My site was hacked and been shut down by my ISP

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
Adrian22_cz
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Wed Oct 21, 2015 11:06 pm

My site was hacked and been shut down by my ISP

Post by Adrian22_cz » Wed Aug 31, 2016 7:43 pm

Hello,
I would need to help with the log to fix the problem with my site:
Forum Post Assistant (v1.2.7) : 31st August 2016 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: site12612 (uid: 1/gid: 1) | Group: site12612 (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-5-amd64 | Technology: x86_64 | Web Server: Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze25 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o | Encoding: gzip, deflate | Doc Root: /www/sites/2/site12612/public_html | System TMP Writable: No

PHP Configuration :: Version: 5.3.3-7+squeeze25 | PHP API: apache2handler | Session Path Writable: No | Display Errors: | Error Reporting: 22517 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /www/sites/2/site12612:/usr/share/php | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 10M | Max. Input Time: 30 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.5.38-1~dotdeb.0-log (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 38.99 MiB | #of Tables:  246
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.3-7+squeeze25) | date (5.3.3-7+squeeze25) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | session () | iconv () | json (1.2.1) | mbstring () | standard (5.3.3-7+squeeze25) | posix () | Reflection ($Revision: 300393 $) | SPL (0.2) | shmop () | SimpleXML (0.1) | soap () | sockets () | Phar (2.0.1) | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | apache2handler () | curl () | gd () | imagick (3.0.0RC1) | imap () | intl (1.1.0) | mcrypt () | memcache (3.0.4) | memcached (1.0.2) | mssql () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_dblib (1.0.1) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pgsql () | pspell () | recode () | xmlrpc (0.51) | xsl (0.1) | mhash () | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | mod_log_config | mod_logio | itk | http_core | mod_so | mod_alias | mod_auth_basic | mod_authn_file | mod_authz_default | mod_authz_groupfile | mod_authz_host | mod_authz_user | mod_autoindex | mod_cgi | mod_deflate | mod_dir | mod_env | mod_expires | mod_headers | mod_include | mod_info | mod_mime | mod_negotiation | mod_php5 | mod_reqtimeout | mod_rewrite | mod_setenvif | mod_ssl | mod_status | Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze25 with Suhosin-Patch mod_ssl/2.2.16 OpenSSL/0.9.8o |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (770) | components/ (770) | modules/ (770) | plugins/ (770) | language/ (770) | templates/ (770) | cache/ (770) | logs/ (770) | tmp/ (770) | administrator/components/ (770) | administrator/modules/ (770) | administrator/language/ (770) | administrator/templates/ (770) |

Elevated Permissions (First 10) :: administrator/ (770) | administrator/backups/ (770) | administrator/cache/ (770) | administrator/components/ (770) | administrator/components/com_admin/ (770) | administrator/components/com_admin/tmpl/ (770) | administrator/components/com_banners/ (770) | administrator/components/com_banners/controllers/ (770) | administrator/components/com_banners/elements/ (770) | administrator/components/com_banners/helpers/ (770) |
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | Blue (1.0.0) | User (1.5.0) | Wrapper (1.5.0) | Banners (2.0.3) | Contacts (2.0.4) | Content (2.0.25) | Mail To (2.0.2) | NewsFeeds (2.0.3) | Search (2.0.6) | User (2.0.6) | WebLinks (2.0.3) | Wrapper (2.0.2) |
Components :: ADMIN :: Banners (1.5.0) | Cache Manager (1.5.0) | Configuration Manager (1.5.0) | Contact Items (1.0.0) | Content Page (1.5.0) | Control Panel (1.5.0) | forme (1.0.6) | Frontpage (1.5.0) | Installation Manager (1.5.0) | Language Manager (1.5.0) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Menus Manager (1.5.0) | Messaging (1.5.0) | Module Manager (1.5.0) | Newsfeeds (1.5.0) | PhocaGallery (2.7.5) | Default (1.0.0) | Plugin Manager (1.5.0) | Polls (1.5.0) | Search (1.5.0) | Template Manager (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Weblinks (1.5.0) | JComments (2.2.0.2) | RSForm (1.3.0 R36) | rsinstaller (1.3.0) | AcyMailing Plugin (1.0.0) | Agora Plugin (1.0.0) | Contacts Plugin (1.0.1) | Content Plugin (1.5.1) | DOCman Plugin (1.5.0) | Eventlist Plugin (1.0.0) | Gallery2 Bridge Plugin (1.0.2) | Glossary Plugin (1.5.2) | Hot Property Plugin (1.0.1) | JCALPro Plugin (1.0.0) | JDownloads Plugin (1.5.1) | JEvents Plugin (1.0.3) | JMovies Plugin (1.5.0) | Jomres Plugin (1.0) | JoomDOC Extension (1.0.0) | JoomGallery Plugin (1.5.1) | KnowledgeBase Plugin (1.0.0) | Kunena Plugin (1.0.2) | lknAnswers Plugin (1.5.0) | Mosets Tree Plugin (1.0.1) | MyBlog Plugin (1.5.1) | Rapid Recipe Plugin (1.0.0) | Remository Plugin (1.0.3) | JoomSuite Resources Plugin (1.0.0) | RD-Autos Plugin (1.5.0) | Rokdownloads Plugin (1.0.4) | RSGallery2 Extension (1.0.0) | SectionEx Plugin (1.0.2) | CMS Shop Builder Plugin (1.5.0) | SOBI2 Plugin (1.5.1) | Virtuemart Plugin (1.1.4) | Web Links Plugin (1.5.1) | Yoflash XMap Plugin (0.0.1) | Zoo Plugin (1.0.4) | Xmap (1.2.14) | SEF (3.12.2) | System - ARTIO JoomSEF (3.3.13) | System - ARTIO JoomSEF Google (3.0.0) | Banners (2.0.3) | Contacts (2.0.4) | Content (2.0.25) | Mail To (2.0.2) | NewsFeeds (2.0.3) | Search (2.0.6) | User (2.0.6) | WebLinks (2.0.3) | Wrapper (2.0.2) | Example Extension XML (2.0.1) | SEF (3.12.2) |

