The Joomla! Forum ™

Download

Demo


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 
  Print view Previous topic | Next topic 
Author Message
delhidjinn
PostPosted: Thu Feb 09, 2012 9:11 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 27, 2009 6:21 pm
Posts: 17
Location: New Delhi, India
Briefly:
When I visit site.com/administrator it goes to site.com. Since few days using Chrome I had got the message when visiting site.com/administrator that it is referencing weborder manager.com - a malware site.

Now I cannot access the backend.

Frontend so far is working fine.

I am in the process of migrating to Joomla 2.5.

Thank you


Problem Description :: Forum Post Assistant (v1.2.0) : 9th February 2012 wrote:
admin login page resolves to the front end. unable to view administrator login page
Log/Error Message :: Forum Post Assistant (v1.2.0) : 9th February 2012 wrote:
there is no message as on visiting site.com/administrator it goes to site.com
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.0) : 9th February 2012 wrote:
[09-Feb-2012 02:26:26] PHP Fatal error: Call to a member function merge() on a non-object in /home/uniquein/public_html/components/com_resource/views/list/view.feed.php on line 0
Actions Taken To Resolve by Forum Post Assistant (v1.2.0) 9th February 2012 wrote:
A backup restore from the hosting service does not solve it. For few days there was a message in google chrome that the site is referencing webordermanager.com and one other which are know malware distributors.
Forum Post Assistant (v1.2.0) : 9th February 2012 wrote:
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 1.5.25-Stable (senu takaa ama mamni) 14-November-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: uniquein (uid: 1926/gid: 1912) | Group: uniquein (gid: 1912) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 1 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32.46-grsec | Technology: x86_64 | Web Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_fcgid/2.3.6 Phusion_Passenger/3.0.9 mod_bwlimited/1.4 | Encoding: gzip,deflate,sdch | Doc Root: /home/uniquein/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 09th February 2012 02:26:26. | Register Globals: | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 12M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 256M

