We recently've been hacked. We're running 1.5.25, we were about to update to 1.5.26.
There was a
- malicious phpinfo.php file at root level (above the joomla installation)
- unwanted .htaccess at server root level and joomla root level
- injected code in /libraries/joomla/factory.php
Code was like this:
I removed the .htaccess & removed the injected code from the factory.php but now I cannot connect to the SQL db. I have an error message saygin://bldQNTCWORb695RmAGhsPX
$GLOBALS['_1659886199_']=Array(base64_decode('ZGVmaW5l'),...}
I guess there is other malicious code in other files. Any idea how to fix this?Database Error: Unable to connect to the database:The MySQL adapter "mysqli" is not available.
Here is the FPA:
Problem Description :: Forum Post Assistant (v1.2.3) : 30th October 2013 wrote:Site Hacked malicious code added in factory.php
Log/Error Message :: Forum Post Assistant (v1.2.3) : 30th October 2013 wrote:Database Error: Unable to connect to the database:The MySQL adapter \"mysqli\" is not available.
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 30th October 2013 wrote:I removed the malicious .htaccess file and the code added in the /libraries/joomla/factory.php file but since then the joomla can\'t connect to my database anymore.
Forum Post Assistant (v1.2.3) : 30th October 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.25-Stable (senu takaa ama mamni) 14-November-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: ducatisu (uid: 1/gid: 1) | Group: users (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 1 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 3.10.11-mutu-grs-ipv6-64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /homez.707/ducatisu/www | System TMP Writable: Unknown
PHP Configuration :: Version: 4.4.9 | PHP API: cgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 2039 | Log Errors To: | Last Known Error: | Register Globals: 1 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: -1 | Max. Execution Time: 120 | Memory Limit:
MySQL Configuration :: Connection Error: : Database Credentials Present? in Configuration...Detailed Environment :: wrote:PHP Extensions :: zip () | xslt () | xml () | wddx () | tokenizer (0.1) | sysvshm () | sysvsem () | sysvmsg () | standard (4.4.9) | session () | pspell () | posix () | pgsql () | pdf () | overload () | mysql () | ming () | mhash () | mcrypt () | mbstring () | imap () | gmp () | gettext () | gd () | ftp () | filepro () | exif (1.4 $Id: exif.c,v 1.118.2.37.2.8 2007/12/31 07:22:46 sebastian Exp $) | domxml (20020815) | dbase () | dba () | db () | curl () | ctype () | calendar () | bcmath () | zlib (1.1) | pcre () | openssl () | Zend Engine (1.3.0) |
Potential Missing Extensions :: libxml | iconv | mysqli | suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (705) | components/ (705) | modules/ (705) | plugins/ (705) | language/ (705) | templates/ (705) | cache/ (705) | logs/ (705) | tmp/ (705) | administrator/components/ (705) | administrator/modules/ (705) | administrator/language/ (705) | administrator/templates/ (705) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: Wrapper (1.5.0) | Default (1.5.7) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Unknown (-) | Kunena Forum - English (1.7.2) | Kunena Forum - French (1.7.2) | User (1.5.0) | MailTo (1.5.0) |
Components :: ADMIN :: Messaging (1.5.0) | Module Manager (1.5.0) | uddeim (2.1) | Weblinks (1.5.0) | MorfeoShow (1.2.0) | GCalendar (2.2.0) | Menus Manager (1.5.0) | com_kunena (1.7.2) | Kunena Forum - English (1.7.2) | Kunena Forum - French (1.7.2) | Kunena (1.7.2) | plg_system_kunena (-) | plg_system_kunena (-) | plg_system_kunena (1.7.2) | System - Kunena (1.7.2) | Kunena language pack (@kunenaversio) | Content Page (1.5.0) | Installation Manager (1.5.0) | Frontpage (1.5.0) | Contact Items (1.0.0) | Media Manager (1.5.0) | Language Manager (1.5.0) | JCalPro (1.6.0 Beta.17) | Trombinoscope (1.0.0) | Desmodrome (0.3.0) | Newsfeeds (1.5.0) | sql2excel (2.1.2) | Template Manager (1.5.0) | Dsb Gallery (1.0.0) | Dsb Gallery (1.0.0) | Configuration Manager (1.5.0) | System - Smartsef (1.5) | smartsef (1.5.0) | Smartsef plugin - search (1.0) | Smartsef plugin - weblinks (1.0) | Smartsef plugin - user (1.0) | Smartsef