) | WF_CONTEXTMENU_TITLE (2.3.3.2) | WF_SEARCHREPLACE_TITLE (2.3.3.2) | WF_LINK_TITLE (2.3.3.2) |
Components :: ADMIN :: Akeeba (3.8.2) | com_joomlaupdate (3.0.0) | mod_kunenamenu (3.0.2) | plg_system_kunena (-) | plg_kunena_joomla (3.0.2) | plg_kunena_gravatar (3.0.2) | plg_kunena_alphauserpoints (3.0.2) | plg_kunena_kunena (3.0.2) | plg_kunena_community (3.0.2) | plg_kunena_finder (3.0.2) | plg_finder_kunena (3.0.2) | plg_kunena_uddeim (3.0.2) | plg_kunena_comprofiler (3.0.2) | com_kunena (3.0.2) | com_newsfeeds (3.0.0) | com_search (3.0.0) | com_login (3.0.0) | com_weblinks (3.0.0) | Contentbuilder (0.9.4 (build ) | ContentBuilder - Submit - Samp (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Themes - Joom (1.0) | ContentBuilder - Themes - Blan (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Themes - Khep (1.0) | ContentBuilder Permission Obse (1.0) | ContentBuilder - Verify (1.0) | ContentBuilder - List Action - (1.0) | ContentBuilder System (1.1) | ContentBuilder - Content - Ima (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Verify - PayP (1.0) | ContentBuilder - List Action - (1.0) | ContentBuilder - Content - Dow (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Verify - Pass (1.0) | ContentBuilder - Content - Rat (1.0) | Gantry (4.1.17) | com_users (3.0.0) | com_plugins (3.0.0) | COM_GCALENDAR (3.1.5) | com_languages (3.0.0) | com_cpanel (3.0.0) | com_menus (3.0.0) | com_templates (3.0.0) | com_cache (3.0.0) | com_tags (3.1.0) | Unknown (-) | Unknown (-) | BreezingForms (1.8.4 Stable ) | com_banners (3.0.0) | com_media (3.0.0) | com_checkin (3.0.0) | com_messages (3.0.0) | com_finder (3.0.0) | com_categories (3.0.0) | com_redirect (3.0.0) | com_installer (3.0.0) | Admintools (2.5. | Unknown (-) | JCE (2.3.3.2) | com_modules (3.0.0) | com_config (3.0.0) | com_admin (3.0.0) | com_content (3.0.0) | Quick Logout (1.8.0) |
Modules :: SITE :: mod_banners (3.0.0) | mod_weblinks (3.0.0) | mod_whosonline (3.0.0) | mod_related_items (3.0.0) | mod_finder (3.0.0) | mod_menu (3.0.0) | MOD_GCALENDAR (3.1.5) | mod_articles_category (3.0.0) | mod_random_image (3.0.0) | ContentBuilder - Advanced List (1.5) | MOD_GCALENDAR_UPCOMING (3.1.5) | mod_footer (3.0.0) | mod_syndicate (3.0.0) | mod_articles_latest (3.0.0) | mod_login (3.0.0) | mod_articles_popular (3.0.0) | BreezingForms (1. | mod_stats (3.0.0) | mod_tags_similar (3.1.0) | mod_articles_archive (3.0.0) | mod_articles_news (3.0.0) | mod_custom (3.0.0) | mod_wrapper (3.0.0) | MOD_GCALENDAR_NEXT (3.1.5) | Breezing Slide Show (1.0) | mod_search (3.0.0) | mod_languages (3.0.0) | mod_articles_categories (3.0.0) | mod_users_latest (3.0.0) | mod_tags_popular (3.1.0) | RokNavMenu (2.0.5) | mod_feed (3.0.0) | mod_breadcrumbs (3.0.0) | Responsive Slide Show (1.0) |
Modules :: ADMIN :: mod_status (3.0.0) | mod_title (3.0.0) | mod_menu (3.0.0) | mod_logged (3.0.0) | MOD_AKADMIN_TITLE (3.8.2) | mod_multilangstatus (3.0.0) | mod_quickicon (3.0.0) | mod_login (3.0.0) | mod_stats_admin (3.0.0) | mod_custom (3.0.0) | mod_toolbar (3.0.0) | mod_feed (3.0.0) | mod_popular (3.0.0) | mod_version (3.0.0) | mod_latest (3.0.0) | mod_submenu (3.0.0) |
