Joomla! 2.5.4 hacked

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
spastic
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Sep 20, 2011 9:25 am

Joomla! 2.5.4 hacked

Post by spastic » Mon Jan 19, 2015 9:13 pm

Hi there,
I hope i'm posting my problem on the right place..
My site has been defaced.
It happend last week, I had a couple of k2 items, as well as some users inserted in the site. I deleted them, and changed my admin login and hoped for everything to be fine. Today I have the same problem, so I now want to do it the right way and check all the website for problems it may have.

Using the post assistance tool:

[quote="Problem Description :: Forum Post Assistant (v1.2.4) : 19th January 2015"]Site Deface problem [/quote][quote="Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.4) : 19th January 2015"][19-Jan-2015 19:29:08 UTC] PHP Warning: implode() [<a href=\'function.implode\'>function.implode</a>]: Invalid arguments passed in /home/allircom/public_html/amigasdopeito/templates/theme996/html/com_k2/templates/portfolio/category.php on line 243[/quote][quote="Actions Taken To Resolve by Forum Post Assistant (v1.2.4) 19th January 2015"]Hi there,
I hope i\'m posting my problem on the right place..
My site has been defaced.
It happend last week, I had a couple of k2 items, as well as some users inserted in the site. I deleted them, and changed my admin login and hoped for everything to be fine. Today I have the same problem, so I now want to do it the right way and check all the website for problems it may have.
Thanks!
[/quote][quote="Forum Post Assistant (v1.2.4) : 19th January 2015"][quote="Basic Environment ::"]Joomla! Instance :: Joomla! 2.5.4-Stable (Ember) 2-April-2012
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: allircom (uid: 1/gid: 1) | Group: allircom (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 1 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-458.23.2.lve1.2.45.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 | Encoding: | Doc Root: /home/allircom/public_html/amigasdopeito | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.27 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 19th January 2015 20:28:49. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: /home/:/home2/:/home3/:/usr/lib/php:/usr/local/lib/php:/tmp/:/usr/local/:/usr/bin | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 10M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.5.40-cll (Client:5.5.40) | Host: --protected-- (--protected--) | Collation: latin1_general_ci (Character Set: latin1) | Database Size: 157.23 MiB | #of Tables: 72
[/quote][quote="Detailed Environment ::"]PHP Extensions :: Core (5.3.27) | date (5.3.27) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.27) | Phar (2.0.1) | posix () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
[/quote][quote="Folder Permissions ::"]Core Folders :: --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) | --protected-- (755) |

Elevated Permissions (First 10) ::
[/quote][quote="Extensions Discovered ::"]Strict Information Privacy was selected. Nothing to display.[/quote][/quote][quote="Templates Discovered ::"]_FPA_STRICT Information Privacy Nothing to display.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14799
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla! 2.5.4 hacked

Post by mandville » Mon Jan 19, 2015 9:24 pm

your site is very very very out of date follow this http://forum.joomla.org/viewtopic.php?f=432&t=475313
and checklist 7
you have also hidden your permissions and components that may also cause hacking
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}


Locked

Return to “Security in Joomla! 2.5”