Modules :: SITE :: Archived Content (1.5.0) | ARI Ext Menu (2.0.7) | Art Wijmo Menu (1.5.5) | Banner (1.5.0) | Blank Module (v5.1) | Breadcrumbs (1.5.0) | Cassrina Hover Image Menu (2.1) | Custom HTML (1.5.0) | HD-CustomCSS (1.0) | Feed Display (1.5.0) | Flexheader3 (1.3.1) | Footer (1.5.0) | Joomla 1.5 HTML Module (1.5.0) | JA Newsflash Module (1.0.3) | JA Top Panel Module (1.0.1) | Latest News (1.5.0) | Login (1.5.0) | Menu (1.5.0) | Maxi Menu CK for Joomla!1.5 (4.23) | Most Read Content (1.5.0) | Newsflash (1.5.0) | Nice Ajax Poll (1.3.0) | Phoca Gallery Image Module (2.7.5) | Poll (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | Search (1.0.0) | Sections (1.5.0) | spro [youtube] popup (1.5.0) | Statistics (1.5.0) | Syndicate (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) | ITPFacebookLikeBox (1.2) | RSForm! Pro Module (1.3.0) | RSForm! Pro Feedback Module (1.3.0) | RSForm! Pro Module Frontend Li (1.3.0) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.0.0) | Latest News (1.0.0) | Logged in Users (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Items Stats (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) |

Plugins :: SITE :: Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | Phoca Gallery Plugin (2.7.7) | Content - Vote (1.5) | Content - JComments (1.0) | Content - RSForm! Pro (1.3.0) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Phoca Gallery (2.7.1) | Button - Readmore (1.5) | Editor Button - JComments ON (1.0) | Editor Button - JComments OFF (1.0) | Button - Xmap Link (1.0) | Search - Categories (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Weblinks (1.5) | Search - JComments (1.0) | System - Backlinks (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - jQuery (1.3.1) | System - Legacy (1.5) | System - Log (1.5) | System - Mootools Upgrade (1.5) | System - Remember Me (1.5) | System - SEF (1.5) | System - JComments (1.0) | System - RSForm! Pro Feedback (1.3.0) | System - RSForm! Pro (1.3.0) | System - RSForm! Pro - RSMail! (1.3.0) | System - RSForm! Pro reCAPTCHA (1.3.0) | System - RSForm! Pro MailChimp (1.0.0) | System - ARTIO JoomSEF (3.3.13) | System - ARTIO JoomSEF Google (3.0.0) | User - Example (1.0) | User - Joomla! (1.5) | User - JComments (1.0) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) |
Templates Discovered :: wrote:Templates :: SITE :: Snowsportschool (2.3) | jTemplate (1.0.3) |
Templates :: ADMIN :: Khepri (1.0) | APLite (0.9.3) |

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19659
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: My site was hacked and been shut down by my ISP

Post by dhuelsmann » Wed Aug 31, 2016 8:05 pm

Support for your very outdated version ended in Sept 2012. As a result you will likely be hacked again. It would be better to migrate your site once you fix it to the current version of Joomla 3.6.2. Meanwhile follow all of the steps described in the following url.
http://forum.joomla.org/viewtopic.php?f=714&t=757645
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org


Locked

Return to “Security in Joomla! 1.5”