Plugins :: SITE :: ContentBuilder - Verify - PayP (1.0) | ContentBuilder - Verify - Pass (1.0) | plg_kunena_uddeim (3.0.2) | plg_kunena_kunena (3.0.2) | plg_kunena_alphauserpoints (3.0.2) | plg_kunena_gravatar (3.0.2) | plg_kunena_community (3.0.2) | plg_kunena_comprofiler (3.0.2) | plg_kunena_joomla (3.0.2) | plg_quickicon_kunena (3.0.2) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_jcefilebrowser (2.3.3.2) | plg_quickicon_extensionupdate (3.0.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_user_profile (3.0.0) | plg_user_contactcreator (3.0.0) | plg_user_joomla (3.0.0) | plg_finder_content (3.0.0) | plg_finder_weblinks (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_categories (3.0.0) | plg_search_content (3.0.0) | plg_search_weblinks (3.0.0) | plg_search_contacts (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_gcalendar (3.1.5) | plg_search_categories (3.0.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | ContentBuilder - Verify (1.0) | ContentBuilder - Content - Ima (1.0) | plg_content_finder (3.0.0) | BreezingForms - Content - Down (1.0) | ContentBuilder - Content - Vid (1.1) | plg_gcalendar_next (3.1.5) | ContentBuilder - Content - Rat (1.0) | ContentBuilder - Content - Dow (1.0) | plg_content_vote (3.0.0) | ContentBuilder - Content - Lin (1.1) | plg_content_loadmodule (3.0.0) | plg_content_pagebreak (3.0.0) | BreezingForms - Content - Imag (1.0) | plg_content_emailcloak (3.0.0) | plg_content_pagenavigation (3.0.0) | ContentBuilder Permission Obse (1.0) | BreezingForms (1. | plg_content_joomla (3.0.0) | BreezingForms - AddOns - GData (1.0) | ContentBuilder - Submit - Edit (1.1) | ContentBuilder - Submit - Samp (1.0) | plg_system_sef (3.0.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | plg_system_kunena (3.0.2) | System - Admin Tools Joomla! U (1.0) | plg_system_redirect (3.0.0) | plg_system_highlight (3.0.0) | plg_system_languagecode (3.0.0) | plg_system_cache (3.0.0) | System - Admin Tools (2.5. | System - Gantry (4.1.17) | System - One Click Action (2.1) | System - RokExtender (2.0.0) | ContentBuilder System (1.1) | System - Admin Tools Update Em (1.0) | plg_system_debug (3.0.0) | PLG_SRP_TITLE (3.8.2) | plg_system_logout (3.0.0) | plg_system_remember (3.0.0) | plg_system_p3p (3.0.0) | plg_system_languagefilter (3.0.0) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | plg_system_log (3.0.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Validation - (1.0) | ContentBuilder - Themes - Joom (1.0) | ContentBuilder - Themes - Blan (1.0) | ContentBuilder - Themes - Khep (1.0) | ContentBuilder - Form Elements (1.3) | ContentBuilder - Form Elements (1.2) | ContentBuilder - List Action - (1.0) | ContentBuilder - List Action - (1.0) | plg_editors_jce (2.3.3.2) | plg_editors_codemirror (1.0) | plg_captcha_recaptcha (3.0.0) | plg_editors-xtd_readmore (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_image (3.0.0) | plg_extension_joomla (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_ldap (3.0.0) | plg_authentication_joomla (3.0.0) |Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) | gantry (4.1.13) | protostar (1.0) |
Templates :: ADMIN :: isis (1.0) | hathor (3.0.0) |
- rltv2011
- Joomla! Apprentice
- Posts: 36
- Joined: Mon Nov 04, 2013 10:00 pm
- Location: Quito, Ecuador
- Contact:
Re: Site infected with malware
You can contact your hosting manager depending on your hosting company and package, if you are able to do this, your manager and the hosting company will remove the malware from your site in just minutes or hours ; )