Updating and cleaning a hacked 2.5 site [SOLVED]

Need help upgrading your Joomla! website or converting to Joomla! 3.x?

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37052
Joined: Sat Apr 05, 2008 9:58 pm

Updating and cleaning a hacked 2.5 site [SOLVED]

Post by Webdongle » Sat Nov 11, 2017 10:57 am

If your Joomla 2.5.x site was hacked then here is a method that will clean your site and update it at the same time. Your database is your site ... first and foremost make a backup of your database.

All the files do is put/get data to/from the database and display the data on the screen.

The problem with some 2.5/3.x compatible extensions 3rd party extensions is that they use different install files. Even when a 2.5/3.x compatible extension uses the same zip is that some will detect the version of Joomla and install the files accordingly. One way to avoid 3rd party extension files corrupting the update is to update the database and 3rd party extension files separately.

Method
  • Update the database with files from a fresh Joomla 2.5.28 install
  • Install the 3rd party extensions into a fresh Joomla install
  • Then connect the Joomla and 3rd party extension files to the updated database.
Preparation
  • Install Wamp on your PC (mamp on a mac) and performing the migration locally.
  • Run the fpa and post the results in this forum
  • Copy your site to localhost and delete all the files from the server
Process
  1. Step #1
  2. Set Beez3 as your default Template
  3. Disable the 'Remember me plugin (it sometimes causes problems with updates from earlier versions)
  4. Update to 2.5.28 if your version is lower.
    • Uninstall any untrusted/unwanted 3rd party extensions and Templates https://vel.joomla.org/live-vel
    • Delete the site files ... you don't need them any more.
    • Scan your computer and all computers that have server or Joomla admin access
    • Change PasswordsThis makes sure the hack is not replicated

    Step #2
  5. Install a fresh Joomla 2.5.28 to a separate database
  6. Edit the configuration.php (of the fresh 2.5.28 install) to use the original database.
  7. Go to the Joomla update component and run the update
    This allows you to update the database with fresh Joomla files without files from 3rd party extensions interfering with the process.

    Step #3
  8. Install a fresh Joomla of the latest version in a separate folder to an empty database
  9. Install your 3rd party extensions/Templates into the fresh Joomla install
    This creates the the new versions of the Joomla and 3rd party extension files
  10. Edit the configuration.php (of the fresh Joomla install) to connect to the updated database (that has your sites data)
    This connects the new versions of the Joomla and 3rd party extension files to the updated database (that has your sites data)

You can now transfer you clean/updated site to the server
Last edited by imanickam on Fri Mar 08, 2019 12:42 pm, edited 3 times in total.
Reason: (a) Made the Post as Sticky (b) As per OP's request, replaced the instances of text string from 2.5/3.6 to 2.5/3.x
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

British Lion
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Mon Dec 11, 2017 9:39 am

Re: Updating and cleaning a hacked 2.5 site [SOLVED]

Post by British Lion » Tue Dec 12, 2017 11:25 am

Thanks for the reply, but I am nowhere near qualified enough to do these things - neither a web designer or developer - just a user.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37052
Joined: Sat Apr 05, 2008 9:58 pm

Re: Updating and cleaning a hacked 2.5 site [SOLVED]

Post by Webdongle » Tue Dec 12, 2017 11:47 am

If you are "neither a web designer or developer" why are you building websites ?

If it's to learn then the above is easily accomplished with basic techniques used to build a Joomla site.
  • File management on the server (like on a PC)
    Installing Joomla
    Installing/uninstalling enabling/disabling Joomla extensions
All of which are needed to install Joomla and build a site using it in the first place. Installing a localhost on your PC is no more difficult than installing other programs on your PC. And using localhost is the same as using a remote host. Editing a file is just editing a file.

In short
If you can install Joomla and create a website you already have the skills needed to update and clean a hacked Joomla site !!!
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37052
Joined: Sat Apr 05, 2008 9:58 pm

Re: Updating and cleaning a hacked 2.5 site [SOLVED]

Post by Webdongle » Tue Oct 02, 2018 11:43 pm

Don't forget to see viewtopic.php?f=714&t=946026 to prevent being hacked again
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Migrating and Upgrading to Joomla! 3.x”