My site was hacked today. Black page, skeleton, terrible music, promise of girls, the usual WTF!! moment. This is what greeted me when I loaded my browser.
Looking at the visit logs I noticed that for the past few days an unusual number of visits came from mod removed
They would visit the same article over and over again and they were referred to my page from a google.tr search string that reads:http://www.google.com.tr/search?q=inurl:%22/index.php%3Foption%3Dcom_content%22%20%22Choose%20a%20File%20to%20Upload%22&hl=tr&rlz=1T4GGLL_trTR394TR394&prmd=iv&ei=TZYlTb7ICIWn8QO_r5CJAw&start=70&sa=N
Well the article in question on my site is a page that allows users to upload a photo of themselves. I used the extension Easy File Uploader for this page. It can be found here: http://extensions.joomla.org/extensions/core-enhancements/file-management/11909.
This is the page the hackers from mod removed
were repeatedly visited 3 and 4 times per day.
At first I though that they had trouble uploading their photos but after testing it and seeing that easy file uploader worked I had a sinking feeling that maybe they were up to no good.
But I get that feeling anytime I see a visit or new user registration from mod removed
and or mod removed
. Why do hackers from these places have to fulfill loathsome stereotypes. mod removed
Do they have to own evil hackers too?
Apologies to any genuine people from mod removed
. I know there are bad apples everywhere.
Anyway I have pretty much banned IP addresses from mod removed
but I wonder, did they hack my site through the "Choose file to Upload" interface? Is Easy File Uploader a backdoor for hackers now?
Watching my site like a hawk and waiting for some clues from 'youse.'