After having been hacked

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
ct197475
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jan 13, 2015 10:07 am

After having been hacked

Post by ct197475 » Tue Jan 13, 2015 10:38 am

Hi there,

[mod removed]

Thanks in advance for your precious help to spot the weekness of this site!

Best,

Chris from France

Problem Description :: Forum Post Assistant (v1.2.4) : 13th January 2015 wrote:I have been hacked by [mod removed]
...
Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 13th January 2015 wrote:I have erased all the files and used a backup version but I can see the hacker trying to enter the site and paste this files which was a virus /images/ggg.PhP.txt
Forum Post Assistant (v1.2.4) : 13th January 2015 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.27-Stable (Ember) 30-September-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: sawtay (uid: 1/gid: 1) | Group: users (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.14.19-grsec-hosting-web-3.14 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/sawtay/www | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.34 | PHP API: fpm-fcgi | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 32759 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: -1 | Max. Execution Time: 300 | Memory Limit: 512M

MySQL Configuration :: Version: 5.1.73-2+squeeze+build1+1-log (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 23.68 MiB | #of Tables:  598
Detailed Environment :: wrote:PHP Extensions :: Core (5.4.34) | date (5.4.34) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | gmp () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | standard (5.4.34) | posix () | pspell () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | imap () | SimpleXML (0.1) | soap () | sockets () | Phar (2.0.1) | exif (1.4 $Id: 637ebf9289b40d157fdf8edcdddeb3d907b28d9b $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | memcache (3.0.6) | cgi-fcgi () | mhash () | ionCube Loader () | Zend OPcache (7.0.4-devFE) | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: Mail To (3.0.1) | Wrapper (3.0.3) | Users (3.0.3) | Banners (3.0.3) | Tags (3.0.0) | Content (3.0.8) | Search (3.0.4) | Contacts (3.0.3) | NewsFeeds (3.0.3) | WebLinks (3.0.4) | com_wrapper (2.5.0) | WF_LINKS_JOOMLALINKS_TITLE (2.4.5) | WF_AGGREGATOR_VIMEO_TITLE (2.4.5) | WF_AGGREGATOR_VINE_TITLE (2.4.5) | WF_AGGREGATOR_[youtube]_TITLE (2.4.5) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.5) | WF_POPUPS_WINDOW_TITLE (2.4.5) | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.5) | WF_FILESYSTEM_JOOMLA_TITLE (2.4.5) | WF_LINK_SEARCH_TITLE (2.4.5) | WF_FONTSIZESELECT_TITLE (2.4.5) | WF_CLEANUP_TITLE (2.4.5) | WF_CHARMAP_TITLE (2.4.5) | WF_INLINEPOPUPS_TITLE (2.4.5) | WF_AUTOSAVE_TITLE (2.4.5) | WF_CONTEXTMENU_TITLE (2.4.5) | WF_LISTS_TITLE (2.4.5) | WF_FONTCOLOR_TITLE (2.4.5) | WF_ANCHOR_TITLE (2.4.5) | WF_SEARCHREPLACE_TITLE (2.4.5) | WF_TEXTCASE_TITLE (2.4.5) | WF_IMGMANAGER_TITLE (2.4.5) | WF_TABLE_TITLE (2.4.5) | WF_LAYER_TITLE (2.4.5) | WF_CLIPBOARD_TITLE (2.4.5) | WF_ARTICLE_TITLE (2.4.5) | WF_FORMATSELECT_TITLE (2.4.5) | WF_LINK_TITLE (2.4.5) | WF_NONBREAKING_TITLE (2.4.5) | WF_STYLE_TITLE (2.4.5) | WF_VISUALBLOCKS_TITLE (2.4.5) | WF_XHTMLXTRAS_TITLE (2.4.5) | WF_PRINT_TITLE (2.4.5) | WF_FULLSCREEN_TITLE (2.4.5) | WF_MEDIA_TITLE (2.4.5) | WF_VISUALCHARS_TITLE (2.4.5) | WF_KITCHENSINK_TITLE (2.4.5) | WF_SOURCE_TITLE (2.4.5) | WF_BROWSER_TITLE (2.4.5) | WF_DIRECTIONALITY_TITLE (2.4.5) | WF_FONTSELECT_TITLE (2.4.5) | WF_STYLESELECT_TITLE (2.4.5) | WF_SPELLCHECKER_TITLE (2.4.5) | WF_PREVIEW_TITLE (2.4.5) | Double email field (1.0.0) | OPC Tracking - Webgains (1.0.0) | OPC Tracking - Ebay Commerce N (1.0.0) | Počítání konverzí - Zbozi (1.0.0) | OPC Tracking - Clicky.com (1.0.0) | OPC Tracking - Facebook.com (1.0.0) | OPC Tracking - Adwords Trackin (1.0.0) | OPC Tracking - Heureka.sk (1.0.0) | OPC Tracking - Google Tag Mana (1.0.0) | OPC Tracking - Zanox.com (1.0.0) | OPC Tracking - iDevDirect.com (1.0.0) | OPC Tracking - Touslesprix.com (1.0.0) | OPC Tracking - DS1.nl (1.0.0) | OPC Tracking - clixGalore.com (1.0.0) | OPC Tracking - ADsettings.com (1.0.0) | OPC Tracking - Adwords (1.0.0) | OPC Tracking - beslist.nl (1.0.0) | OPC Tracking - Google Analytic (1.0.0) | OPC Tracking - Heureka.cz (1.0.0) | OPC Tracking - Criteo (1.0.0) | OPC Export - Heureka.cz (1.0.0) | OPC Export - Zelania.sk (1.0.0) | OPC Export - Beslist.nl (1.0.0) | OPC Export - Google Merchant R (1.0.0) | OPC Export - Heureka.sk (1.0.0) | Ulozenka VM2 (1.0) | OPC Theme - BandBox (1.0.0) | OPC Theme - Sandwitch CSS3 (1.0.0) | OPC Theme - BandBox (1.0.0) | OPC Theme - Sandwitch CSS3 (1.0.0) | OPC Theme - Icetheme (1.0.0) | com_mailto (2.5.0) |
Components :: ADMIN :: com_media (2.5.0) | com_login (2.5.0) | onepage (2.0.274.02121) | onepage (2.0.207.21.15) | plg_system_opccurrency (1.0.1) | plg_vmpayment_opctracking (1.7.0) | plg_system_opcregistration (1.7.0) | plg_system_opccart (1.0.1) | com_finder (2.5.0) | com_config (2.5.0) | com_xmap (2.3.4) | Community Polls (3.5.8) | JCE (2.4.5) | Unknown (-) | ECB Currency Converter (1.0) | VIRTUEMART (-) | com_admin (2.5.0) | JFBConnect (5.2.2) | com_djimageslider (2.2.3) | com_newsfeeds (2.5.0) | com_templates (2.5.0) | com_plugins (2.5.0) | com_banners (2.5.0) | com_checkin (2.5.0) | com_cpanel (2.5.0) | com_ilike (2.5) | com_menus (2.5.0) | com_search (2.5.0) | JotCache (4.0.1) | com_users (2.5.0) | com_sef (4.5.1) | System - ARTIO JoomSEFURL (4.0.0) | System Language - ARTIO JoomSE (4.1.0) | System - ARTIO JoomSEF Google (4.0.0) | System - ARTIO JoomSEF (4.0.1) | Content - ARTIO JoomSEF (4.0.0) | Extension Install - ARTIO Joom (4.1.1) | Admintools (3.3.1) | com_weblinks (2.5.0) | Twitter (3.2) | Content (3.0.4) | mod_obssdemo (1.0) | System - obSocialSubmit (3.1.1) | obSocialSubmit (3.5.5) | AMAZON (2.6.14) | AMAZON (2.6.14) | VirtueMart_allinone (2.6.14) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : share on social n (1.0.0) | AcyMailing Tag : Manage the Su (4.8.1) | AcyMailing : Handle Click trac (4.8.1) | AcyMailing Template Class Repl (4.8.1) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing: override Joomla ma (4.8.1) | AcyMailing Tag : Joomla User I (4.8.1) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing : (auto)Subscribe d (4.8.1) | AcyMailing Tag : Website links (3.7.0) | AcyMailing : Handle Click trac (4.8.1) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Editor (beta) (4.8.1) | AcyMailing Module (3.7.0) | AcyMailing Tag : Date / Time (4.8.1) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Subscriber in (4.8.1) | AcyMailing (4.8.1) | com_advancedmodules (4.18.3FREE) | com_messages (2.5.0) | CJLib (2.1.1) | com_languages (2.5.0) | COM_COMMUNITYSURVEYS (3.7.2) | CSVI (5.19) | AlphaUserPoints (1.8.9) | System - AlphaUserPoints (1.8.0) | Content - AlphaUserPoints - Ra (1.8.0) | User - AlphaUserPoints - New u (1.8.1) | Content - AlphaUserPoints - St (1.8.0) | Content - AlphaUserPoints - Re (1.8.0) | Editor Button - AlphaUserPoint (1.6.0) | alphauserpointsicon (1.8.0) | AlphaUserPoints - Example Plug (1.8.0) | COM_CONTACTENHANCED (2.5.20) | com_content (2.5.0) | COM_JLEXREVIEW (1.7.1) | com_modules (2.5.0) | com_cache (2.5.0) | Akeeba (4.1.0.rc3) | com_installer (2.5.0) | com_redirect (2.5.0) | com_categories (2.5.0) | com_joomlaupdate (2.5.0) |

