Hacked site with PHP code injection
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 13
- Joined: Fri Sep 28, 2018 5:03 pm
Hacked site with PHP code injection
Hello everyone,
I'm coming to see you today because I have a site that has been hacked with PHP code injection into the pages.
I noticed that many PHP pages were affected but not all. The injected code is always at the top of the PHP file with the <?php and ?> Tags and the code inside.
What I want to do is delete all this code in all pages at one time. I have not looked at all the pages but the code seems to be similar each time.
For that I downloaded the whole file "www" on my computer. I do a Windows search for all PHP files by typing *.php, and so I end up with all the files with PHP extension that are in the folder "www".
Now I would have to make sure to remove everything between the PHP tags of these files, but without touching the rest of PHP code of course.
I do not know if I'm posting in the good forum, if it's not the case I'll change.
Thank you in advance for your help.
I'm coming to see you today because I have a site that has been hacked with PHP code injection into the pages.
I noticed that many PHP pages were affected but not all. The injected code is always at the top of the PHP file with the <?php and ?> Tags and the code inside.
What I want to do is delete all this code in all pages at one time. I have not looked at all the pages but the code seems to be similar each time.
For that I downloaded the whole file "www" on my computer. I do a Windows search for all PHP files by typing *.php, and so I end up with all the files with PHP extension that are in the folder "www".
Now I would have to make sure to remove everything between the PHP tags of these files, but without touching the rest of PHP code of course.
I do not know if I'm posting in the good forum, if it's not the case I'll change.
Thank you in advance for your help.
- CyrusXxX
- Joomla! Enthusiast
- Posts: 235
- Joined: Wed Oct 04, 2017 6:23 am
- Location: Belgrade Serbia
- Contact:
Re: Hacked site with PHP code injection
Sorry to hear that tchao57, concerning your question of deleting all selected code at once I think there are some editors out there which have that ability. Something like Find and Replace function
But I strongly recommend you to delete those lines manually as you will avoid possible errors and deletion of wrong code.
But here is the other solution if you have clean versions of those files and if you haven't modified anything you could do simple overwrite and will not worry about possible errors related to deletion of wrong code.
Naturally after you secure those holes related to php injection issue.
But I strongly recommend you to delete those lines manually as you will avoid possible errors and deletion of wrong code.
But here is the other solution if you have clean versions of those files and if you haven't modified anything you could do simple overwrite and will not worry about possible errors related to deletion of wrong code.
Naturally after you secure those holes related to php injection issue.
Joomla Serbian Latin Coordinator
https://volunteers.joomla.org/joomlers/ ... oran-nesic
Power is knowledge and knowledge is power.
https://regenesiscomputers.com
https://volunteers.joomla.org/joomlers/ ... oran-nesic
Power is knowledge and knowledge is power.
https://regenesiscomputers.com
- Webdongle
- Joomla! Master
- Posts: 44029
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hacked site with PHP code injection
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Apprentice
- Posts: 13
- Joined: Fri Sep 28, 2018 5:03 pm
Re: Hacked site with PHP code injection
Hi Guys,
thanks for your quick replies.
before deleting everything and reinstalling Joomla again I will want to test the removal of malicious PHP code.
I think it's feasible with notepad++ and the search and replace function in a folder. But I do not really know what to put in the settings.
thanks for your quick replies.
before deleting everything and reinstalling Joomla again I will want to test the removal of malicious PHP code.
I think it's feasible with notepad++ and the search and replace function in a folder. But I do not really know what to put in the settings.
- ribo
- Joomla! Virtuoso
- Posts: 3507
- Joined: Sun Jan 03, 2010 8:47 pm
- Contact:
Re: Hacked site with PHP code injection
You will not clean your joomla website permanently with this way. You will see that you will be hacked again.
