I've checked permissions, and fixed them if they were broken (i suspect this was the cause).
I've verified the cause is not a compromised shell account.
I've looked in Joomla logs for anything suspicious (though I'm not an expert).
I've updated Joomla to the latest version.
I will have everyone change their passwords when they get in tomorrow.
Forum Post Assistant (v1.2.4) : 20th November 2015 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.4.5-Stable (Ember) 22-October-2015
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (644) | Owner: 0 (uid: /gid: ) | Group: 1003 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 3.10.0-123.20.1.el7.x86_64 | Technology: x86_64 | Web Server: Apache/2.4.6 (CentOS) PHP/5.4.16 | Encoding: gzip, deflate | Doc Root: /var/www/www.mmdevelopmentllc.com/ | System TMP Writable: Yes
PHP Configuration :: Version: 5.4.16 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.6.24 (Client:5.6.24) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 12.67 MiB | #of Tables: 121Detailed Environment :: wrote:PHP Extensions :: Core (5.4.16) | date (5.4.16) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | Reflection ($Id: 6c4d8062369898a397e4b128348042f5c01b4427 $) | session () | standard (5.4.16) | shmop () | SimpleXML (0.1) | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | apache2handler () | curl () | dba () | fileinfo (1.0.5) | gd () | json (1.2.1) | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | sqlite3 (0.7) | zip (1.11.0) | mhash () | Zend Engine (2.4.0) |
Potential Missing Extensions :: mbstring | mcrypt | suhosin |
Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Apache Modules :: core | mod_so | http_core | mod_access_compat | mod_actions | mod_alias | mod_allowmethods | mod_auth_basic | mod_auth_digest | mod_authn_anon | mod_authn_core | mod_authn_dbd | mod_authn_dbm | mod_authn_file | mod_authn_socache | mod_authz_core | mod_authz_dbd | mod_authz_dbm | mod_authz_groupfile | mod_authz_host | mod_authz_owner | mod_authz_user | mod_autoindex | mod_cache | mod_cache_disk | mod_data | mod_dbd | mod_deflate | mod_dir | mod_dumpio | mod_echo | mod_env | mod_expires | mod_ext_filter | mod_filter | mod_headers | mod_include | mod_info | mod_log_config | mod_logio | mod_mime_magic | mod_mime | mod_negotiation | mod_remoteip | mod_reqtimeout | mod_rewrite | mod_setenvif | mod_slotmem_plain | mod_slotmem_shm | mod_socache_dbm | mod_socache_memcache | mod_socache_shmcb | mod_status | mod_substitute | mod_suexec | mod_unique_id | mod_unixd | mod_userdir | mod_version | mod_vhost_alias | mod_dav | mod_dav_fs | mod_dav_lock | mod_lua | prefork | mod_proxy | mod_lbmethod_bybusyness | mod_lbmethod_byrequests | mod_lbmethod_bytraffic | mod_lbmethod_heartbeat | mod_proxy_ajp | mod_proxy_balancer | mod_proxy_connect | mod_proxy_express | mod_proxy_fcgi | mod_proxy_fdpass | mod_proxy_ftp | mod_proxy_http | mod_proxy_scgi | mod_systemd | mod_cgi | mod_php5 | Apache/2.4.6 (CentOS) PHP/5.4.16 |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) :: fpa/ForumPostAssistant-FPA-c6863cd/ (775) | fpa/ForumPostAssistant-FPA-c6863cd/Documentation/ (775) | fpa/ForumPostAssistant-FPA-c6863cd/Documentation/images/ (775) |Extensions Discovered :: wrote:Components :: SITE :: com_mailto (3.0.0) | com_wrapper (3.0.0) |
Components :: ADMIN :: RSForm! (1.50.7) | com_menus (3.0.0) | com_categories (3.0.0) | com_tags (3.1.0) | com_languages (3.0.0) | com_checkin (3.0.0) | com_postinstall (3.2.0) | com_redirect (3.0.0) | com_admin (3.0.0) | com_plugins (3.0.0) | com_messages (3.0.0) | mod_k2_comments (-) | mod_k2_comments (-) | COM_K2 (2.6.8) | com_banners (3.0.0) | com_login (3.0.0) | com_cache (3.0.0) | com_finder (3.0.0) | com_media (3.0.0) | com_phocagallery (4.1.2) | com_templates (3.0.0) | com_installer (3.0.0) | com_joomlaupdate (3.0.0) | com_weblinks (3.0.0) | com_config (3.0.0) | com_modules (3.0.0) | com_users (3.0.0) | com_newsfeeds (3.0.0) | com_content (3.0.0) | com_search (3.0.0) | com_cpanel (3.0.0) | com_contenthistory (3.2.0) | com_ajax (3.2.0) |