Modules :: SITE :: mod_articles_popular (2.5.0) | JFBCFollow (5.2.1) | mod_random_image (2.5.0) | JFBCShareDialog (5.2.1) | mod_footer (2.5.0) | mod_virtuemart_manufacturer (2.6.14) | MJ-Menu (1.0 stable) | JFBCFan (5.2.0) | JFBCSend (5.2.0) | AcyMailing Module (3.7.0) | mod_related_items (2.5.0) | mod_wrapper (2.5.0) | Sot Article Mega Slider (1.0) | Community Polls Categories (3.1.0) | mod_articles_news (2.5.0) | mod_jse_megamenu (3.1.5) | mod_feed (2.5.0) | mod_languages (2.5.0) | mod_virtuemart_product (2.6.14) | mod_syndicate (2.5.0) | Flexible - Virtuemart Zoom Eff (3.1) | JFBCComments (5.2.0) | mod_articles_category (2.5.0) | JFBCRecommendations (5.2.0) | VirtueMart Shopping Cart (2.6.14) | Community Polls Module (3.0.2) | mod_finder (2.5.0) | mod_login (2.5.0) | mod_stats (2.5.0) | MoWebSo VirtueMart 2 - Product (1.0.0) | mod_virtuemart_currencies (2.6.14) | JFBCEmbeddedPosts (5.2.0) | mod_menu (2.5.0) | mod_articles_archive (2.5.0) | Community Polls - Random Poll (3.2.2) | mod_virtuemart_category (2.6.14) | Search (filter) module for Vir (2.0.5) | mod_whosonline (2.5.0) | JFBCRequest (5.2.0) | mod_breadcrumbs (2.5.0) | JFBCSharedActivity (5.2.0) | DJ-ImageSlider (2.2.3) | JFBCRecommendationsBar (5.2.0) | mod_users_latest (2.5.0) | SCLogin (3.2.2) | mod_articles_latest (2.5.0) | mod_weblinks (2.5.0) | JFBCSocialShare (5.2.1) | JFBCFeed (5.2.0) | mod_search (2.5.0) | mod_articles_categories (2.5.0) | mod_virtuemart_search (2.6.14) | mod_custom (2.5.0) | mod_banners (2.5.0) | mod_obssdemo (1.0) | One Page Checkout Module for V (2.0.2e) | JFBCFriends (5.2.0) |
Modules :: ADMIN :: mod_multilangstatus (2.5.0) | mod_status (2.5.0) | mod_feed (2.5.0) | mod_latest (2.5.0) | mod_popular (2.5.0) | mod_logged (2.5.0) | mod_toolbar (2.5.0) | mod_submenu (2.5.0) | MOD_CACHECLEANER (3.4.3FREE) | Contact Enhanced Statistics (3.0) | mod_menu (2.5.0) | mod_quickicon (2.5.0) | mod_version (2.5.0) | VirtueMart Administrator Menu (2.6.14) | mod_custom (2.5.0) | mod_login (2.5.0) | mod_title (2.5.0) | Contact Enhanced Latest Submit (3.0) |

