The Joomla! Forum ™

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.

Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Thu Oct 20, 2011 5:22 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Thu Oct 20, 2011 5:03 pm
Posts: 1
I had to say, that this is the worst attack to my sites based on joomla. im using from joomla 1.5 sites to the newest 1.7

all the php files looked infected by the following script:

Code removed due to security issues

it infected EVERY instance of my joomla sites. i don't know what is happening, all my dirs are under 0755 permissions and correctly locked by www-data user.... some idea what is going on?

Last edited by imanickam on Thu Oct 20, 2011 5:54 pm, edited 1 time in total.
Due to security issues the code posted has been removed.

Reply with quote  
PostPosted: Thu Oct 20, 2011 6:44 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 13295
Location: The Girly Side of Joomla in Sussex
[ ] Run the Forum Post Assistant / FPA Instructions available here and are also included in the download package.

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

Note: The forum post tool will work with J1.0.x, J1.6.x, J1.7.x

HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security forums Moderator}

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

Who is online

Users browsing this forum: No registered users and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group