MySQL Configuration :: Version: 5.0.92-50-log (Client:5.0.92) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 489.14 MiB | #of _FPA_TABLE: 250
Detailed Environment :: wrote:
PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mysql (1.0) | SimpleXML (0.1) | posix () | pspell () | Reflection (0.1) | imap () | SPL (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | imagick (3.0.1) | ffmpeg (0.6.0-svn) | SourceGuardian (8.2) | ionCube Loader () | Zend Optimizer () | Zend Engine (2.2.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:
Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: None components/com_jaggyblog/assets/images/ (777) |
Database Information :: wrote:
Database _FPA_STATS :: Uptime: 163145 | Threads: 6 | Questions: 63910466 | Slow queries: 350 | Opens: 136882 | Flush tables: 1 | Open tables: 4096 | Queries per second avg: 391.740 |
Extensions Discovered :: wrote:
Components :: SITE :: WF_PRINT_TITLE (2.0.12) | WF_TEXTCASE_TITLE (2.0.12) | WF_PASTE_TITLE (2.0.12) | WF_INLINEPOPUPS_TITLE (2.0.12) | WF_LAYER_TITLE (2.0.12) | WF_MEDIA_TITLE (2.0.12) | WF_NONBREAKING_TITLE (2.0.12) | WF_VISUALCHARS_TITLE (2.0.12) | WF_SEARCHREPLACE_TITLE (2.0.12) | WF_STYLE_TITLE (2.0.12) | WF_CONTEXTMENU_TITLE (2.0.12) | WF_FULLSCREEN_TITLE (2.0.12) | WF_XHTMLXTRAS_TITLE (2.0.12) | WF_ARTICLE_TITLE (2.0.12) | WF_IMGMANAGER_TITLE (2.0.12) | WF_SOURCE_TITLE (2.0.12) | WF_CLEANUP_TITLE (2.0.12) | WF_BROWSER_TITLE (2.0.12) | WF_TABLE_TITLE (2.0.12) | WF_AUTOSAVE_TITLE (2.0.12) | WF_PREVIEW_TITLE (2.0.12) | WF_DIRECTIONALITY_TITLE (2.0.12) | WF_SPELLCHECKER_TITLE (2.0.12) | WF_LINK_TITLE (2.0.12) | WF_LINKS_JOOMLALINKS_TITLE (2.0.12) | WF_POPUPS_WINDOW_TITLE (2.0.12) | WF_POPUPS_JCEMEDIABOX_TITLE (2.0.12) | WF_FILESYSTEM_JOOMLA_TITLE (2.0.12) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.0.12) | WF_AGGREGATOR_YOUTUBE_TITLE (2.0.12) | WF_AGGREGATOR_VIMEO_TITLE (2.0.12) | MailTo (1.5.0) | Twitter connection (2.0.4) | MySQL connection (2.0.4) | Redirect (2.0.4) | Run php code (2.0.4) | Email (2.0.4) | Email (2.0.4) | Paginate (2.1) | Calendar (2.0.4) | chart (2.0.4) | googlemap (2.0.4) | Cron Email (2.0.4) | link (2.0.4) | Display Text (2.0.4) | dropdown (2.0.4) | Button (2.0.4) | text area (2.0.4) | image (2.0.4) | display text (2.0.4) | internal ID (2.0.4) | database join (2.0.4) | field (2.0.4) | user (2.0.4) | date (2.0.4) | file uploader (2.0.4) | radio button (2.0.4) | checkbox (2.0.4) | Copy (2.0.4) | Php (2.0.4) | Is email (2.0.4) | Regex (2.0.4) | Is numeric (2.0.4) | Is not (2.0.4) | Is unique (2.0.4) | Is alphanumeric (2.0.4) | Not empty (2.0.4) | Wrapper (1.5.0) | User (1.5.0) |
Components :: ADMIN :: Template Manager (1.5.0) | Weblinks (1.5.0) | Module Manager (1.5.0) | Acajoom Content Bot (2.0.0) | Acajoom CB Plugin (1.2) | Acajoom (3.2.7) | Polls (1.5.0) | Unknown (-) | JCE (2.0.12) | Editor - JCE (2.0.12) | Joomla Native Content Plugin (1.8.2) | K2 Content Plugin (1.7.2) | FeedGator (2.3.2) | JSLM (3.4) | Content Page (1.5.0) | Joomap (2.06 Beta2) | Messaging (1.5.0) | XCloner-BackupandRestore (2.1.1) | Trash (1.0.0) | Plugin Manager (1.5.0) | CKEditor (1.5.5.6) | RD_Sitemap (2.0.J-rc1) | SOBI2 (RC 2.9.2.4) | Contact Items (1.0.0) | Jumi (2.0.6) | System - Jumi Router (2.0.6) | Jumi (2.0.6) | Jumi (2.0.6) | AutoTweet (3.15) | Menus Manager (1.5.0) | Installation Manager (1.5.0) | Resource (1.3.9.4) | Newsfeeds (1.5.0) | Mobile Joomla! (1.0 RC6) | jkefel (1.3.0) | Banners (1.5.0) | 3D Aggregator (1.0 Lite) | JuliaRssToArticle (1.0) | Control Panel (1.5.0) | Eventlist Plugin (1.0.0) | Content Plugin (1.5.1) | JoomGallery Plugin (1.5.1) | SOBI2 Plugin (1.5.1) | AcyMailing Plugin (1.0.0) | Remository Plugin (1.0.3) | SectionEx Plugin (1.0.2) | Rokdownloads Plugin (1.0.4) | JEvents Plugin (1.0.3) | JoomSuite Resources Plugin (1.0.0) | JoomDOC Extension (1.0.0) | Mosets Tree Plugin (1.0.1) | DOCman Plugin (1.5.0) | lknAnswers Plugin (1.5.0) | Rapid Recipe Plugin (1.0.0) | Contacts Plugin (1.0.1) | RSGallery2 Extension (1.0.0) | JDownloads Plugin (1.5.1) | Agora Plugin (1.0.0) | JMovies Plugin (1.5.0) | Jomres Plugin (1.0) | MyBlog Plugin (1.5.1) | Virtuemart Plugin (1.1.4) | Kunena Plugin (1.0.1) | KnowledgeBase Plugin (1.0.0) | Gallery2 Bridge Plugin (1.0.2) | CMS Shop Builder Plugin (1.5.0) | Hot Property Plugin (1.0.1) | Web Links Plugin (1.0.0) | JCALPro Plugin (1.0.0) | Xmap (1.2.8) | Easy Search (0.1.1) | ReDJ (1.3.2) | Fabrik (2.1) | Language Manager (1.5.0) | Search (1.5.0) | Admintools (2.2.a2) | Media Manager (1.5.0) | Feedpost (v 2.7.3) | jUpgrade (1.2.4) | Labels (1.0.2 Beta2) | JaggyBlog (1.3.5) | Configuration Manager (1.5.0) | Cache Manager (1.5.0) | User Manager (1.5.0) | Frontpage (1.5.0) | Mass Mail (1.5.0) |

