Can anyone please help me understand what is the cause of my site being compromised?
For start, I quote FPA's output below:
Thanks in advance,Forum Post Assistant (v1.2.3) : 3rd March 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.6.0-Stable (Onward) 10-Jan-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: 0 (uid: /gid: ) | Group: 0 (gid: ) | Valid For: 1.6
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Windows NT | OS Version: 5.2 | Technology: i586 | Web Server: Microsoft-IIS/6.0 | Encoding: gzip, deflate | Doc Root: C:/Inetpub/wwwroot | System TMP Writable: No
PHP Configuration :: Version: 5.3.5 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.5.8 (Client:mysqlnd 5.0.7-dev - 091210 - $Revision: 304625 $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 2.14 MiB | #of Tables: 33Detailed Environment :: wrote:PHP Extensions :: Core (5.3.5) | bcmath () | calendar () | com_dotnet (0.1) | ctype () | date (5.3.5) | ereg () | filter (0.11.0) | ftp () | hash (1.0) | iconv () | json (1.2.1) | mcrypt () | SPL (0.2) | odbc (1.0) | pcre () | Reflection ($Revision: 305605 $) | session () | standard (5.3.5) | mysqlnd (mysqlnd 5.0.7-dev - 091210 - $Revision: 304625 $) | tokenizer (0.1) | zip (1.9.1) | zlib (1.1) | libxml () | dom (20031129) | PDO (1.0.4dev) | Phar (2.0.1) | SimpleXML (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | cgi-fcgi () | mysql (1.0) | mhash () | Zend Engine (2.3.0) |
Potential Missing Extensions :: openssl | curl | mbstring | mysqli | suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |
Elevated Permissions (First 10) :: administrator/ (777) | administrator/cache/ (777) | administrator/components/ (777) | administrator/components/com_admin/ (777) | administrator/components/com_admin/controllers/ (777) | administrator/components/com_admin/helpers/ (777) | administrator/components/com_admin/helpers/html/ (777) | administrator/components/com_admin/models/ (777) | administrator/components/com_admin/models/forms/ (777) | administrator/components/com_admin/views/ (777) |Extensions Discovered :: wrote:Components :: SITE :: com_mailto (1.6.0) | com_wrapper (1.6.0) |
Components :: ADMIN :: com_admin (1.6.0) | com_banners (1.6.0) | com_cache (1.6.0) | com_categories (1.6.0) | com_checkin (1.6.0) | com_config (1.6.0) | com_content (1.6.0) | com_cpanel (1.6.0) | com_installer (1.6.0) | com_languages (1.6.0) | com_login (1.6.0) | com_media (1.6.0) | com_menus (1.6.0) | com_messages (1.6.0) | com_modules (1.6.0) | com_newsfeeds (1.6.0) | com_plugins (1.6.0) | com_redirect (1.6.0) | com_search (1.6.0) | com_templates (1.6.0) | com_users (1.6.0) | weblinks (1.6.0) |
Modules :: SITE :: mod_articles_archive (1.6.0) | mod_articles_categories (1.6.0) | mod_articles_category (1.6.0) | mod_articles_latest (1.6.0) | mod_articles_news (1.6.0) | mod_articles_popular (1.6.0) | mod_banners (1.6.0) | mod_breadcrumbs (1.6.0) | mod_custom (1.6.0) | mod_feed (1.6.0) | mod_footer (1.6.0) | mod_languages (1.6.0) | mod_login (1.6.0) | mod_menu (1.6.0) | mod_random_image (1.6.0) | mod_related_items (1.6.0) | mod_search (1.6.0) | mod_stats (1.6.0) | mod_syndicate (1.6.0) | mod_users_latest (1.6.0) | mod_weblinks (1.0.0) | mod_whosonline (1.6.0) | mod_wrapper (1.6.0) |
Modules :: ADMIN :: mod_custom (1.6.0) | mod_feed (1.6.0) | mod_latest (1.6.0) | mod_logged (1.6.0) | mod_login (1.6.0) | mod_menu (1.6.0) | mod_online (1.6.0) | mod_popular (1.6.0) | mod_quickicon (1.6.0) | mod_status (1.6.0) | mod_submenu (1.6.0) | mod_title (1.6.0) | mod_toolbar (1.6.0) | mod_unread (1.6.0) |
Plugins :: SITE :: plg_authentification_example (1.6.0) | plg_authentication_gmail (1.6.0) | plg_authentication_joomla (1.6.0) | plg_authentication_ldap (1.6.0) | plg_content_emailcloak (1.6.0) | plg_content_example (1.0) | plg_content_geshi (1.6.0) | plg_content_joomla (1.6.0) | plg_content_loadmodule (1.6.0) | plg_content_pagebreak (1.6.0) | plg_content_pagenavigation (1.6.0) | plg_content_vote (1.6.0) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.3.9.3) | plg_editors-xtd_article (1.0.0) | plg_editors-xtd_image (1.0.0) | plg_editors-xtd_pagebreak (1.6.0) | plg_editors-xtd_readmore (1.6.0) | plg_extension_example (1.0) | plg_extension_joomla (1.6.0) | plg_search_categories (1.6.0) | plg_search_contacts (1.6.0) | plg_search_content (1.6.0) | plg_search_newsfeeds (1.6.0) | plg_search_weblinks (1.6.0) | plg_system_cache (1.6.0) | plg_system_debug (1.6.0) | plg_system_languagefilter (1.6.0) | plg_system_log (1.6.0) | plg_system_logout (1.6.0) | plg_system_p3p (1.6.0) | plg_system_redirect (1.6.0) | plg_system_remember (1.6.0) | plg_system_sef (1.6.0) | plg_user_contactcreator (1.6.0) | plg_user_example (1.0) | plg_user_joomla (1.6.0) | plg_user_profile (1.6.0) |Templates Discovered :: wrote:Templates :: SITE :: atomic (1.6.0) | beez5 (1.6.0) | beez_20 (1.6.0) |
Templates :: ADMIN :: bluestork (1.6.0) | hathor (1.6.0) |
---
Theo