Anyone have any input on hack is actually done?

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Thu Aug 13, 2009 8:11 pm

Anyone have any input on hack is actually done?

Post by mtotombogo » Wed May 06, 2015 11:40 am

Anyone have any input on how this is actually done?
The simplest would appear to be going straight for the database? - as no admin email being sent, would indicate this.. for my hack i was alerted though in my spam folder though so maybe they got in through the Joomla side... i have disabled the login extension already though.

I've gone in and changed all the usernames and passwords for mysql and joomla site.
interesting to see if that alone fixes it.
I don't really have many add-on extensions, but I am using a commercial template so wonder if that does it.
Any issues with JS slideshow that anyone knows about? the only thing I can think of, other than they have managed to grab an akeeba backup somehow.
the extension advised to track issues actually has a rather bold disclaimer on it, so seems like between a rock and a hardplace again.

User avatar
Bernard T
Joomla! Guru
Joomla! Guru
Posts: 782
Joined: Thu Jun 29, 2006 11:44 am
Location: Hrvatska

Re: Site Hacked through User Registration

Post by Bernard T » Wed May 06, 2015 4:31 pm


you should have opened a separate topic.

The FPA script report would help, start with the sticky article: ... you will also find advice there to look for any of your extensions on VEL lists. and
VEL Team || Security Forum || PHP/Web Security Specialist || OWASP member
JAMSS author
Twitter: @toplak



Return to “Security in Joomla! 2.5”