Admin backend menu buttons shows a password input field

[TapGames]

Hi All,

I have been contacted by a friend to try to fix his Joomla! 2.5.28 issue. There are a couple of weird things to his website. First, the Joomla backend/admin is behaving weird, all the buttons go to an empty page with just a password input field. See attachment.

The website self-looks alright except for the links that show a 404 error.

The Joomla admin is totally unusable you can log in and see the admin backend but none of the buttons work it just shows a blank page with a password input field.

Please help!

Thanks!

[Per Yngve Berg]

viewtopic.php?f=621&t=582860 Please.

You may have been hacked.

[TapGames]

Hi Per,

Thanks for the link, I can safely post this information generated by this script for you to look at?

Cheers, Roy

[toivo]

Yes, it is safe if you follow the instructions.

[TapGames]

[22-Nov-2017 08:35:04 UTC] PHP Warning: session_start(): Failed to decode session object. Session has been destroyed in D:\Sites\blueunit.nl\httpdocs\libraries\joomla\session\session.php on line 537

Joomla! Instance :: Joomla! 2.5.28-Stable (Ember) 10-December-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (666) | Owner: --protected-- . (uid: /gid: ) | Group: --protected-- (gid: ) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: N/A | FTP Layer: 0 | Proxy: N/A | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: N/A | SSL: 0 | FrontEdit: N/A | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | dbConnection Type: mysql | Database Credentials Present: Yes

Host Configuration :: OS: Windows NT | OS Version: 6.2 | Technology: i586 | Web Server: Microsoft-IIS/8.0 | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: No

PHP Configuration :: Version: 5.4.45 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: | Error Reporting: 22519 | Log Errors To: D:\Sites\blueunit.nl\logs\php_errors\blueunit.nl\php_error.log | Last Known Error: 22nd November 2017 08:35:04. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: D:/Sites/blueunit.nl\;C:\Windows\Temp\ | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 60 | Memory Limit: 128M

MySQL Configuration :: Version: 5.6.36 (Client:mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 28.21 MiB | #of Tables: 70

PHP Extensions :: Core (5.4.45) | bcmath () | calendar () | ctype () | date (5.4.45) | ereg () | filter (0.11.0) | ftp () | hash (1.0) | iconv () | json (1.2.1) | mcrypt () | SPL (0.2) | odbc (1.0) | pcre () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | session () | standard (5.4.45) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | tokenizer (0.1) | zip (1.11.0) | zlib (2.0) | libxml () | dom (20031129) | PDO (1.0.4dev) | openssl () | SimpleXML (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | cgi-fcgi () | curl () | gd () | gettext () | imap () | mbstring () | mysql (1.0) | mysqli (0.1) | Phar (2.0.1) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | sockets () | sqlite3 (0.7) | xsl (0.1) | sqlsrv (3.0.3421.0) | pdo_sqlsrv (3.0.3421.0) | mhash () | ionCube Loader () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) | administrator/logs/ (---) |

Elevated Permissions (First 10) :: administrator/ (777) | administrator/cache/ (777) | administrator/components/ (777) | administrator/components/com_admin/ (777) | administrator/components/com_admin/controllers/ (777) | administrator/components/com_admin/helpers/ (777) | administrator/components/com_admin/helpers/html/ (777) | administrator/components/com_admin/models/ (777) | administrator/components/com_admin/models/forms/ (777) | administrator/components/com_admin/sql/ (777) |

Database statistics :: Uptime: 2530630 | Threads: 1 | Questions: 6136660 | Slow queries: 0 | Opens: 81451 | Flush tables: 1 | Open tables: 2000 | Queries per second avg: 2.424 |

Components :: SITE :: com_mailto (2.5.0) 1 | com_wrapper (2.5.0) 1 |
Components :: ADMIN :: com_admin (2.5.0) 1 | Akeeba (3.6.5) 1 | com_banners (2.5.0) 0 | BJ Image Slider (1.6.1) 1 | com_cache (2.5.0) 1 | com_categories (2.5.0) 1 | com_checkin (2.5.0) 1 | com_config (2.5.0) 1 | com_content (2.5.0) 1 | com_cpanel (2.5.0) 1 | FAQ Book (1.5.4) 1 | com_finder (2.5.0) 1 | com_installer (2.5.0) 1 | JCrawler (1.14) 1 | com_joomlaupdate (2.5.0) 1 | com_languages (2.5.0) 1 | com_login (2.5.0) 1 | com_media (2.5.0) 1 | com_menus (2.5.0) 1 | com_messages (2.5.0) 1 | com_modules (2.5.0) 1 | com_newsfeeds (2.5.0) 1 | com_plugins (2.5.0) 1 | com_redirect (2.5.0) 1 | com_search (2.5.0) 1 | com_templates (2.5.0) 1 | com_users (2.5.0) 1 | com_weblinks (2.5.0) 0 | com_xmap (2.3.2) 1 | com_xmlrpc (1.7.1) 1 |

