Joomla! Forum - community, help and support

Hi

I've run a 1.5.26 site for some time. It's a simple website for a small business.

It was hacked & then recovered by my host however there have been a few issues post hack which I've been unable to solve.

1. It's very slow to load. Up to 15 seconds for the home page. My host has checked it & report it's all fine from their end
2. I've run it through a few hack checkers & they report some cloaking.
3. When searching on google it presents weird title & site descriptions "(301 Moved 通販 【年間定番】 Permanently -www.mdaservices.com.au)"
4. I've reindexed via google webmaster tools, new site map etc & it all reports fine.

web address : http://www.mdaservices.com.au

Site owner is not interested in upgrading as it is a simple brochure site.

Help would be appreciated.

cheers

Help would be appreciated.

My advice is "upgrade the joomla version". Equally importantly backup your site, and don't rely on the host to do so.

Site owner is not interested in upgrading as it is a simple brochure site.

The continued risk then is the site is then still at risk of being hacked.

Also I'm surprised your host lets you run something that old and vulnerable to security attacks.

Are you sure the clean-up has been done 100%, I mean, the previous remnants of the hack may still linger.

Thanks A Murray.

Like I said my client is not keen for an upgrade as it's a simple site.

Any other suggestions as to how I can identify where the rogue content is coming from?

Cheers.

Mod. Note: Relocated the topic to the Security Forum.

Follow the stickies in this forum on how to recover from a hack.

Zaphod42 wrote:Like I said my client is not keen for an upgrade as it's a simple site.

Like we've said, many times before, our advice is to update/upgrade/migrate your old J! 1.5 websites while you're in a position to do so.

You've asked how to identify where some "rogue"/unexplained content is generated on your client's website. The issue arises because the website is operating J! 1.5.28 and it has been operating—unmaintained and uncared for—"for some time". J! 1.5.x websites are notorious for the opportunities they present themselves to cyber ne'er-do-wells; J! 1.5.x websites are notoriously easy to exploit. A team of cyber terrorists could crack into a J! 1.5.x website in little more than 10 minutes with nothing more than a tooth pick.

So, when you say that this website has been running "for some time" using J! 1.5.28, your client is "not interested" in investing their time in properly fixing the problem (because it's only a "simple business"), right at the moment the website has been successfully compromised and your customer's business may well suffer because of the impact these "weird titles & site descriptions" are having. Fortunately for me, that's not my problem!

You want to know the source of the attacks? Look in the server logfile. You want to fix the problem? That's a different question.

Presently I did not found any 301 redirect with Chinese characters, so it seems to be fixed now. But if you wish to secure the site the best and most important basic step is to upgrade to latest stable version, if you don't do that you are again going to face such issues.