Modules :: SITE :: mod_st_slider (1.3) | mod_phocagallery_image (4.0.0) | K2 Content (2.6.8) | mod_st_promo_image (1.0) | K2 Users (2.6.8) | mod_st_newsflash (1.0) | mod_feed (3.0.0) | mod_wrapper (3.0.0) | mod_login (3.0.0) | mod_tags_popular (3.1.0) | K2 Comments (2.6.8) | mod_footer (3.0.0) | mod_articles_news (3.0.0) | mod_languages (3.0.0) | mod_menu (3.0.0) | mod_syndicate (3.0.0) | mod_random_image (3.0.0) | mod_whosonline (3.0.0) | K2 User (2.6.8) | mod_search (3.0.0) | mod_articles_category (3.0.0) | mod_custom (3.0.0) | mod_stats (3.0.0) | mod_weblinks (3.0.0) | mod_articles_archive (3.0.0) | mod_breadcrumbs (3.0.0) | mod_banners (3.0.0) | mod_articles_latest (3.0.0) | mod_tags_similar (3.1.0) | K2 Tools (2.6.8) | mod_finder (3.0.0) | mod_articles_categories (3.0.0) | mod_users_latest (3.0.0) | mod_articles_popular (3.0.0) | mod_related_items (3.0.0) |
Modules :: ADMIN :: mod_version (3.0.0) | K2 Quick Icons (admin) (2.6.8) | mod_multilangstatus (3.0.0) | mod_feed (3.0.0) | mod_login (3.0.0) | mod_menu (3.0.0) | mod_stats_admin (3.0.0) | mod_quickicon (3.0.0) | K2 Stats (admin) (2.6.8) | mod_status (3.0.0) | mod_logged (3.0.0) | mod_toolbar (3.0.0) | mod_title (3.0.0) | mod_submenu (3.0.0) | mod_custom (3.0.0) | mod_popular (3.0.0) | mod_latest (3.0.0) |
Plugins :: SITE :: AllVideos (by JoomlaWorks) (4.5.0) | AllVideos (by JoomlaWorks) (4.5.0) | plg_content_geshi (3.0.0) | plg_content_pagenavigation (3.0.0) | plg_content_joomla (3.0.0) | plg_content_loadmodule (3.0.0) | plg_content_vote (3.0.0) | plg_content_emailcloak (3.0.0) | plg_content_finder (3.0.0) | plg_content_pagebreak (3.0.0) | System - RSForm! Pro reCAPTCHA (1.4.0) | plg_system_languagecode (3.0.0) | PLG_SYSTEM_NNFRAMEWORK (15.1.2) | PLG_SYSTEM_ARTICLESANYWHERE (3.7.3FREE) | System - K2 (2.6.8) | plg_system_highlight (3.0.0) | plg_system_p3p (3.0.0) | plg_system_debug (3.0.0) | PLG_SYSTEM_MODULESANYWHERE (3.6.3FREE) | plg_system_remember (3.0.0) | plg_system_redirect (3.0.0) | plg_system_languagefilter (3.0.0) | plg_system_logout (3.0.0) | plg_system_cache (3.0.0) | plg_system_sef (3.0.0) | plg_system_log (3.0.0) | PLG_SYS_ADMINEXILE (2.3.6) | Josetta - K2 Items (2.6.8) | Josetta - K2 Categories (2.6.8) | plg_user_profile (3.0.0) | User - K2 (2.6.8) | plg_user_joomla (3.0.0) | plg_user_contactcreator (3.0.0) | plg_twofactorauth_yubikey (3.2.0) | plg_twofactorauth_totp (3.2.0) | plg_authentication_joomla (3.0.0) | plg_authentication_gmail (3.0.0) | plg_authentication_cookie (3.0.0) | plg_authentication_ldap (3.0.0) | plg_editors_codemirror (5.6) | plg_editors_tinymce (4.1.7) | plg_extension_joomla (3.0.0) | plg_quickicon_joomlaupdate (3.0.0) | plg_quickicon_extensionupdate (3.0.0) | plg_finder_tags (3.0.0) | plg_finder_k2 (2.6.8) | plg_finder_weblinks (3.0.0) | plg_finder_contacts (3.0.0) | plg_finder_categories (3.0.0) | plg_finder_newsfeeds (3.0.0) | plg_finder_content (3.0.0) | plg_captcha_recaptcha (3.4.0) | PLG_EDITORS-XTD_ARTICLESANYWHE (3.7.3FREE) | plg_editors-xtd_image (3.0.0) | plg_editors-xtd_readmore (3.0.0) | PLG_EDITORS-XTD_MODULESANYWHER (3.6.3FREE) | plg_editors-xtd_pagebreak (3.0.0) | plg_editors-xtd_article (3.0.0) | plg_search_tags (3.0.0) | Search - K2 (2.6.8) | plg_search_weblinks (3.0.0) | plg_search_contacts (3.0.0) | plg_search_categories (3.0.0) | plg_search_newsfeeds (3.0.0) | plg_search_content (3.0.0) |Templates Discovered :: wrote:Templates :: SITE :: HLI (1.2) | beez3 (3.1.0) | protostar (1.0) |
Templates :: ADMIN :: isis (1.0) | hathor (3.0.0) |
This site is not mine. I'm not a web dev. It belongs to a company with a fired web dev, and I am hosting it temporarily. I don't know much about Joomla, but I feel confident I can learn enough to resolve this issue.
There are 40K+ files in there and I'd rather not have to use process of elimination.