Site closed by host, suspects malware or something.

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Fyrsten
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Aug 16, 2016 6:58 pm

Site closed by host, suspects malware or something.

Postby Fyrsten » Tue Aug 16, 2016 7:18 pm

Hi. I am new here. Have a problem with my site, probably some malware, so I downloaded the Forum Post Assistant and ran it. I hope someone can help me sort out the problem, based on the information given from FPA below. By the way, the server has old software, and does not support any newer version of Joomla. That's why it's outdated.

Thanks.

Forum Post Assistant (v1.2.7) : 16th August 2016 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.28-Stable (Ember) 10-December-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (644) | Owner: d17855-cms (uid: 1/gid: 1) | Group: steg2 (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: 6143 | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.8.7-grsec | Technology: i686 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home/d17855/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.29 | PHP API: apache2handler | Session Path Writable: No | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: 0 | Open Base: /home/d17855:/usr/local/lib/php:/var/apachefs/uploads:/tmp:/etc/file/magic | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 12M | Max. Input Time: 3600 | Max. Execution Time: 30 | Memory Limit: 96M

MySQL Configuration :: Version: 5.1.63-log (Client:5.1.56) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 9.54 MiB | #of Tables:  187
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.29) | date (5.3.29) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mssql () | mysql (1.0) | mysqli (0.1) | oci8 (1.4.9) | standard (5.3.29) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | SQLite (2.0-dev) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | apache2handler () | mhash () | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | mod_authn_file | mod_authn_default | mod_authz_host | mod_authz_groupfile | mod_authz_user | mod_authz_default | mod_auth_basic | mod_auth_digest | mod_reqtimeout | mod_include | mod_filter | mod_deflate | mod_log_config | mod_env | mod_expires | mod_headers | mod_unique_id | mod_setenvif | mod_version | mod_ssl | prefork | http_core | mod_mime | mod_status | mod_autoindex | mod_asis | mod_suexec | mod_cgi | mod_negotiation | mod_dir | mod_actions | mod_userdir | mod_alias | mod_rewrite | mod_so | mod_qos | mod_jk | mod_php5 | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: administrator/components/com_akeeba/backup/ (777) | logg/ (777) | temp/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: WF_LINKS_JOOMLALINKS_TITLE (2.3.1) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.1) | [youtube] (2.3.1) | WF_AGGREGATOR_VIMEO_TITLE (2.3.1) | WF_POPUPS_WINDOW_TITLE (2.3.1) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.1) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.1) | WF_LINK_SEARCH_TITLE (2.3.1) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.1) | WF_VISUALCHARS_TITLE (2.3.1) | WF_PRINT_TITLE (2.3.1) | WF_FULLSCREEN_TITLE (2.3.1) | WF_NONBREAKING_TITLE (2.3.1) | WF_PREVIEW_TITLE (2.3.1) | WF_TABLE_TITLE (2.3.1) | WF_XHTMLXTRAS_TITLE (2.3.1) | WF_MEDIA_TITLE (2.3.1) | WF_ARTICLE_TITLE (2.3.1) | [Do not buy our kitchens!] (2.3.1) | WF_IMGMANAGER_TITLE (2.3.1) | WF_LAYER_TITLE (2.3.1) | WF_BROWSER_TITLE (2.3.1) | WF_CLEANUP_TITLE (2.3.1) | WF_DIRECTIONALITY_TITLE (2.3.1) | WF_SEARCHREPLACE_TITLE (2.3.1) | WF_AUTOSAVE_TITLE (2.3.1) | WF_VISUALBLOCKS_TITLE (2.3.1) | WF_CLIPBOARD_TITLE (2.3.1) | WF_ANCHOR_TITLE (2.3.1) | WF_STYLE_TITLE (2.3.1) | WF_SPELLCHECKER_TITLE (2.3.1) | WF_LINK_TITLE (2.3.1) | WF_INLINEPOPUPS_TITLE (2.3.1) | WF_CONTEXTMENU_TITLE (2.3.1) | WF_TEXTCASE_TITLE (2.3.1) | WF_SOURCE_TITLE (2.3.1) | WF_LISTS_TITLE (2.3.1) | com_wrapper (2.5.0) | com_mailto (2.5.0) |
Components :: ADMIN :: com_menus (2.5.0) | com_media (2.5.0) | com_newsfeeds (2.5.0) | com_plugins (2.5.0) | com_banners (2.5.0) | com_admin (2.5.0) | com_categories (2.5.0) | Unknown (-) | JCE File Browser (2.3.1) | plg_quickicon_jcefilebrowser (2.5.0) | Editor - JCE (2.3.1) | Editor - JCE (2.3.1) | JCE (2.3.1) | com_languages (2.5.0) | com_config (2.5.0) | com_checkin (2.5.0) | Admintools (2.1.5) | com_weblinks (2.5.0) | com_search (2.5.0) | com_installer (2.5.0) | com_messages (2.5.0) | com_joomlaupdate (2.5.0) | com_modules (2.5.0) | com_content (2.5.0) | com_form2content (4.6.0) | com_templates (2.5.0) | com_login (2.5.0) | com_finder (2.5.0) | com_redirect (2.5.0) | com_cpanel (2.5.0) | com_xmap (2.2.1) | Akeeba (4.6.1) | com_cache (2.5.0) | sh404sef - Default component s (3.6.0.1422) | sh404sef - System plugin (3.6.0.1422) | plg_system_shlib (0.2.0.270) | sh404sef - System mobile templ (3.6.0.1422) | sh404sef - Similar urls plugin (3.6.0.1422) | PLG_SH404SEFCORE_SH404SEFSOCIA (3.6.0.1422) | sh404sef - Offline code plugin (3.6.0.1422) | sh404sef - Analytics plugin (3.6.0.1422) | sh404SEF (3.6.0.1422) | sh404sef control panel icon (3.6.0.1422) | com_users (2.5.0) | RSForm (1.4.0 R43) |