Modules :: SITE :: mod_articles_archive (2.5.0) 1 | mod_articles_categories (2.5.0) 1 | mod_articles_category (2.5.0) 1 | mod_articles_latest (2.5.0) 1 | mod_articles_news (2.5.0) 1 | mod_articles_popular (2.5.0) 1 | mod_banners (2.5.0) 1 | BJ Content Slider (1.6.1) 1 | BJ Dropdown Menu (1.6.2) 1 | BJ ImageSlider 2 Free (1.6.1) 1 | mod_breadcrumbs (2.5.0) 1 | mod_custom (2.5.0) 1 | DIY custom module (1.0.3) 1 | mod_feed (2.5.0) 1 | mod_finder (2.5.0) 1 | mod_footer (2.5.0) 1 | mod_languages (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_random_image (2.5.0) 1 | mod_related_items (2.5.0) 1 | RokFeatureTable (1.3) 1 | mod_search (2.5.0) 1 | mod_stats (2.5.0) 1 | mod_syndicate (2.5.0) 1 | mod_tweetdisplayback (3.0.3) 1 | mod_users_latest (2.5.0) 1 | mod_weblinks (2.5.0) 1 | mod_whosonline (2.5.0) 1 | mod_wrapper (2.5.0) 1 |
Modules :: ADMIN :: MOD_AKADMIN_TITLE (3.6.5) 1 | mod_custom (2.5.0) 1 | mod_feed (2.5.0) 1 | mod_latest (2.5.0) 1 | mod_logged (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_multilangstatus (2.5.0) 1 | mod_popular (2.5.0) 1 | mod_quickicon (2.5.0) 1 | mod_status (2.5.0) 1 | mod_submenu (2.5.0) 1 | mod_title (2.5.0) 1 | mod_toolbar (2.5.0) 1 | mod_version (2.5.0) 1 |

Plugins :: SITE :: plg_authentication_gmail (2.5.0) 0 | plg_authentication_joomla (2.5.0) 1 | plg_authentication_ldap (2.5.0) 0 | plg_captcha_recaptcha (2.5.0) 1 | Content - BJ Social (1.6.3) 0 | plg_content_emailcloak (2.5.0) 1 | plg_content_finder (2.5.0) 0 | plg_content_geshi (2.5.0) 0 | plg_content_joomla (2.5.0) 1 | plg_content_loadmodule (2.5.0) 1 | plg_content_pagebreak (2.5.0) 1 | plg_content_pagenavigation (2.5.0) 1 | plg_content_vote (2.5.0) 1 | plg_editors_codemirror (1.0) 1 | plg_editors_tinymce (3.5.11) 1 | plg_editors-xtd_article (2.5.0) 1 | plg_editors-xtd_image (2.5.0) 1 | plg_editors-xtd_pagebreak (2.5.0) 1 | plg_editors-xtd_readmore (2.5.0) 1 | plg_extension_joomla (2.5.0) 1 | plg_finder_categories (2.5.0) 1 | plg_finder_contacts (2.5.0) 1 | plg_finder_content (2.5.0) 1 | plg_finder_newsfeeds (2.5.0) 1 | plg_finder_weblinks (2.5.0) 1 | PLG_JMONITORING_AKEEBABACKUP_T (1.0) 1 | PLG_EOSNOTIFY (2.5.0) 1 | plg_quickicon_extensionupdate (2.5.0) 1 | plg_quickicon_joomlaupdate (2.5.0) 1 | plg_search_categories (2.5.0) 1 | plg_search_contacts (2.5.0) 1 | plg_search_content (2.5.0) 1 | plg_search_newsfeeds (2.5.0) 1 | plg_search_weblinks (2.5.0) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) 1 | PLG_SYSTEM_AKLAZY_TITLE (3.3) 0 | plg_system_cache (2.5.0) 0 | plg_system_debug (2.5.0) 1 | system - EUCookieDirectiveLite (1.1.1) 1 | plg_system_highlight (2.5.0) 1 | plg_system_languagecode (2.5.0) 0 | plg_system_languagefilter (2.5.0) 0 | plg_system_log (2.5.0) 1 | plg_system_logout (2.5.0) 1 | System - One Click Action (2.0) 0 | plg_system_p3p (2.5.0) 1 | plg_system_redirect (2.5.0) 1 | plg_system_remember (2.5.0) 1 | plg_system_rsd (1.7.1) 1 | plg_system_sef (2.5.0) 1 | PLG_SRP_TITLE (3.6.5) 1 | plg_user_contactcreator (2.5.0) 0 | plg_user_joomla (2.5.0) 1 | plg_user_profile (2.5.0) 0 | Xmap - Content Plugin (2.0.4) 1 | Xmap - Kunena Plugin (2.0.3) 0 | Xmap - Mosets Tree Plugin (2.0.2) 0 | Xmap - SobiPro Plugin (2.0.2) 0 | Xmap - Virtuemart Plugin (2.0.1) 0 | Xmap - WebLinks Plugin (2.0.1) 0 | plg_xmlrpc_joomla (1.7.1) 1 |

Templates :: SITE :: atomic (2.5.0) 1 | beez5 (2.5.0) 1 | beez_20 (2.5.0) 1 | Venus_2 (1.6.1) 1 |
Templates :: ADMIN :: bluestork (2.5.0) 1 | hathor (2.5.0) 1 |

[leolam]

Helaas ben je de klos. Je bent gehacked. Regretfully you have been hacked https://sitecheck.sucuri.net/results/blueunit.nl

Now how to solve this? The ONLY way: viewtopic.php?f=621&t=582854 or you hire a professional to help you

Leo

edit based on remarks Per below

[Per Yngve Berg]

@leolam you forgot to check again. This is a Windows NT Server.

[leolam]

@leolam you forgot to check again.

Leave the "again" statement Per. You are aware what a stigma is?

Leo