Site hacked - Php files in media folder

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
tsili
Joomla! Apprentice
Joomla! Apprentice
Posts: 28
Joined: Wed Jul 09, 2008 4:57 pm

Site hacked - Php files in media folder

Post by tsili » Tue Oct 29, 2013 8:24 pm

Hi, it's the 5th time my host informs me about .php files in our media folder.
Here is the fpa. Any idea?
Forum Post Assistant (v1.2.3) : 29th October 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (664) | Owner: fotisp2d33 (uid: 1/gid: 1) | Group: psacln (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.0-23-generic | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/xxxxx/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.10-1ubuntu3.8 | PHP API: cgi-fcgi | Session Path Writable: Unknown | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/vhosts/xxxxxxx/:/tmp/ | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 256M

MySQL Configuration :: Version: 5.5.24-0ubuntu0.12.04.1 (Client:5.5.24) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 33.11 MiB | #of Tables: 123
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.10-1ubuntu3.8) | date (5.3.10-1ubuntu3.8) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | SPL (0.2) | iconv () | json (1.2.1) | mbstring () | pcntl () | session () | posix () | Reflection ($Revision: 321634 $) | standard (5.3.10-1ubuntu3.8) | shmop () | SimpleXML (0.1) | soap () | sockets () | Phar (2.0.1) | exif (1.4 $Id: exif.c 321634 2012-01-01 13:15:04Z felipe $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | cgi-fcgi () | curl () | gd () | imagick (3.1.0RC1) | imap () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | sqlite3 (0.7-dev) | xsl (0.1) | mhash () | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (775) | components/ (775) | modules/ (775) | plugins/ (775) | language/ (775) | templates/ (775) | cache/ (775) | logs/ (775) | tmp/ (775) | administrator/components/ (775) | administrator/modules/ (775) | administrator/language/ (775) | administrator/templates/ (775) |