Modules :: SITE :: Easy Joomla PayPal Payment / D (1.5.2) | Labels - Label Cloud (1.0.2 Beta2) | Latest Blog Posts (1.0.0) | Breadcrumbs (1.5.0) | Feed Display (1.5.0) | mod_bloglatestpost (1.5.0) | Latest News (1.5.0) | Latest Blog Posts (1.0.0) | Random Image (1.5.0) | Related Items (1.0.0) | Mobile Menu (1.0 RC6) | J - Google Plus One (1.0.0) | Jumi (2.0.6) | Search (1.0.0) | Labels - Related Content (1.0.2 Beta2) | Login (1.5.0) | Labels - Label List (1.0.2 Beta2) | Newsflash (1.5.0) | Categories (1.1) | Statistics (1.5.0) | Blog Tags (1.0.0) | Menu (1.5.0) | Core Design Login module (1.1.7) | Facebook Share (1.0.1) | Custom HTML (1.5.0) | Follow Me (1.5.5) | Latest Comments (1.0.0) | Archived Content (1.5.0) | Who\'s Online (1.0.0) | Sections (1.5.0) | HTML Module (1.0.Alpha1) | Footer (1.5.0) | Syndicate (1.5.0) | Markup Chooser (1.0 RC6) | Google Analytics Tracking Modu (1.0) | Joomla Featured Articles (1.5.5) | Poll (1.5.0) | Header (1.0 RC6) | Banner (1.5.0) | Acajoom Module (3.1.0) | Most Popular Posts (1.0.0) | Sponsored Links (3.0 ClickSafe) | Most Read Content (1.5.0) | Wrapper (1.0.0) | Blog Categories (1.0.0) | Random Image Plus (2.4.1) | ArtCats 2.0.3 (2.0.3) | MetaMod (1.5g) | Resource Booking (1.5.2 beta 3) |
Modules :: ADMIN :: Admin Menu (1.0.0) | Labels Cloud (1.0.2 Beta2) | Toolbar (1.0.0) | Feed Display (1.5.0) | Online Users (1.0.0) | Labels Manager (1.0.2 Beta2) | Labels Status (1.0.2 Beta2) | Unread Items (1.0.0) | Login Form (1.0.0) | Admin Submenu (1.0.0) | Items Stats (1.0.0) | Admin Tools Joomla! Upgrade No (svn691) | Admin Tools Joomla! Upgrade No (2.1.11) | Latest News (1.0.0) | Custom HTML (1.5.0) | Footer (1.0.0) | Quick Icons (1.0.0) | User Status (1.5.0) | Title (1.0.0) | Mobile Joomla! CPanel Icon (1.0 RC6) | RSFinder (1.0.0) | Resource Booking (1.5.1 beta1) | Popular Items (1.0.0) | Logged in Users (1.0.0) |