plugin - Contact (1.0) | Smartsef plugin - Newsfeeds (1.0) | Smartsef plugin - mailto (1.0) | Smartsef plugin - virtuemart (1.0) | Plugin Manager (1.5.0) | Cache Manager (1.5.0) | Banners (1.5.0) | wgPicasa (1.1.4) | JCE (1.5.7.6) | User Manager (1.5.0) | DOCman (1.5.7) | DOCman Most Downloaded (1.5) | Unapproved Documents - admin m (1.5) | Latest news from http://www.joomlatoo (1.5) | Latest logged downlods - admin (1.5) | DOCman Lister (1.5) | DOCman Category (1.5) | Latest added documents - admin (1.5) | dmtestplugin (1.5) | DOCman Standard Buttons (1.5.7) | Search - DOCman (1.5.7) | DOCLink (1.5.7) | Most downloaded documents - ad (1.5) | DOCman Latest Downloads (1.5) | Control Panel (1.5.0) | Mass Mail (1.5.0) | Dsb Stats (1.0.0) | Search (1.5.0) | Trash (1.0.0) |
Modules :: SITE :: Banner (1.5.0) | Syndicate (1.5.0) | JCal Client Mini-calendar (1.6.179 Beta) | DOCman Category (1.5) | uddeIM Notifier (2.0) | uddeIM Notifier (2.0) | Nurte Facebook Like Box Module (1.0.0.0) | Who\'s Online (1.0.0) | Newsflash (1.5.0) | VirtueMart Module (1.1.4) | VirtueMart Manufacturers (1.1.0) | VirtueMart Featured Products (1.1.0) | Most Read Content (1.5.0) | GCalendar Overview (2.2.0) | Sections (1.5.0) | VirtueMart Latest Products (1.1.0) | VirtueMart Login (1.1.4) | VirtueMart Product Categories (1.1.0) | Jshopping cart (2.5.0) | DOCman Latest Downloads (1.5) | VirtueMart Search (1.1.0) | Login (1.5.0) | Related Items (1.0.0) | Statistics (1.5.0) | GCalendar Upcoming Events (2.2.0) | Archived Content (1.5.0) | VirtueMart Random Products (1.1.0) | Apoll (2.1.005) | Poll (1.5.0) | DOCman Lister (1.5) | Wrapper (1.0.0) | Module DsbGallery (0.5) | DOCman Most Downloaded (1.5) | VirtueMart Currency Selector (1.1.0) | Module DOC (0.5) | Random Image (1.5.0) | VirtueMart Top Ten Products (1.1.0) | Module Statistiques du Dsb (0.5) | Search (1.0.0) | Menu (1.5.0) | SQL 2 Excel Module (1.1.4) |
Modules :: ADMIN :: Toolbar (1.0.0) | Admin Submenu (1.0.0) | Popular Items (1.0.0) | Custom HTML (1.5.0) | Items Stats (1.0.0) | Online Users (1.0.0) | Login Form (1.0.0) | Title (1.0.0) | Admin Menu (1.0.0) | Most downloaded documents - ad (1.5) | Unread Items (1.0.0) | Quick Icons (1.0.0) | Latest News (1.0.0) | Unapproved Documents - admin m (1.5) | Feed Display (1.5.0) | Logged in Users (1.0.0) | User Status (1.5.0) | Latest added documents - admin (1.5) | Footer (1.0.0) | Latest logged downlods - admin (1.5) | Latest news from http://www.joomlatoo (1.5) |
Plugins :: SITE :: Button - Readmore (1.5) | Button - Pagebreak (1.5) | Button - Image (1.0.0) | DOCLink (1.5.7) | User - Example (1.0) | User - Joomla! (1.5) | Content - Pagebreak (1.5) | Content - Example (1.0) | Content - Vote (1.5) | Content - Page Navigation (1.5) | Nurte Facebook Like Button (2.0.0.0) | Content - Email Cloaking (1.5) | Content - [issuu] (2.10) | Content - Code Highlighter (Ge (1.5) | Content - Load Modules (1.5) | DOCman Standard Buttons (1.5.7) | Search - Contacts (1.5) | Search - DOCman (1.5.7) | Search - Sections (1.5) | Search - Content (1.5) | Search - Newsfeeds (1.5) | Search - Weblinks (1.5) | Search - Categories (1.5) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Authentication - LDAP (1.5) | Authentication - GMail (1.5) | Authentication - OpenID (1.5) | Authentication - Example (1.5) | Authentication - Joomla (1.5) | Editor - XStandard Lite for Jo (1.0) | Editor - TinyMCE 3 (3.2.4.1) | Editor - JCE (1.5.7.6) | File Browser (1.5.7.6) | Paste (1.5.7.6) | Media Object support (1.5.7.6) | Advanced Code Editor (1.5.7.6) | Advanced Link (1.5.7.6) | Joomla! Links for Advanced Lin (1.2.1) | Image Manager (1.5.7.6) | JCE SPELLCHECKER TITLE (1.5.7.6) | Paste (1.5.7.6) | System - Log (1.5) | System - Backlinks (1.5) | System - Legacy (1.5) | System - SEF (1.5) | System - Mootools Upgrade (1.5) | System - Kunena (1.7.2) | System - jQuery (1.2) | System - Remember Me (1.5) | System - Smartsef (1.5) | System - Debug (1.5) | System - EasyCalcCheck PLUS (1.5-14-1) | System - DsbStats (1.5) | System - Cache (1.5) |Templates Discovered :: wrote:Templates :: SITE :: DSB 2011 (1.0.0) | rhuk_milkyway (1.0.2) | beez (1.0.0) | Ducati Sud Belgio Template (1.0.0) | JA_Purity (1.2.0) |
Templates :: ADMIN :: Khepri (1.0) |