Elevated Permissions (First 10) :: libraries/ (775) | libraries/pattemplate/ (775) | libraries/pattemplate/patTemplate/ (775) | libraries/pattemplate/patTemplate/Dump/ (775) | libraries/pattemplate/patTemplate/Function/ (775) | libraries/pattemplate/patTemplate/InputFilter/ (775) | libraries/pattemplate/patTemplate/Modifier/ (775) | libraries/pattemplate/patTemplate/Modifier/HTML/ (775) | libraries/pattemplate/patTemplate/OutputFilter/ (775) | libraries/pattemplate/patTemplate/Reader/ (775) |
Database Information :: wrote:Database _FPA_STATS :: Uptime: 9204246 | Threads: 3 | Questions: 478131403 | Slow queries: 6631 | Opens: 11040052 | Flush tables: 1 | Open tables: 400 | Queries per second avg: 51.946 |
Extensions Discovered :: wrote:Components :: SITE :: User (1.5.0) | Wrapper (1.5.0) | MailTo (1.5.0) | default (1.0.0) | WF_AUTOSAVE_TITLE (2.3.3.2) | WF_SPELLCHECKER_TITLE (2.3.3.2) | WF_TEXTCASE_TITLE (2.3.3.2) | WF_VISUALCHARS_TITLE (2.3.3.2) | WF_DIRECTIONALITY_TITLE (2.3.3.2) | WF_CLIPBOARD_TITLE (2.3.3.2) | WF_CLEANUP_TITLE (2.3.3.2) | WF_LAYER_TITLE (2.3.3.2) | WF_XHTMLXTRAS_TITLE (2.3.3.2) | WF_FULLSCREEN_TITLE (2.3.3.2) | WF_BROWSER_TITLE (2.3.3.2) | WF_PREVIEW_TITLE (2.3.3.2) | WF_KITCHENSINK_TITLE (2.3.3.2) | WF_PRINT_TITLE (2.3.3.2) | WF_SOURCE_TITLE (2.3.3.2) | WF_TABLE_TITLE (2.3.3.2) | WF_LINK_TITLE (2.3.3.2) | WF_CONTEXTMENU_TITLE (2.3.3.2) | WF_CHARMAP_TITLE (2.3.3.2) | WF_LISTS_TITLE (2.3.3.2) | WF_IMGMANAGER_TITLE (2.3.3.2) | WF_ARTICLE_TITLE (2.3.3.2) | WF_MEDIA_TITLE (2.3.3.2) | WF_NONBREAKING_TITLE (2.3.3.2) | WF_SEARCHREPLACE_TITLE (2.3.3.2) | WF_STYLE_TITLE (2.3.3.2) | WF_ANCHOR_TITLE (2.3.3.2) | WF_VISUALBLOCKS_TITLE (2.3.3.2) | WF_INLINEPOPUPS_TITLE (2.3.3.2) | WF_POPUPS_WINDOW_TITLE (2.3.3.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.3.2) | WF_LINK_SEARCH_TITLE (2.3.3.2) | WF_AGGREGATOR_VINE_TITLE (2.3.3.2) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.3.2) | WF_AGGREGATOR_VIMEO_TITLE (2.3.3.2) | WF_AGGREGATOR_[youtube]_TITLE (2.3.3.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.3.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.3.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.3.2) |
Components :: ADMIN :: Newsfeeds (1.5.0) | Messaging (1.5.0) | Polls (1.5.0) | Plugin Manager (1.5.0) | Menus Manager (1.5.0) | Search (1.5.0) | Banners (1.5.0) | TinCaptcha (0.1.1) | User Manager (1.5.0) | Trash (1.0.0) | AcyMailing : (auto)Subscribe d (1.3.0) | AcyMailing Tag : Joomla User I (1.3.0) | AcyMailing onPrepareContent tr (1.3.0) | AcyMailing Tag : Manage the Su (1.3.0) | AcyMailing Tag : Date / Time (1.3.0) | AcyMailing : Statistics Plugin (1.3.0) | AcyMailing Tag : online links (1.3.0) | AcyMailing Tag : Subscriber in (1.3.0) | AcyMailing Tag : content inser (1.3.0) | AcyMailing Template Class Repl (1.3.0) | AcyMailing (4.1.0) | AcyMailing : (auto)Subscribe d (3.7.0) | AcyMailing Tag : Joomla User I (3.7.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Module (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Manage the Su (3.7.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Date / Time (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Subscriber in (3.7.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Template Class Repl (3.7.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Module (1.3.0) | Media Manager (1.5.0) | CSV Improved (1.9.2) | Contact Items (1.0.0) | Cache Manager (1.5.0) | Weblinks (1.5.0) | Installation Manager (1.5.0) | Mass Mail (1.5.0) | Control Panel (1.5.0) | Template Manager (1.5.0) | Module Manager (1.5.0) | Configuration Manager (1.5.0) | Frontpage (1.5.0) | Joom!Fish (2.0.4) | VirtueMart (1.1.4) | Shipping by State (1.1.4 v2.2) | CSVI JoomFish (1.0) | JCE (2.3.3.2) | JCE (2.3.3.2) | Unknown (-) | Language Manager (1.5.0) | Content Page (1.5.0) |