Plugins :: SITE :: Content (3.0.4) | Open Graph - Content (5.2.0) | Open Graph - Custom Object (5.1.0) | Community Polls - My Polls (3.0.4) | Unknown (-) | PLG_MOOIMAGECK_XML_NAME (2.0.1) | PLG_SYSTEM_CACHECLEANER (3.4.3FREE) | plg_system_p3p (2.5.0) | plg_system_opcregistration (1.7.0) | plg_system_remember (2.5.0) | PLG_SYSTEM_SOURCERER (4.4.4FREE) | System - Virtuemart Cloud Zoom (2.5.0) | PLG_SYSTEM_ADVANCEDMODULES (4.18.3FREE) | plg_system_debug (2.5.0) | Google Maps (2.20) | plg_system_cache (2.5.0) | AcyMailing : Handle Click trac (4.8.1) | AcyMailing: override Joomla ma (4.8.1) | plg_system_onepage (1.7.0) | System - JSE Mega Menu Framewo (3.0.3) | One Page Checkout Module for V (1.0.2) | plg_system_highlight (2.5.0) | System Language - ARTIO JoomSE (4.1.0) | plg_system_log (2.5.0) | plg_system_sef (2.5.0) | plg_system_redirect (2.5.0) | System - AlphaUserPoints (1.8.0) | JotMarker (4.0.1) | System - Admin Tools (3.3.1) | PLG_SYSTEM_MODULESANYWHERE (3.5.2FREE) | System - VM Auto Parent Catego (1.1.0) | plg_system_logout (2.5.0) | plg_system_opccart (1.0.1) | System - Virtuemart Slider (2.5.0) | System - obSocialSubmit (3.1.1) | plg_system_jch_optimize (Pro 3.1.2) | AcyMailing : (auto)Subscribe d (4.8.1) | plg_system_languagecode (2.5.0) | MoWebSo Plugin (1.1.0) | JotCache (4.0.1) | System - JFBCSystem (5.2.2) | System - ARTIO JoomSEF (4.0.1) | PLG_SYSTEM_NNFRAMEWORK (14.11.6) | plg_system_languagefilter (2.5.0) | plg_editors_jce (2.4.5) | AcyMailing Editor (beta) (4.8.1) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_categories (2.5.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing : Handle Click trac (4.8.1) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : Joomla User I (4.8.1) | AcyMailing Tag: Community Surv (1.0.0) | AcyMailing Tag : Manage the Su (4.8.1) | AcyMailing Tag : Website links (3.7.0) | AcyMailing Tag : Subscriber in (4.8.1) | AcyMailing : share on social n (1.0.0) | AcyMailing Template Class Repl (4.8.1) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Tag : Date / Time (4.8.1) | AcyMailing Manage text (1.0.0) | Social Profiles - Joomla (5.2.0) | Social Profiles - VirtueMart 2 (5.2.0) | Social Profiles - Custom DB (5.2.0) | plg_search_categories (2.5.0) | plg_search_contactenhanced (2.5.12) | Search - Community Polls (3.0.1) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_virtuemart (2.6.14) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | AlphaUserPoints - Example Plug (1.8.0) | Moneybookers Przelewy24 (2.6.14) | Moneybookers Sofortueberweisun (2.6.14) | Standard (2.6.14) | Klarna Checkout (2.6.14) | Moneybookers Lastschrift (2.6.14) | Sofort (2.6.14) | Moneybookers Digital Wallet (2.6.14) | PayPal (2.6.14) | Heidelpay (2.6.14) | VM - Payment, PayZen (2.0.8c) | Moneybookers Credit Cards (2.6.14) | Moneybookers Giropay (2.6.14) | Moneybookers Bank Transfer (2.6.14) | VM - Payment, Systempay (2.0.8c) | VM Payment - Paybox (2.6.14) | Authorize.net AIM (2.6.14) | Klarna (2.6.14) | plg_vmpayment_opctracking (1.7.0) | Moneybookers (2.6.14) | realex_hpp_api (2.6.14) | Sofort Ideal (2.6.14) | Moneybookers iDeal (2.6.14) | VM Payment - klikandpay (2.6.14) | User - AlphaUserPoints - New u (1.8.1) | User - JFBConnect Facebook (5.2.