Plugins :: SITE :: Editor - JCE (2.0.12) | Editor - XStandard Lite for Jo (1.0) | Joomla! Links for Advanced Lin (1.2.1) | Editor - CKEditor (3.5) | Editor - TinyMCE 3 (3.2.6) | Editor Button - Tabber (1.3.1) | Button - Image (1.0.0) | Button - Xmap Link (1.0) | Button - Articles Anywhere (1.11.7) | Editor Button - Sourcerer! (1.0.0) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Mobile - TeraWURFL (1.0 RC6) | Mobile - Forever (1.0 RC6) | Mobile - Simple (1.0 RC6) | Mobile - Domains (1.0 RC6) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Categories (1.5) | Search - Newsfeeds (1.5) | Search - Weblinks (1.5) | Search - Sections (1.5) | Simple Image Gallery Plugin (1.2.1) | Content - Labels (1.0.2 Beta2) | Content - RandomContent (1.1) | CSS Gallery (1.3.4) | Content - jkefel (1.2.9) | Content - Place An Article (1.21) | JosTag (1.0) | JaggyBlog - AddThis (1.1.1) | Content - XTypo (1.4) | Content - AddThis (1.0.0) | Sticky Note (1.52) | Content - Page Navigation (1.5) | Content - YouTube (1.1) | Content - Load Modules (1.5) | Content - Hider (1.50) | Content - Auto Archiver (1.4) | Content - Example (1.0) | Content - Email Cloaking (1.5) | Include Content Item (1.55) | Content - Vote (1.5) | Content - Pagebreak (1.5) | Jumi (2.0.6) | Content - Code Highlighter (Ge (1.5) | Authentication - GMail (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - OpenID (1.5) | Authentication - Joomla (1.5) | Acajoom Content Bot (2.0.0) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | Content Field - Multipleselect (1.0) | Content Field - Mail (1.7.3) | Content Field - Checkbox (1.5) | Content Field - Image (1.3) | Content Field - Text (1.3.4) | Content Field - File (1.2) | Content Field - Select (1.7) | Content Field - Audio (1.7.1) | Content Field - Telephone (1.3) | Content Field - Textarea (1.3.3) | Content Field - Gallery (1.4) | Content Field - Address (1.8.4) | Content Field - Video (1.4) | Content Field - Url (1.5) | Content Field - HTML (1.7.1) | Content Field - Separator (1.2) | Content Field - Calendar (1.1) | Content Field - Picture (1.8) | Content Field - Email (1.4) | Content Field - Radiobutton (1.3) | System - Mootools Upgrade (1.5) | System - JB Type (1.1) | Mobile Joomla! (1.0 RC6) | System - Tabber (1.3.1) | System - Backlinks (1.5) | System - Labels (1.0.2 Beta2) | System - EasyCalcCheck PLUS (1.5-14) | LazyBackup 2 (2.1.1) | System - jkefel (1.3.0) | System - NoNumber! Elements (2.8.4) | System - Core Design Scriptegr (1.5.5) | backendtoken (1.2) | System - JXtended Libraries (1.0.12) | System - Modules in Content (0.1.3) | System - Articles Anywhere (1.11.7) | System - Sourcerer! (1.0.0) | System - Remember Me (1.5) | System - RSFinder (1.2.0) | AutoTweet NG Content-Extension (4.6) | System - Jumi Router (2.0.6) | AutoTweet NG Automator-Plugin (2.2) | System - ReDJ (1.3.2) | System - Legacy (1.5) | System - MetaGenerator (1.00) | JCE Utilities (2.1.7) | System - Cache (1.5) | System - Log (1.5) | System - SEF (1.5) | System - Admin Tools (2.2.a2) | System - Debug (1.5) | System - Tag Meta (1.2) |
