My website got hacked second time in a week

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
zczfwz
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Nov 03, 2017 8:49 pm

My website got hacked second time in a week

Postby zczfwz » Fri Nov 03, 2017 9:04 pm

The web hosting emailed me about my site got compromised and sending spam email and having phishing redirect to steal people PayPal information.
This is the second time in a week and they said if it happens another time, I'll loose my web server.
There were some file got injected into my Joomla root folder. Including /match/index.php, /chs/chs/auth/, /member and so on.
After the first hack, I have deleted all the files in Joomla root folder and uploaded a version from one of my old backup. I thought it should be a clean version, but just after a couple of days, they mentioned my site has been hacked again.
I know I haven't been updating the Joomla version and extensions versions. I'm now creating a new website with the old database but with latest Joomla 3 version, and I will keep my extension up to date. Hopefully it can be more secure.
I'm just posting the FPA, hopefully you pros can find out what could be the explosion for the hack.
Thanks in advance.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5008
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: My website got hacked second time in a week

Postby sozzled » Fri Nov 03, 2017 9:13 pm

zczfwz wrote:I know I haven't been updating the Joomla version and extensions versions.
Have you learnt anything from this experience?

zczfwz wrote:I'm now creating a new website with the old database but with latest Joomla 3 version ...
You are aware, of course, that this approach probably will not work? You can't just "take an old database" that was compatible with an older version of Joomla, tack it onto the "latest version of J! 3.x" and expect it to work as if nothing has changed. It just won't work; it's as simple as that.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?


Return to “Security in Joomla! 2.5”

Who is online

Users browsing this forum: No registered users and 5 guests