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | Recache (4.0.1) | Crawler Extended (4.0.1) | Crawler (4.0.1) | plg_extension_joomla (2.5.0) | Extension Install - ARTIO Joom (4.1.1) | plg_content_pagenavigation (2.5.0) | plg_content_finder (2.5.0) | plg_content_loadmodule (2.5.0) | Content - AlphaUserPoints - Ra (1.8.0) | Content - ARTIO JoomSEF (4.0.0) | plg_content_joomla (2.5.0) | PLG_CONTENT_ITPSOCIALBUTTONS (2.2) | Content - Polls (2.0.0) | plg_content_geshi (2.5.0) | Content - AlphaUserPoints - St (1.8.0) | plg_content_emailcloak (2.5.0) | Content - AlphaUserPoints - Re (1.8.0) | Content - Contact Enhanced For (2.5.20) | plg_content_pagebreak (2.5.0) | Content - JFBCContent (5.2.1) | Content - Xp iLike (2.5.0) | Content - JLexReview (1.0.0) | plg_content_vote (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_quickicon_jcefilebrowser (2.4.5) | plg_quickicon_extensionupdate (2.5.0) | alphauserpointsicon (1.8.0) | plg_quickicon_joomlaupdate (2.5.0) | Twitter (3.2) | obSS - Extern - Linkedin Compa (1.1) | obSS - Extern - Facebook Pages (4.1.2) | Weight Countries (2.6.14) | VMSHIPMENT_RULES (3.3) | VMCustom - textinput (2.6.14) | Stockable (2.6.14) | Virtuemart 2 multiple customfi (2.0.5) | VMCustom - specification (2.6.14) | VM - Calculation Avalara Tax (2.6.14) | Authentication - JFBConnect Fa (5.2.0) | plg_authentication_gmail (2.5.0) | plg_authentication_emailoruser (2.5.2) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | PLG_EDITORS-XTD_SOURCERER (4.4.4FREE) | Button - Contact Enhanced Form (2.5.10) | Editor Button - AlphaUserPoint (1.6.0) | PLG_EDITORS-XTD_MODULESANYWHER (3.5.2FREE) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | XMAP_PLUGIN_K2 (1.3) | Xmap - WebLinks Plugin (2.0.1) | Xmap - SobiPro Plugin (2.0.2) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - Virtuemart Plugin (2.0.3) | Xmap - Kunena Plugin (3.0.0) | Xmap - Community Polls (3.0.1) | Xmap - Content Plugin (2.0.4) | Realex_hpp_api (2.6.14) |
Templates Discovered :: wrote:Templates :: SITE :: Search (filter) module for Vir (2.0.5) | VMCustom - dropbox (2.0) | VMCustom - textinput (2.0.20b) | Virtuemart 2 multiple customfi (2.0.5) | VMCUSTOM_STOCKABLE (2.0.20b) | VMCustom - specification (2.0.20b) | French (fr-FR) (2.5.6.1) | mod_virtuemart_category (2.0.20b) | mod_virtuemart_manufacturer (2.0.20b) | Module Virtuemart Reward Point (2.8) | 1870 (1.1.0) | beez_20 (2.5.0) | beez5 (2.5.0) | Pinmart (2.5.0) | atomic (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Last edited by mandville on Tue Jan 13, 2015 1:51 pm, edited 2 times in total.
Reason: disbled smilies for clarity. removed kudos

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4026
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: After having been hacked

Post by itoctopus » Tue Jan 13, 2015 7:19 pm

Check the logs on your website - this will tell you a lot about your site has been attacked. Check to see if there are any .php files that are being called other than the index.php file.

You should also scan your site using maldet, and for any base64 entries in the PHP code.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter

ct197475
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jan 13, 2015 10:07 am

Re: After having been hacked

Post by ct197475 » Wed Jan 14, 2015 10:59 am

Hi itoctopus,

Thanks for your prompt reply;-)
Sorry for my newbeeness in hacking management but can you precise:
- if you see any intrusion in the logs enclosed?
- where I can find maldet (I guess Malware detection) as I cannot find any extension on the JED; can you advise one?

Thanks again for your help,

Very best,

Chris from France
You do not have the required permissions to view the files attached to this post.


Locked

Return to “Security in Joomla! 2.5”