Templates Discovered :: wrote:
Templates :: SITE :: beez (1.0.0) | mobile_iphone (1.0 RC6) | mobile_imode (1.0 RC6) | uniqueindiatour Aug 2011 (1.0) | rhuk_milkyway (1.0.2) | uniqueindiatour Aug 2011 with (1.0) | mobile_pda (1.0 RC6) | uniqueindiatour 29 Aug 2011 me (1.0) | Editor - XStandard Lite for Jo (1.0) | Editor - TinyMCE 3 (3.2.6) | Button - Image (1.0.0) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Categories (1.5) | Search - Newsfeeds (1.5) | Search - Weblinks (1.5) | Search - Sections (1.5) | Content - Page Navigation (1.5) | Content - Load Modules (1.5) | Content - Example (1.0) | Content - Email Cloaking (1.5) | Content - Vote (1.5) | Content - Pagebreak (1.5) | Content - Code Highlighter (Ge (1.5) | Authentication - GMail (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - OpenID (1.5) | Authentication - Joomla (1.5) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | System - Backlinks (1.5) | System - Remember Me (1.5) | JA Menu Parameters (1.0.1) | System - Legacy (1.5) | System - Cache (1.5) | System - Log (1.5) | System - SEF (1.5) | System - Debug (1.5) | Khepri (1.0) | Admin Menu (1.0.0) | Toolbar (1.0.0) | Feed Display (1.5.0) | Online Users (1.0.0) | Unread Items (1.0.0) | Login Form (1.0.0) | Admin Submenu (1.0.0) | Items Stats (1.0.0) | Latest News (1.0.0) | Custom HTML (1.5.0) | Footer (1.0.0) | Quick Icons (1.0.0) | User Status (1.5.0) | Title (1.0.0) | Popular Items (1.0.0) | Logged in Users (1.0.0) | Template Manager (1.5.0) | Weblinks (1.5.0) | Module Manager (1.5.0) | Polls (1.5.0) | Content Page (1.5.0) | Messaging (1.5.0) | Trash (1.0.0) | Plugin Manager (1.5.0) | Contact Items (1.0.0) | Menus Manager (1.5.0) | Installation Manager (1.5.0) | Newsfeeds (1.5.0) | Banners (1.5.0) | Control Panel (1.5.0) | Language Manager (1.5.0) | Search (1.5.0) | Media Manager (1.5.0) | Configuration Manager (1.5.0) | Cache Manager (1.5.0) | User Manager (1.5.0) | Frontpage (1.5.0) | Mass Mail (1.5.0) | beez (1.0.0) | rhuk_milkyway (1.0.2) | RY_Travel (1.0) | JA_Purity (1.2.0) | Breadcrumbs (1.5.0) | Feed Display (1.5.0) | Latest News (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | Search (1.0.0) | Login (1.5.0) | Newsflash (1.5.0) | Statistics (1.5.0) | Menu (1.5.0) | Custom HTML (1.5.0) | Archived Content (1.5.0) | Who\'s Online (1.0.0) | Sections (1.5.0) | Footer (1.5.0) | Syndicate (1.5.0) | ImageSlideShow (1.0) | Poll (1.5.0) | Banner (1.5.0) | Most Read Content (1.5.0) | Wrapper (1.0.0) | MiniFrontPage Module for J! 15 (1.2.2) | MailTo (1.5.0) | Wrapper (1.5.0) | User (1.5.0) | uniqueindiatour 21 Aug 2011 (1.0) | uniqueindiatour Aug 2011 fixed (1.0) | JA_Purity (1.2.0) | mobile_wap (1.0 RC6) |
Templates :: ADMIN :: Khepri (1.0) | APLite (0.9.3) |