Modules :: SITE :: mod_related_items (2.5.0) | mod_articles_popular (2.5.0) | mod_weblinks (2.5.0) | mod_menu (2.5.0) | mod_users_latest (2.5.0) | mod_languages (2.5.0) | mod_random_image (2.5.0) | mod_articles_news (2.5.0) | mod_whosonline (2.5.0) | mod_articles_latest (2.5.0) | mod_finder (2.5.0) | mod_stats (2.5.0) | mod_syndicate (2.5.0) | Tk LikeBox (1.0) | mod_login (2.5.0) | mod_banners (2.5.0) | mod_articles_categories (2.5.0) | mod_feed (2.5.0) | mod_articles_category (2.5.0) | mod_search (2.5.0) | mod_articles_archive (2.5.0) | mod_custom (2.5.0) | mod_footer (2.5.0) | mod_news_pro_gk4 (GK4 3.3.3) | GTranslate (1.6.x.32) | mod_wrapper (2.5.0) | mod_breadcrumbs (2.5.0) |
Modules :: ADMIN :: mod_submenu (2.5.0) | mod_logged (2.5.0) | mod_menu (2.5.0) | mod_quickicon (2.5.0) | mod_multilangstatus (2.5.0) | mod_version (2.5.0) | sh404sef control panel icon (3.6.0.1422) | mod_toolbar (2.5.0) | Admin Tools Joomla! Upgrade No (2.1.5) | mod_title (2.5.0) | mod_login (2.5.0) | mod_feed (2.5.0) | mod_custom (2.5.0) | mod_latest (2.5.0) | mod_popular (2.5.0) | mod_status (2.5.0) |

Plugins :: SITE :: sh404sef - Default component s (3.6.0.1422) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | PLG_EDITORS-XTD_ARTICLESANYWHE (3.0.1FREE) | PLG_EDITORS-XTD_MODULESANYWHER (1.13.3) | plg_extension_joomla (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_jcefilebrowser (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | PLG_EOSNOTIFY (2.5.0) | plg_search_contacts (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_content (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_content (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) | Google Maps (2.18) | plg_system_highlight (2.5.0) | System - JCE MediaBox (1.1.4) | System - Aixeena Clean Code (2.0.0) | PLG_SYSTEM_NNFRAMEWORK (12.11.7) | plg_system_log (2.5.0) | sh404sef - System plugin (3.6.0.1422) | plg_system_remember (2.5.0) | System - GTranslate ($Rev: 50 $) | plg_system_sef (2.5.0) | plg_system_shlib (0.2.0.270) | System - Admin Tools (2.1.5) | plg_system_redirect (2.5.0) | plg_system_languagecode (2.5.0) | sh404sef - System mobile templ (3.6.0.1422) | System - AntiCopy (1.8.0) | plg_system_debug (2.5.0) | PLG_SYSTEM_ARTICLESANYWHERE (3.0.1FREE) | plg_system_logout (2.5.0) | plg_system_cache (2.5.0) | plg_sys_smoothtop (J1.7-2.5/1.2.) | plg_system_p3p (2.5.0) | plg_system_languagefilter (2.5.0) | PLG_SYSTEM_MODULESANYWHERE (1.13.3) | Editor - JCE (2.3.1) | plg_editors_tinymce (3.5.11) | plg_editors_codemirror (1.0) | sh404sef - Similar urls plugin (3.6.0.1422) | PLG_SH404SEFCORE_SH404SEFSOCIA (3.6.0.1422) | sh404sef - Offline code plugin (3.6.0.1422) | sh404sef - Analytics plugin (3.6.0.1422) | plg_content_vote (2.5.0) | Content - Form2Content SEF (3.0.0) | plg_content_loadmodule (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_joomla (2.5.0) | plg_content_finder (2.5.0) | plg_content_itpsocialbuttons (2.0) | plg_content_geshi (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Purity (1.2.0) |Main (1.3.0) | atomic (2.5.0) | rhuk_milkyway (1.0.2) | beez5 (2.5.0) | beez_20 (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Last edited by toivo on Fri Aug 19, 2016 6:49 am, edited 1 time in total.
Reason: mod note: moved to 2.5 Security - please post into the correct forum in the future

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18596
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site closed by host, suspects malware or something.

Postby leolam » Fri Aug 19, 2016 6:32 am

Fyrsten wrote:By the way, the server has old software, and does not support any newer version of Joomla.
well sorry but you have given the only good reason why your site has been closed. Your hosting company is very bad news and the system setup is a full disaster and outdated. Repairing anything we see on the FPA makes no sense. The only thing that you can do is move your site to a decent hosting company as the devil since they should not be able to be hosting any site by what you state and what I see

Besides that you run on your Joomla 2.5.28 site fully outdated Joomla 2.5 extension versions as well so it is a complete catastrophic chaos. So steps:

* copy your site to a local server
* update Joomla and all extensions as explained herehttp://forum.joomla.org/viewtopic.p ... 0&t=793171
* once done reinstall (use Akeebabackup with Kickstart) to a new and professional hosting company

Change host!

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team


Return to “Security in Joomla! 2.5”

Who is online

Users browsing this forum: No registered users and 9 guests