With this way viewtopic.php?f=714&t=946026 and viewtopic.php?f=710&t=956702 you will be clean your joomla for sure.
chat room spontes : http://www.spontes.com
-
- Joomla! Apprentice
- Posts: 13
- Joined: Fri Sep 28, 2018 5:03 pm
Re: Hacked site with PHP code injection
Yes ribo I agree with you. The site will be hacked again.
But the problem with the method you propose (of what I undertand) is that I must first delete everything and reinstall Joomla completely. Basically, it's almost like recreating the site of zero.
My idea was initially to remove the malicious code pages to find a functional site, then make the necessary updates to block future intrusions.
But the problem with the method you propose (of what I undertand) is that I must first delete everything and reinstall Joomla completely. Basically, it's almost like recreating the site of zero.
My idea was initially to remove the malicious code pages to find a functional site, then make the necessary updates to block future intrusions.
- ribo
- Joomla! Virtuoso
- Posts: 3507
- Joined: Sun Jan 03, 2010 8:47 pm
- Contact:
Re: Hacked site with PHP code injection
No it s not like you create a joomla website from zero as you have your database. Let me tell you in summary
what do you do and you can finish this in a hour. When you are sure that everything is ok in your host server(from fpa results), see if you have vulnerable extensions or template and change passwords(ftp, mail, etc.) then you list in a text file all your third party extensions and template. You back up files and database and then delete everything. Then you install joomla and your listed third party extensions. After you drop the new database and you put your old database. And at the end you overwrite all your images that you had and if you have changes in css etc. and voila, your website is back. After that it is recommended to update your joomla 2.5 to the latest joomla 3 version and your extensions too. So as you understand this is not creating a joomla website from zero.
Last edited by ribo on Thu Oct 11, 2018 2:17 pm, edited 3 times in total.
chat room spontes : http://www.spontes.com
- ribo
- Joomla! Virtuoso
- Posts: 3507
- Joined: Sun Jan 03, 2010 8:47 pm
- Contact:
Re: Hacked site with PHP code injection
Ony with remove the malicious code and even if you update your joomla to 3.8.13 you will be hacked again and then you will ask how you are hacked with the latest version of joomla
chat room spontes : http://www.spontes.com
-
- Joomla! Apprentice
- Posts: 13
- Joined: Fri Sep 28, 2018 5:03 pm
Re: Hacked site with PHP code injection
Ok ribo now I understand well. Thanx.
Then first thing that I need to do is install FPA from viewtopic.php?t=582860.
After do I need to post the result here?
Then first thing that I need to do is install FPA from viewtopic.php?t=582860.
After do I need to post the result here?
- Webdongle
- Joomla! Master
- Posts: 44029
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hacked site with PHP code injection
Yes post the results here.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Apprentice
- Posts: 13
- Joined: Fri Sep 28, 2018 5:03 pm