Last edited by mandville on Thu Feb 09, 2012 5:24 pm, edited 1 time in total.
broke link to prevent infection


Top
 Profile  
 
mandville
PostPosted: Thu Feb 09, 2012 5:38 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
i suspect that your point of entry is here
"Elevated Permissions (First 10) :: None components/com_jaggyblog/assets/images/ (777) | "
you should never have 777

next treat your site as totaly corrupt and follow checklist 7, safe rout to recovery.
then migrate to 2.5 else just wipe the account and do it fresh in 2.5
remove jaggyblog as it is considered an exploitable extension and is now on the VEL

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
delhidjinn
PostPosted: Fri Feb 10, 2012 12:46 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 27, 2009 6:21 pm
Posts: 17
Location: New Delhi, India
Thank you.
Problem is I cannot login to the admin. The page does not show up. How do I clean it up?
Top
 Profile  
 
PhilD
PostPosted: Fri Feb 10, 2012 1:31 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2693
Location: Wisconsin USA
IN addition to removing and not using the vulnerable extension jaggyblog here is the long version of what mandville said to do to fix your site properly. Everything needed is below or linked to below:

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator
Top
 Profile  
 
mandville
PostPosted: Fri Feb 10, 2012 2:19 pm 
User avatar
Joomla! Master
Joomla! Master
Online

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11628
Location: The Girly Side of Joomla in Sussex
additional to this, a random selection of the multitude of extensions you have listed in the fpa are massively out of date and/or appear on the vel
eg
jce is now on 2.0.20, rapidrecipe is now 1.72
time for a major tidy up

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}
Top
 Profile  
 
delhidjinn
PostPosted: Thu Feb 23, 2012 1:05 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Apr 27, 2009 6:21 pm
Posts: 17
Location: New Delhi, India
Briefly the problem:
Day 1: On visiting site.com/administrator Google Chrome gives message that this site references webordermanager.com and I think bluebuys.com or something like that - sites known for distributing malware. Continuing further will make my computer vulnerable.

I immediately check with IE - no such message.
I decide to continue as I need to access backend.
My site is very big and my business site.
On Joomla 1.5.25
I am worried.
Check the forums, no answer for my problem.
I am sure there is a method but I could not find it. I wanted to search my installation files for the string webordermanager.com but did not know how to do it.
However I also decide now to migrate to Joomla 1.7. Joomla 2.5 still in beta and 2 weeks away. Using SP Upgrade (paid extension), migration is relatively trouble free.

Day 20: In the last few days prior, I had been updating my joomla 1.7 site. Quite happy. Suddenly cannot access site.com/administrator. Visiting it takes me back to site.com. I put in more renewed effort to get joomla 1.7 site up and running so as I can make it go live.

Day 22: Joomla 1.7 site.com/administrator also becomes inaccessibe. This after I had installed Marcos's plugin and admin tools pro!

I write to this forum for help.
The methods to find cause are suggested in the earlier posts of this thread.

I copy the new installation files for Joomal 2.5 (as I had upgraded) to the site. I get back the access to my 2.5 site (not the main site which I had not touched) but the site is all messy.

Desperate now.

I also do a full scan of my machine using Zone Alarm AV and Spybot - nothing.

I hire the services of a Joomla extension developer to get my backend access back - for the live site.

For a modest fee, he restores my back end. Problem is with the token. So he has disabled the token, I get the site.com/administrator access back.

In the meanwhile I had decided to do a clean install of joomal 1.5.25 and rebuild the website. However as a precaution, I decided to download all server files to my computer. (Many hours ofcourse!)

Here, bingo!
Zone Alarm catches the files which were trouble. I remove acajoom, jaggyblog, renamed jslm folder and deleted the file in media folder.

Since then, all seems well.

_________________
This too shall pass.

Basho: "Sitting silently doing nothing, the spring comes on its own, the grass grows by itself."


Last edited by delhidjinn on Thu Feb 23, 2012 2:17 pm, edited 1 time in total.

Top
 Profile  
 
Slackervaara
PostPosted: Thu Feb 23, 2012 1:54 pm 
Joomla! Explorer
Joomla! Explorer
Online

Joined: Sat Aug 13, 2011 6:27 am
Posts: 299
I use the security extension eyesite that reports new or changed files on the site. Very good if the site is hacked
http://extensions.lesarbresdesign.info/ ... ry/eyesite
If the site is hacked without eyesite and one wants to check if Joomla files are changed there are this simple tool, which take 5 minutes to install and use:
http://www.jm-experts.com/extensions-to ... hash-check
However, I dont think it checks extensions, but only Joomla files.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 7 posts ] 


Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Who is online

Users browsing this forum: No registered users and 20 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group