Page 1 of 1

site hacked japanese in search result

Posted: Mon Feb 26, 2018 3:02 am
by angelob
Hello!

Thanks for the previous information, I had the same issue as the website was running still Joomla 2.5.24 (!).

In my case the infected files were:
  • mb_s.png
    logo_s.png
    log_s.png
These files were in system/media/images and were actually not .png but contained PHP code.

What I did to solve was:
1. Updating Joomla and PHP version

2. Because index.php changes from one version of Joomla to the other, the hack - which was constantly reverting index.php back to one with injected php code, cause the site to malfunction - with a 500 server error. If I replaced index.php with the default one for the fresh version of Joomla, it worked - but few minutes later the original faulty index.php - containing a part about logo_s.png, came back.

3. Deleting those .png files was not enough - they came back. What worked was setting read only permissions to system/media/images after having deleted them, and read only permissions for .htaccess and index.php.

I hope this works for you too!

Cheers,
Angelo

Re: site hacked japanese in search result

Posted: Mon Feb 26, 2018 8:01 am
by JAVesey
Congratulations! You win today's "Lazarus Award" for resurrecting old threads :laugh:
angelob wrote:3. Deleting those .png files was not enough - they came back. What worked was setting read only permissions to system/media/images after having deleted them, and read only permissions for .htaccess and index.php.
All you have done is paper over the cracks. The hack is still on your system and your site is still infected. There will be more to the hack than just those files...

Don't believe me? Submit your site for a free scan/audit at myjoomla.com and see what it reveals to you.

There is only one way to reliably clean your site:
viewtopic.php?f=714&t=946026