Re: Hacked site with PHP code injection
There it is:
Forum Post Assistant (v1.4.5 (Ganymede)) : 11th October 2018 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.17-Stable (Ember) 18-December-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (666) | Owner: --protected-- . (uid: /gid: ) | Group: --protected-- (gid: ) | Valid For: 2.5
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: No | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: N/A | FTP Layer: false | Proxy: N/A | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: N/A | SSL: 0 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 2.5.17: Yes | Database Credentials Present: Yes |
Host Configuration :: OS: Windows NT | OS Version: 10.0 | Technology: i586 | Web Server: Apache/2.4.33 (Win32) PHP/5.6.35 | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 11.09 GiB |
PHP Configuration :: Version: 5.6.35 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: c:/wamp/logs/php_error.log | Last Known Error: 25th September 2018 14:16:05. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 20M | Max. POST Size: 20M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M
Database Configuration :: Version: 5.7.21 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | Host: --protected-- (--protected--) | Localhost: Yes | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 7.80 MiB | #of Tables: 118Detailed Environment :: wrote:PHP Extensions :: Core (5.6.35) | bcmath () | calendar () | ctype () | date (5.6.35) | ereg () | filter (0.11.0) | ftp () | hash (1.0) | iconv () | json (1.2.1) | mcrypt () | SPL (0.2) | odbc (1.0) | pcre () | Reflection ($Id: 5f15287237d5f78d75b19c26915aa7bd83dee8b8 $) | session () | standard (5.6.35) | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | tokenizer (0.1) | zip (1.12.5) | zlib (2.0) | libxml () | dom (20031129) | PDO (1.0.4dev) | bz2 () | SimpleXML (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | apache2handler () | openssl () | curl () | com_dotnet (0.1) | fileinfo (1.0.5) | gd () | gettext () | gmp () | intl (1.1.0) | imap () | ldap () | mbstring () | exif (1.4 $Id: 1c8772f76be691b7b3f77ca31eb788a2abbcefe5 $) | mysql (1.0) | mysqli (0.1) | Phar (2.0.2) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | soap () | sockets () | sqlite3 (0.7-dev) | xmlrpc (0.51) | xsl (0.1) | mhash () | Zend OPcache (7.0.6-devFE) | xdebug (2.5.5) | Zend Engine (2.6.0) |
Potential Missing Extensions ::
Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Apache Modules :: core | mod_win32 | mpm_winnt | http_core | mod_so | mod_access_compat | mod_actions | mod_alias | mod_allowmethods | mod_asis | mod_auth_basic | mod_auth_digest | mod_authn_core | mod_authn_file | mod_authz_core | mod_authz_groupfile | mod_authz_host | mod_authz_user | mod_autoindex | mod_cache | mod_cache_disk | mod_cgi | mod_dir | mod_env | mod_file_cache | mod_include | mod_isapi | mod_log_config | mod_mime | mod_negotiation | mod_rewrite | mod_setenvif | mod_userdir | mod_vhost_alias | mod_php5 | Apache/2.4.33 (Win32) PHP/5.6.35 |
Potential Missing Modules :: mod_expires | mod_deflate | mod_security | mod_evasive | mod_dosevasive | mod_ssl | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) | administrator/logs/ (---) |
Elevated Permissions (First 10) :: administrator/ (777) | administrator/cache/ (777) | administrator/components/ (777) | administrator/components/com_admin/ (777) | administrator/components/com_admin/controllers/ (777) | administrator/components/com_admin/helpers/ (777) | administrator/components/com_admin/helpers/html/ (777) | administrator/components/com_admin/models/ (777) | administrator/components/com_admin/models/forms/ (777) | administrator/components/com_admin/sql/ (777) |Database Information :: wrote:Database statistics :: Uptime: 21802 | Threads: 1 | Questions: 3541 | Slow queries: 0 | Opens: 652 | Flush tables: 1 | Open tables: 642 | Queries per second avg: 0.162 |Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (2.5.0) 1 | com_wrapper (2.5.0) 1 |
3rd Party:: CB Profile Notifier (1.2) 1 | iC rounded - iCagenda Theme (3.5.6) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.5.8) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.5.8) 1 | WF_AGGREGATOR_VINE_TITLE (2.5.8) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.5.8) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.5.8) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.5.8) 1 | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.5.8) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.5.8) 1 | WF_POPUPS_WINDOW_TITLE (2.5.8) 1 | WF_LINK_SEARCH_TITLE (2.5.8) 1 | WF_ANCHOR_TITLE (2.5.8) 1 | WF_ARTICLE_TITLE (2.5.8) 1 | WF_AUTOSAVE_TITLE (2.5.8) 1 | WF_BROWSER_TITLE (2.5.8) 1 | WF_CHARMAP_TITLE (2.5.8) 1 | WF_CLEANUP_TITLE (2.5.8) 1 | WF_CLIPBOARD_TITLE (2.5.8) 1 | WF_CONTEXTMENU_TITLE (2.5.8) 1 | WF_DIRECTIONALITY_TITLE (2.5.8) 1 | WF_FONTCOLOR_TITLE (2.5.8) 1 | WF_FONTSELECT_TITLE (2.5.8) 1 | WF_FONTSIZESELECT_TITLE (2.5.8) 1 | WF_FORMATSELECT_TITLE (2.5.8) 1 | WF_FULLSCREEN_TITLE (2.5.8) 1 | WF_IMGMANAGER_TITLE (2.5.8) 1 | WF_INLINEPOPUPS_TITLE (2.5.8) 1 | WF_KITCHENSINK_TITLE (2.5.8) 1 | WF_LAYER_TITLE (2.5.8) 1 | WF_LINK_TITLE (2.5.8) 1 | WF_LISTS_TITLE (2.5.8) 1 | WF_MEDIA_TITLE (2.5.8) 1 | WF_NONBREAKING_TITLE (2.5.8) 1 | WF_PREVIEW_TITLE (2.5.8) 1 | WF_PRINT_TITLE (2.5.8) 1 | WF_SEARCHREPLACE_TITLE (2.5.8) 1 | WF_SOURCE_TITLE (2.5.8) 1 | WF_SPELLCHECKER_TITLE (2.5.8) 1 | WF_STYLE_TITLE (2.5.8) 1 | WF_STYLESELECT_TITLE (2.5.8) 1 | WF_TABLE_TITLE (2.5.8) 1 | WF_TEXTCASE_TITLE (2.5.8) 1 | WF_VISUALBLOCKS_TITLE (2.5.8) 1 | WF_VISUALCHARS_TITLE (2.5.8) 1 | WF_XHTMLXTRAS_TITLE (2.5.8) 1 |
Components :: ADMIN ::
Core :: com_admin (2.5.0) 1 | com_banners (2.5.0) 1 | com_cache (2.5.0) 1 | com_categories (2.5.0) 1 | com_checkin (2.5.0) 1 | com_config (2.5.0) 1 | com_content (2.5.0) 1 | com_cpanel (2.5.0) 1 | com_finder (2.5.0) 1 | com_installer (2.5.0) 1 | com_joomlaupdate (2.5.0) 1 | com_languages (2.5.0) 1 | com_login (2.5.0) 1 | com_media (2.5.0) 1 | com_menus (2.5.0) 1 | com_messages (2.5.0) 1 | com_modules (2.5.0) 1 | com_newsfeeds (2.5.0) 1 | com_plugins (2.5.0) 1 | com_redirect (2.5.0) 1 | com_search (2.5.0) 1 | com_templates (2.5.0) 1 | com_users (2.5.0) 1 | com_weblinks (2.5.0) 1 |
3rd Party:: Akeeba (3.4.6) 1 | comprofiler (2.0.10) 1 | iCagenda (3.5.6) 1 | JCE (2.5.8) 1 | JW_DISQUS (3.2) 1 | COM_MAXIMENUCK (4.0.6) 1 | com_phocadownload (2.1.9) 1 | Remository (3.55J2) 1 | COM_REREPLACER (5.13.5FREE) 1 | uddeIM (3.7) 1 |
Modules :: SITE ::
Core :: mod_articles_archive (2.5.0) 1 | mod_articles_categories (2.5.0) 1 | mod_articles_category (2.5.0) 1 | mod_articles_latest (2.5.0) 1 | mod_articles_news (2.5.0) 1 | mod_articles_popular (2.5.0) 1 | mod_banners (2.5.0) 1 | mod_breadcrumbs (2.5.0) 1 | mod_custom (2.5.0) 1 | mod_feed (2.5.0) 1 | mod_finder (2.5.0) 1 | mod_footer (2.5.0) 1 | mod_languages (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_random_image (2.5.0) 1 | mod_related_items (2.5.0) 1 | mod_search (2.5.0) 1 | mod_stats (2.5.0) 1 | mod_syndicate (2.5.0) 1 | mod_users_latest (2.5.0) 1 | mod_weblinks (2.5.0) 1 | mod_whosonline (2.5.0) 1 | mod_wrapper (2.5.0) 1 |
3rd Party:: Community Builder Login module (2.0.10) 1 | Community Builder Workflows mo (2.0.10) 1 | Community Builder Online modul (2.0.10) 1 | MOD_DATETIME (2.0.1) 1 | FreiChat-I (1.0.0) 1 | iCagenda - Calendar (3.5.6) 1 | JTS CounterStats (1.5) 1 | Maximenu CK (8.0.6) 1 | mod_news_pro_gk4 (GK4 3.3.8) 1 | Remository_Categories (3.55) 1 | Remository_multi_module (3.55J2) 1 | Remository_Newest (3.55J2) 1 | Remository_Most_Downloaded (3.55J2) 1 | Remository_Tree (3.55J2) 1 | sigplus (1.4.2.14) 1 | Slideshow CK (1.4.5) 1 | SP Smart Slider (2.3) 1 | Susnet Facebook Like Box (1.0.8) 1 | uddeIM Notifier (3.7) 1 | Visitors Counter (2.0.2) 1 |
Modules :: ADMIN ::
Core :: mod_custom (2.5.0) 1 | mod_feed (2.5.0) 1 | mod_latest (2.5.0) 1 | mod_logged (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_multilangstatus (2.5.0) 1 | mod_popular (2.5.0) 1 | mod_quickicon (2.5.0) 1 | mod_status (2.5.0) 1 | mod_submenu (2.5.0) 1 | mod_title (2.5.0) 1 | mod_toolbar (2.5.0) 1 | mod_version (2.5.0) 1 |
3rd Party:: Akeeba Backup Notification Mod (3.4.3) 1 | Community Builder Admin module (2.0.10) 1 |
Plugins :: SITE ::
Core :: plg_authentication_gmail (2.5.0) 0 | plg_authentication_joomla (2.5.0) 1 | plg_authentication_ldap (2.5.0) 0 | plg_captcha_recaptcha (2.5.0) 1 | plg_content_emailcloak (2.5.0) 1 | plg_content_finder (2.5.0) 0 | plg_content_geshi (2.5.0) 0 | plg_content_joomla (2.5.0) 1 | plg_content_loadmodule (2.5.0) 1 | plg_content_pagebreak (2.5.0) 1 | plg_content_pagenavigation (2.5.0) 1 | plg_content_vote (2.5.0) 1 | plg_editors-xtd_article (2.5.0) 1 | plg_editors-xtd_image (2.5.0) 1 | plg_editors-xtd_pagebreak (2.5.0) 1 | plg_editors-xtd_readmore (2.5.0) 1 | plg_extension_joomla (2.5.0) 1 | plg_finder_categories (2.5.0) 1 | plg_finder_contacts (2.5.0) 1 | plg_finder_content (2.5.0) 1 | plg_finder_newsfeeds (2.5.0) 1 | plg_finder_weblinks (2.5.0) 1 | PLG_EOSNOTIFY (2.5.0) 1 | plg_quickicon_extensionupdate (2.5.0) 1 | plg_quickicon_joomlaupdate (2.5.0) 1 | plg_search_categories (2.5.0) 1 | plg_search_contacts (2.5.0) 1 | plg_search_content (2.5.0) 1 | plg_search_newsfeeds (2.5.0) 1 | plg_search_weblinks (2.5.0) 1 | plg_system_cache (2.5.0) 0 | plg_system_debug (2.5.0) 1 | plg_system_highlight (2.5.0) 1 | plg_system_languagecode (2.5.0) 0 | plg_system_languagefilter (2.5.0) 1 | plg_system_log (2.5.0) 1 | plg_system_logout (2.5.0) 1 | plg_system_p3p (2.5.0) 1 | plg_system_redirect (2.5.0) 1 | plg_system_remember (2.5.0) 1 | plg_system_sef (2.5.0) 1 | plg_user_contactcreator (2.5.0) 0 | plg_user_joomla (2.5.0) 1 | plg_user_profile (2.5.0) 0 |
3rd Party:: DISQUS Comments for Joomla! (b (3.2) 1 | Content - Load Module in Artic (3.1.0) 1 | bg-BG NotifyArticleSubmit lang (2014-06-26 22) 1 | cs-CZ NotifyArticleSubmit lang (2014-06-26 22) 1 | da-DK NotifyArticleSubmit lang (2014-06-26 22) 1 | de-DE NotifyArticleSubmit lang (2014-06-26 22) 1 | en-GB NotifyArticleSubmit lang (2014-06-26 22) 1 | es-ES NotifyArticleSubmit lang (2014-06-26 22) 1 | fr-FR NotifyArticleSubmit lang (2014-06-26 22) 1 | GJFields - a set of additional (1.0.29) 1 | it-IT NotifyArticleSubmit lang (2014-06-26 22) 1 | lt-LT NotifyArticleSubmit lang (2014-06-26 22) 1 | nb-NO NotifyArticleSubmit lang (2014-06-26 22) 1 | nl-NL NotifyArticleSubmit lang (2014-06-26 22) 1 | pl-PL NotifyArticleSubmit lang (2014-06-26 22) 1 | pt-BR NotifyArticleSubmit lang (2014-06-26 22) 1 | ru-RU NotifyArticleSubmit lang (2014-06-26 22) 1 | sk-SK NotifyArticleSubmit lang (2014-06-26 22) 1 | sl-SI NotifyArticleSubmit lang (2014-06-26 22) 1 | sv-SE NotifyArticleSubmit lang (2014-06-26 22) 1 | tr-TR NotifyArticleSubmit lang (2014-06-26 22) 1 | uk-UA NotifyArticleSubmit lang (2014-06-26 22) 1 | PLG_CONTENT_NOTIFYARTICLESUBMI (2.5.3) 1 | Quickdown (3.55J2) 1 | Content - Image gallery - sigp (1.4.2.14) 1 | plg_editors_codemirror (1.0) 1 | plg_editors_jce (2.5.8) 1 | plg_editors_tinymce (3.5.4.1) 1 | plg_quickicon_jcefilebrowser (2.5.8) 1 | Remository_Audio (3.55J2) 1 | ICAGENDA_PLG_SEARCH (1.4) 1 | Search_Remository (3.55J2) 1 | Akeeba Backup Lazy Scheduling (3.3) 0 | Community Builder System plugi (2.0.10) 1 | System - iCagenda :: Autologin (1.3) 1 | PLG_SYSTEM_IC_LIBRARY (1.2) 1 | plg_system_jce (2.5.8) 1 | System - JCE MediaBox (1.1.25) 1 | System - DISQUS Comments for J (3.2) 1 | System - Maximenu CK Mobile (1.1.18) 0 | System - Maximenu_CK params (4.0.5) 1 | PLG_SYSTEM_NNFRAMEWORK (15.4.5) 1 | PLG_SYSTEM_REREPLACER (5.13.5FREE) 1 | PLG_SYSTEM_WEB357FRAMEWORK (1.1.0) 1 |Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) 1 | beez5 (2.5.0) 1 | beez_20 (2.5.0) 1 | suzanne (2.5.0) 1 | suzanne (2.5.0) 1 |
Templates :: ADMIN :: bluestork (2.5.0) 1 | hathor (2.5.0) 1 |
- Webdongle
- Joomla! Master
- Posts: 44029
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hacked site with PHP code injection
You need to follow the instructions on viewtopic.php?f=714&t=946026
When you get to step #f ... use the method in viewtopic.php?f=710&t=956702 to update.
If you are unable to follow those instruction then you will need to pay someone to clean and update your site.
When you get to step #f ... use the method in viewtopic.php?f=710&t=956702 to update.
If you are unable to follow those instruction then you will need to pay someone to clean and update your site.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".