My site is running on 1.52 - now web hosters closed my site

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
AnthonyBounds
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Mar 09, 2009 1:18 pm

My site is running on 1.52 - now web hosters closed my site

Post by AnthonyBounds » Tue Jun 23, 2009 7:19 pm

Cutting a long story short the site was closed due to vulnerability scripts in folders.

What should i do?

This is what web hosters have concluded today - help! I want ny sire www.studentguardian.co.uk up and running asap please......

Anthony

Hi;

You can check the file owner ships and permissions after logging into the account via shell command prompt or from the Cpanel >>> file manager. You can also manipulate the file permissions from the FTP for more details you can see the KB links given below.

http://www.jaguarpc.com/support/kbase/595.html
http://www.jaguarpc.com/support/kbase/596.html
http://www.jaguarpc.com/support/kbase/35.html

Just changing the permissions is not enough. Please ask the developer to apply the security tips as provided in the KB link provided earlier.

Thanks for the cooperation.

Feel free to contact us if you need further assistance.

Regards,
Shaun | Technical Support

doc_flake
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 147
Joined: Fri Mar 21, 2008 9:26 pm
Location: Bad Schwartau / Lubeck, Germany

Re: My site is running on 1.52 - now web hosters closed my site

Post by doc_flake » Tue Jun 23, 2009 7:34 pm

AnthonyBounds wrote:What should i do?
You should update to 1.5.11, make sure file-permissions and folder-permissions are set correctly and stay up-to-date with security updates from now on.
Done that, you could ask your provider to put your site back online (assuming it hasn't been compromised).

AnthonyBounds
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Mar 09, 2009 1:18 pm

Re: My site is running on 1.52 - now web hosters closed my site

Post by AnthonyBounds » Wed Jun 24, 2009 8:38 am

Hello doc_flake

Thanks, have you updated patches yourself - is it easy.

Thanks

Anthony

doc_flake
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 147
Joined: Fri Mar 21, 2008 9:26 pm
Location: Bad Schwartau / Lubeck, Germany

Re: My site is running on 1.52 - now web hosters closed my site

Post by doc_flake » Wed Jun 24, 2009 8:30 pm

Have a look here and adapt it to your situation.

HTH
Martin

AnthonyBounds
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Mar 09, 2009 1:18 pm

Re: My site is running on 1.52 - now web hosters closed my site

Post by AnthonyBounds » Wed Jun 24, 2009 9:43 pm

Thanks Martin,

I'll have a look - its a nightmare so far!! Go nowhere in 3 days!!

Anthony

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14818
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: My site is running on 1.52 - now web hosters closed my site

Post by mandville » Thu Jun 25, 2009 12:34 am

This topic is an example of the very least that can happen when someone sits back and forgets the simplest of rules for joomla. http://tiny url.com/10sat
You have no idea what possible files have been inserted into your folders. It may be best to work with your host and just do a clean install of Joomla and wipe the entire directory of your old install.
just stepping through the upgrade without checking your folders may lead you to more issues later on.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

becyn
Joomla! Explorer
Joomla! Explorer
Posts: 458
Joined: Mon Aug 11, 2008 1:16 am
Location: Newburgh Ny , USA
Contact:

Re: My site is running on 1.52 - now web hosters closed my site

Post by becyn » Thu Jun 25, 2009 4:14 pm

AnthonyBounds wrote:Hello doc_flake

Thanks, have you updated patches yourself - is it easy.

Thanks

Anthony
The patch works by the same method that you used to get the original joomla site in your doc root.
However, hopefully you read and heeded the guidelines for dealing with live sites. Always pretest any such operations on a clone dummy site first! If all goes well after fully operating all functions in the dummy site, you should be good to go on the live site.

The patch process: DO A BACKUP FIRST!!!!!
1) find what version you have
2) locate the patch tarball or zip that brings your version to the current version.
3) upload that file to your local machine and do a MD5 sum on it.
verify that it is correct.
4)if your host has a cpanel upload the file into doc root.
5) extract. This will overwrite all of the appropriate files. (a list will display)
6) done, now test that the live site is OK.

Initially , if you don't have the clone site, you have some work to do. Once this is completed, it's apiece of cake. All of the anxiety is gone because you have backups and have pre-tested the upgrade.
Learn something new every day!


Locked

Return to “Security in Joomla! 1.5”