Stop Hackers from Accessing Template index.php?
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Mon Oct 05, 2009 2:00 pm
Stop Hackers from Accessing Template index.php?
I keep getting code inserted into my website's index.php template file which causes the website to become blacklisted for malware.
Is there any way to lock down the template, even at the server level so that it can't be edited? I tried using an ftp program to change the permissions but it just gets reset back to writable again. I thought about using phpmyadmin but I can't say I know enough to start mucking about.
I plan on upgrading the CMS in the new year, but for now, I just need to lock it down until then. Thanks in advance.
Is there any way to lock down the template, even at the server level so that it can't be edited? I tried using an ftp program to change the permissions but it just gets reset back to writable again. I thought about using phpmyadmin but I can't say I know enough to start mucking about.
I plan on upgrading the CMS in the new year, but for now, I just need to lock it down until then. Thanks in advance.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Stop Hackers from Accessing Template index.php?
This probably explains why you're getting hacked.sawgore wrote:I plan on upgrading the CMS in the new year, but for now, I just need to lock it down until then.
I have two questions for you:
1) Do you want to stop your website being hacked?
2) Are you willing to keep patching your site every time it gets hacked until you complete your upgrade plan?
There are costs associated with each of these. It depends on the cost—your time and/or your money—that you're prepared to invest. We can help (to some extent) depending on your answers and your willingness to follow our advice.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Mon Oct 05, 2009 2:00 pm
Re: Stop Hackers from Accessing Template index.php?
Not sure what you mean by this but it comes across patronizing instead of helpful.This probably explains why you're getting hacked.
I'm just going to start from scratch on a new website in the new year (the design is old, as is the CMS). For now I just want to find a way to stop them from editing the template file. Anyone have any suggestions? Thanks.
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Stop Hackers from Accessing Template index.php?
Webdongle wrote:Cleaning the site is easy ... just delete all the folders/files. Rebuilding the site is easy ... just install a fresh Joomla to a empty database and install 3rd party extensions then edit the configuration.php.
First make a backup of your database
Here is a summary of what you need to do
Before you ask what other user ask. No there is no real alternative ... you need to delete all folders/files.
Step #f is simply installing Joomla and 3rd party extensions to an empty database so you get fresh files. Then connect the files to the database that has your data. That gives you your site back. The rest cleans the site and helps keep it secure.
- Run the fpa and post the results on here
- Uninstall any untrusted 3rd party extensions and Templates https://vel.joomla.org/live-vel
- Delete all the files on the server
- Scan your computer and all computers that have server or Joomla admin access
- Change Passwords
- Install Joomla (of the same version) to a new database. Install up to date 3rd party extensions (that are not on the VEL) then edit the configuration.php to connect to the original database. Update Joomla if you have and old version
- Change your Joomla SU/Admin Passwords and check the users/groups/access levels are correct and not been tampered with. Update your Joomla And run the fpa again
Full details http://forum.joomla.org/viewtopic.php?f=714&t=757645
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Re: Stop Hackers from Accessing Template index.php?
The fact your template keeps getting modified after you cleaned it means you haven't cleaned the hack, you're just fixing the symptoms (and only partially at best). The hacker probably has uploaded a file onto your server that allows them to keep defacing your site, until you clean the hack fully you're going to keep having to play cleanup.
Follow the advice in the quoted post above, that will help you clean up as best as you are able. But be warned that Joomla 1.5 cannot be considered secure anymore and requires at least two out-of-cycle patches addressing high level vulnerabilities.
Follow the advice in the quoted post above, that will help you clean up as best as you are able. But be warned that Joomla 1.5 cannot be considered secure anymore and requires at least two out-of-cycle patches addressing high level vulnerabilities.
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: Stop Hackers from Accessing Template index.php?
@sawgore: I was not being "patronising" (and I don't appreciate that kind of characterisation). This kind of question arises thousands of times—as you would probably imagine—and so you're not alone.
You asked for help. I asked you two questions (neither of which you took the time to answer).
In reality you have a couple of choices if you want to stop your site being continually attacked. One way is to quantine your site, take it offline, and deal with the issues as @dhuelsmann outlines. The other way is to deal with the root cause of the problem—I believe it lies in using an outdated version of Joomla that has not been maintained—and bring the software up to date.
I really hope that some of our advice will help you. On the other hand, there is a third possibility that will occur and will guarantee that your site is never attacked again: your webhost will disable the site.
Good luck.
You asked for help. I asked you two questions (neither of which you took the time to answer).
In reality you have a couple of choices if you want to stop your site being continually attacked. One way is to quantine your site, take it offline, and deal with the issues as @dhuelsmann outlines. The other way is to deal with the root cause of the problem—I believe it lies in using an outdated version of Joomla that has not been maintained—and bring the software up to date.
I really hope that some of our advice will help you. On the other hand, there is a third possibility that will occur and will guarantee that your site is never attacked again: your webhost will disable the site.
Good luck.
- Webdongle
- Joomla! Master
- Posts: 44038
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Stop Hackers from Accessing Template index.php?
It means that not updating your software promptly was the most likely cause of you being hacked.sawgore wrote:Not sure what you mean by this but it comes across patronizing instead of helpful.This probably explains why you're getting hacked.
...
dhuelsmann kindly quoted me with what you need to do. At step #b you will mot likely have problems because many of your 3rd party extensions will be vulnerable but not listed in JEDsawgore wrote:...
For now I just want to find a way to stop them from editing the template file. Anyone have any suggestions? Thanks.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Virtuoso
- Posts: 4025
- Joined: Mon Nov 25, 2013 4:35 pm
- Location: Montreal, Canada
- Contact:
Re: Stop Hackers from Accessing Template index.php?
Most likely you have at least one backdoor file on your website causing this - you will need to find it and remove it. You will also need to proceed with the unhacking instructions, and then update your Joomla website and extensions to the latest version (the thing is, old versions are not that easy to secure).
If your website is really small, then I suggest you recreate your website from scratch, it'll take less time to do so.
If your website is really small, then I suggest you recreate your website from scratch, it'll take less time to do so.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter
https://twitter.com/itoctopus - Follow us on Twitter