Modules :: SITE :: Login (1.5.0) | Banner (1.5.0) | Breadcrumbs (1.5.0) | Search (1.0.0) | Syndicate (1.5.0) | Statistics (1.5.0) | VirtueMart Featured Products (1.1.0) | VirtueMart Module (1.1.4) | VirtueMart Search (1.1.0) | AcyMailing Module (3.7.0) | Poll (1.5.0) | VirtueMart Manufacturers (1.1.0) | Who\'s Online (1.0.0) | Sections (1.5.0) | Mod MacyVirtuemartSearch (MVMS (1.5.1) | Latest News Intro Text (1.3) | VirtueMart Random Products (1.1.0) | VirtueMart Top Ten Products (1.1.0) | VirtueMart Advanced Search (1.1.0) | Feed Display (1.5.0) | VirtueMart Shopping Cart (1.1.0) | Latest News (1.5.0) | VirtueMart Full Category List (1.1.1) | VirtueMart Multiple Display (1.0) | VirtueMart Product Categories (1.1.0) | VirtueMart Category List (1.0.1) | JoomFish-Language Selection (2.0.4) | Custom HTML (1.5.0) | VirtueMart Currency Selector (1.1.0) | VM Live Product Search (0.5.0) | Wrapper (1.0.0) | Footer (1.5.0) | Random Image (1.5.0) | VirtueMart Login (1.1.4) | Newsflash (1.5.0) | VirtueMart Product Scroller (1.1.0) | Archived Content (1.5.0) | Most Read Content (1.5.0) | JW Tabs & Slides Module (1.0) | Related Items (1.0.0) | Accordion Menu for Virtuemart (3.1.2) | Flexi Custom Code (1.0) | product_list (2.0.0) | VirtueMart Latest Products (1.1.0) | Menu (1.5.0) |
Modules :: ADMIN :: Login Form (1.0.0) | Admin Menu (1.0.0) | Logged in Users (1.0.0) | Items Stats (1.0.0) | Title (1.0.0) | Direct Translation (2.0.4) | User Status (1.5.0) | JCE File Browser (2.3.3.2) | Admin Submenu (1.0.0) | Feed Display (1.5.0) | Quick Icons (1.0.0) | Custom HTML (1.5.0) | Unread Items (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Latest News (1.0.0) | Footer (1.0.0) | Toolbar (1.0.0) |

Plugins :: SITE :: Joomfish - Missing Translation (2.0.4) | Content - Example (1.0) | Tabs & Slides (in content (2.4) | Content - Email Cloaking (1.5) | Content - Hider (1.50) | Content - Code Highlighter (Ge (1.5) | Content - Vote (1.5) | Content - Pagebreak (1.5) | Joomfish Alternative Language (2.0.4) | VirtueMart Product Snapshot (1.1.0) | Content - Load Modules (1.5) | Content - Page Navigation (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Search - Joomfish Contacts (2.0.4) | Search - Sections (1.5) | Virtuemart Extended Search Plu (1.5) | Search - Joomfish Sections (2.0.4) | Search - Categories (1.5) | Search - Newsfeeds (1.5) | Search - Weblinks (1.5) | Search - Joomfish Newsfeeds (2.0.4) | Search - Joomfish Categories (2.0.4) | Search - Content (1.5) | Search - Joomfish Content (2.0.4) | Search - Contacts (1.5) | Search - Joomfish Weblinks (2.0.4) | Editor - JCE (2.3.3.2) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | User - Joomla! (1.5) | User - Example (1.0) | System - Legacy (1.5) | Joomfish - Basic Router (2.0.4) | Joomfish - Abstraction Layer (2.0.4) | System - TinCaptcha (0.1) | AcyMailing : VirtueMart checko (1.1.2) | System - Mootools Upgrade (1.5) | System - SEF (1.5) | System - Log (1.5) | Plugin Include Component (1.7) | System - Remember Me (1.5) | System - Cache (1.5) | AcyMailing : (auto)Subscribe d (3.7.0) | System - Backlinks (1.5) | System - Debug (1.5) | Multilingual Registration Appr (1.0) | Authentication - Joomla (1.5) | Authentication - Example (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Authentication - GMail (1.5) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | AcyMailing Tag : Joomla User I (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing table of contents g (1.0.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : Manage the Su (3.7.0) | AcyMailing Tag : Date / Time (3.7.0) | AcyMailing Tag : Subscriber in (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Template Class Repl (3.7.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Tag : Website links (3.7.0) |
Templates Discovered :: wrote:Templates :: SITE :: xxxxxx (1.5.15) |
Templates :: ADMIN :: Khepri (1.0) |
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15153
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Site hacked - Php files in media folder

Post by mandville » Tue Nov 05, 2013 7:29 pm

http://docs.joomla.org/Security_Checklist_7 is what you should be looking at esp the section on 777.
treat your site as severley hacked and also look at your out of date extensions
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.putterspalace.co.uk/
Top
Locked

Return to “Security in Joomla! 1.5”