Thanks in advance
Problem Description :: Forum Post Assistant (v1.2.7) : 28th August 2016 wrote:Hacked - suspect.globals.eval ; suspect.crypted.globals & php.base64.v23au.185
Log/Error Message :: Forum Post Assistant (v1.2.7) : 28th August 2016 wrote:email spam
Log/Error Message :: Forum Post Assistant (v1.2.7) : 28th August 2016 wrote:27 Aug 2016
Actions Taken To Resolve by Forum Post Assistant (v1.2.7) 28th August 2016 wrote:Used ISPScan to locate and delete. They keep coming back and I want to find the source.
Forum Post Assistant (v1.2.7) : 28th August 2016 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.28-Stable (Ember) 10-December-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: www-data (uid: 1/gid: 1) | Group: webuser (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: N/A | Unicode Slugs: N/A | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 3.13.0-34-generic | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /var/www/html/vortex.com.au | System TMP Writable: Yes
PHP Configuration :: Version: 5.5.9-1ubuntu4.19 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: syslog | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 20M | Max. POST Size: 20M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 256M
MySQL Configuration :: Version: 5.5.50-0ubuntu0.14.04.1 (Client:5.5.50) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 2.95 MiB | #of Tables: 82Detailed Environment :: wrote:PHP Extensions :: Core (5.5.9-1ubuntu4.19) | date (5.5.9-1ubuntu4.19) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | SPL (0.2) | iconv () | mbstring () | session () | posix () | Reflection ($Id: 31d836a7ac92a37b5c580836d91ad4736fe2f376 $) | standard (5.5.9-1ubuntu4.19) | shmop () | SimpleXML (0.1) | soap () | sockets () | Phar (2.0.2) | exif (1.4 $Id$) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.11.0) | apache2handler () | PDO (1.0.4dev) | apcu (4.0.2) | curl () | gd () | imap () | intl (1.1.0) | json (1.3.2) | mcrypt () | mysql (1.0) | mysqli (0.1) | pdo_mysql (1.0.2) | readline (5.5.9-1ubuntu4.19) | ssh2 (0.12) | xmlrpc (0.51) | mhash () | apc (4.0.2) | Zend OPcache (7.0.3FE) | Zend Engine (2.5.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Apache Modules :: core | mod_so | mod_watchdog | http_core | mod_log_config | mod_logio | mod_version | mod_unixd | mod_access_compat | mod_alias | mod_auth_basic | mod_auth_mysql | mod_authn_core | mod_authn_dbd | mod_authn_file | mod_authz_core | mod_authz_host | mod_authz_user | mod_autoindex | mod_cgi | mod_dbd | mod_deflate | mod_dir | mod_env | mod_filter | mod_mime | prefork | mod_negotiation | mod_php5 | mod_rewrite | mod_setenvif | mod_socache_shmcb | mod_ssl | mod_status | Apache |
Potential Missing Modules :: mod_expires | mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_mailto (2.5.0) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.5.8) | WF_LINK_SEARCH_TITLE (2.5.8) | WF_POPUPS_JCEMEDIABOX_TITLE (2.5.8) | WF_POPUPS_WINDOW_TITLE (2.5.8) | WF_LINKS_JOOMLALINKS_TITLE (2.5.8) | WF_AGGREGATOR_VIMEO_TITLE (2.5.8) | WF_AGGREGATOR_[youtube]_TITLE (2.5.8) | WF_AGGREGATOR_VINE_TITLE (2.5.8) | WF_AGGREGATOR_DAILYMOTION_TITL (2.5.8) | WF_FILESYSTEM_JOOMLA_TITLE (2.5.8) | WF_PREVIEW_TITLE (2.5.8) | WF_XHTMLXTRAS_TITLE (2.5.8) | WF_IMGMANAGER_TITLE (2.5.8) | WF_DIRECTIONALITY_TITLE (2.5.8) | WF_ARTICLE_TITLE (2.5.8) | WF_FULLSCREEN_TITLE (2.5.8) | WF_STYLESELECT_TITLE (2.5.8) | WF_CHARMAP_TITLE (2.5.8) | WF_VISUALBLOCKS_TITLE (2.5.8) | WF_STYLE_TITLE (2.5.8) | WF_FONTSIZESELECT_TITLE (2.5.8) | WF_MEDIA_TITLE (2.5.8) | WF_NONBREAKING_TITLE (2.5.8) | WF_CONTEXTMENU_TITLE (2.5.8) | WF_CLIPBOARD_TITLE (2.5.8) | WF_CLEANUP_TITLE (2.5.8) | WF_FONTCOLOR_TITLE (2.5.8) | WF_VISUALCHARS_TITLE (2.5.8) | WF_KITCHENSINK_TITLE (2.5.8) | WF_PRINT_TITLE (2.5.8) | WF_BROWSER_TITLE (2.5.8) | WF_LISTS_TITLE (2.5.8) | WF_SOURCE_TITLE (2.5.8) | WF_FONTSELECT_TITLE (2.5.8) | WF_LAYER_TITLE (2.5.8) | WF_FORMATSELECT_TITLE (2.5.8) | WF_AUTOSAVE_TITLE (2.5.8) | WF_TEXTCASE_TITLE (2.5.8) | WF_SPELLCHECKER_TITLE (2.5.8) | WF_LINK_TITLE (2.5.8) | WF_ANCHOR_TITLE (2.5.8) | WF_SEARCHREPLACE_TITLE (2.5.8) | WF_TABLE_TITLE (2.5.8) | WF_INLINEPOPUPS_TITLE (2.5.8) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_messages (2.5.0) | com_newsfeeds (2.5.0) | com_menus (2.5.0) | com_languages (2.5.0) | com_admin (2.5.0) | com_content (2.5.0) | com_checkin (2.5.0) | com_login (2.5.0) | com_joomlaupdate (2.5.0) | com_templates (2.5.0) | com_plugins (2.5.0) | com_categories (2.5.0) | com_redirect (2.5.0) | com_media (2.5.0) | com_banners (2.5.0) | com_cache (2.5.0) | com_cpanel (2.5.0) | com_finder (2.5.0) | com_modules (2.5.0) | com_installer (2.5.0) | JCE (2.5.8) | Unknown (-) | com_config (2.5.0) | com_users (2.5.0) | COM_FOXCONTACT (2.5.26) | com_search (2.5.0) |
Modules :: SITE :: DJ-Image Slider (1.3 RC4) | mod_custom (2.5.0) | mod_banners (2.5.0) | MOD_FOXCONTACT (2.5.26) | mod_syndicate (2.5.0) | mod_articles_category (2.5.0) | mod_languages (2.5.0) | mod_search (2.5.0) | mod_breadcrumbs (2.5.0) | mod_users_latest (2.5.0) | mod_menu (2.5.0) | mod_stats (2.5.0) | mod_articles_news (2.5.0) | mod_feed (2.5.0) | J - Google AdSense (3.3) | mod_articles_latest (2.5.0) | mod_articles_popular (2.5.0) | mod_finder (2.5.0) | mod_articles_categories (2.5.0) | mod_related_items (2.5.0) | mod_whosonline (2.5.0) | mod_random_image (2.5.0) | mod_articles_archive (2.5.0) | mod_wrapper (2.5.0) | mod_login (2.5.0) | mod_footer (2.5.0) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_latest (2.5.0) | mod_toolbar (2.5.0) | mod_popular (2.5.0) | mod_menu (2.5.0) | mod_logged (2.5.0) | mod_online (1.6.0) | mod_feed (2.5.0) | mod_status (2.5.0) | mod_version (2.5.0) | mod_unread (1.6.0) | mod_multilangstatus (2.5.0) | mod_title (2.5.0) | mod_submenu (2.5.0) | mod_quickicon (2.5.0) | mod_login (2.5.0) |
Plugins :: SITE :: plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors_jce (2.5.8) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.11) | plg_search_newsfeeds (2.5.0) | plg_search_contacts (2.5.0) | plg_search_categories (2.5.0) | plg_search_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_content (2.5.0) | plg_system_redirect (2.5.0) | plg_system_jce (2.5.8) | plg_system_languagefilter (2.5.0) | plg_system_logout (2.5.0) | plg_system_cache (2.5.0) | PLG_SYS_ADMINEXILE (1.4) | plg_system_highlight (2.5.0) | plg_system_log (2.5.0) | plg_system_languagecode (2.5.0) | System - Admin Forever (0.9.2) | plg_system_sef (2.5.0) | plg_system_remember (2.5.0) | plg_system_debug (2.5.0) | plg_system_p3p (2.5.0) | PLG_EOSNOTIFY (2.5.0) | plg_quickicon_jcefilebrowser (2.5.8) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_extension_joomla (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_content_vote (2.5.0) | plg_content_geshi (2.5.0) | plg_content_foxcontact (2.5.26) | plg_content_pagenavigation (2.5.0) | plg_content_joomla (2.5.0) | plg_content_finder (2.5.0) | Content - SocialShareButtons (1.3.0) | plg_content_pagebreak (2.5.0) | plg_content_loadmodule (2.5.0) | Content - J - Google AdSense (3.3) | PLG_CONTENT_EXTRAVOTE (1.6.0) | plg_content_emailcloak (2.5.0) |Templates Discovered :: wrote:Templates :: SITE :: Vortex_5 (1.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |