My Joomla 1.5 web site was hacked

[andrea2002]

Nice day to all!

I'm trying to clean my Joomla 1.5 web site from hack.
If you check Google serps you may see this: http://b*i*t.ly/29UoshO

It is potitive to "v*i*a*g*r*a" and "c*i*a*l*i*s".

I did these things:

- I changed htaccess with a new clean file;

- I blocked the new registers;

- I changed administrator's login and password;

- I change login/administrator URL with htaccess script;

- I run "fpa-en.php" and I got the report I'm attaching:
here is its report: http://b*i*t.ly/2abR3OI

- I tryed to looking for the changed files via FTP but is too difficult;
but it's been too long since what has happened the fact.

I'll be gratefull for any information helpful, to solve my problem
Regards
Andrew

[dhuelsmann]

First off follow this checklist completely. There are no shortcuts. https://docs.joomla.org/Security_and_Pe ... ow_what.3F
Second Joomla 1.5.26 reached end of life in September 2012. You would be much better off installing a brand new Joomla 3.6 site.

[sozzled]

@andrea2002: As this is your first post on the forum, we will try to be gentle. I want to make four points:

1) I am very sorry to hear that your website has been hacked.

2) I cannot read any of the information in the "fpa-en.php" image you posted and it probably doesn't really matter.

3) My advice is to restore your site from the last known good backup made before the hack took place.

4) Even if you are able to restore your site successfully it will probably be hacked again (and again) and that is the number one reason to not use J! 1.5.

Perhaps this is not the "helfpul" information you want to hear but it's probably the best advice you will get. You have my condolences for your loss but that's what happens when people use software that is vulnerable to attack. J! 1.5 has not been updated or maintained for over four years.

Good luck

[andrea2002]

Thank you to everyone for usefull information.
I'll follow them.
regrads
Andrew