Site hacked, new installation 3.8 not working

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
Crystalrain
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Aug 13, 2007 2:54 pm

Site hacked, new installation 3.8 not working

Post by Crystalrain » Thu Aug 02, 2018 12:54 pm

Hello everyone!

I need help regarding installation of Joomla 3.8 in subfolder /public_html/joomla3. The reason why I am doing so is that our site 2.5 was hacked (sending hundreds of spam e-mails). Instead of erasing Joomla 2.5 and importing DB to new Joomla 3.8 (which I read might be risk for back-door), I have decided to create new Joomla 3.8 installation with new database. After page in /public_html/joomla 3 folder is ready for publishing (would take about a week to finish), I would delete 2.5 page in publich_html folder and move joomla 3 into public_html directory. Unfortunately I am unable to install joomla 3.8 in /public_html/joomla3 directory because my installation fezzes at first step. I am not even able to insert my DB details. It is just stuck at first step. Any idea please? Here is my FPA
Last PHP Error(s) Reported :: Forum Post Assistant (v1.4.3 (Frosty)) : 2nd August 2018 wrote:[02-Aug-2018 14:19:15 Europe/Bratislava] PHP Warning: count(): Parameter must be an array or an object that implements Countable in /home/html/example./public_html/libraries/joomla/application/application.php on line 481
Forum Post Assistant (v1.4.3 (Frosty)) : 2nd August 2018 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.28-Stable (Ember) 10-December-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 1 | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: N/A | FTP Layer: 0 | Proxy: N/A | LiveSite: http://www.example.| Session lifetime: 400 | Session handler: database | Shared sessions: N/A | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | dbConnection Type: mysqli | PHP Supports J! 2.5.28: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 3.16.0-4-amd64 | Technology: x86_64 | Web Server: Apache/2.4.10 (Debian) | Encoding: gzip, deflate, br | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : Unknown |

PHP Configuration :: Version: 5.6.30 | PHP API: fpm-fcgi | Session Path Writable: No | Display Errors: Off | Error Reporting: 22519 | Log Errors To: /home/html/example./logs/php.log | Last Known Error: 02nd August 2018 14:34:50. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /etc/apache2/scripts:/home/html/example.:/home/html/example.:/usr/share/php | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

Database Configuration :: Version: 5.5.5-10.0.29-MariaDB-0+deb8u1 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | Host: --protected-- (--protected--) | Localhost: No | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 19.34 MiB | #of Tables:  100
Detailed Environment :: wrote:PHP Extensions :: Core (5.6.30) | date (5.6.30) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gettext () | SPL (0.2) | iconv () | json (1.2.1) | mbstring () | session () | PDO (1.0.4dev) | standard (5.6.30) | posix () | Reflection ($Id: 5f15287237d5f78d75b19c26915aa7bd83dee8b8 $) | Phar (2.0.2) | shmop () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id: 1c8772f76be691b7b3f77ca31eb788a2abbcefe5 $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.12.5) | cgi-fcgi () | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | mysql (1.0) | mysqli (0.1) | pdo_mysql (1.0.2) | curl () | gd () | gmp () | imagick (3.4.1) | imap () | intl (1.1.0) | mcrypt () | memcache (2.2.7) | mssql () | pdo_dblib (1.0.1) | PDO_Firebird (0.3) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | pspell () | sqlite3 (0.7-dev) | tidy (2.0) | xmlrpc (0.51) | xsl (0.1) | mhash () | ionCube Loader () | Zend OPcache (7.0.6-devFE) | Zend Guard Loader () | Zend Engine (2.6.0) |
Potential Missing Extensions ::
Disabled Functions :: exec | passthru | system | shell_exec | popen | pfsockopen | readlink | symlink | link | leak | proc_open | pclose | virtual | dl | pcntl_exec | escapeshellcmd | proc_get_status | proc_nice | proc_terminate | url_exec | apache_setenv | proc_terminate | ini_restore | disk_free_space | diskfreespace | set_time_limit | fpassthru | ini_alter | apache_child_terminate | apache_get_modules | apache_get_version | apache_getenv | apache_note | apache_setenv |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (750) | components/ (750) | modules/ (750) | plugins/ (750) | language/ (750) | templates/ (750) | cache/ (750) | logs/ (750) | tmp/ (750) | administrator/components/ (770) | administrator/modules/ (770) | administrator/language/ (770) | administrator/templates/ (770) | administrator/logs/ (---) |

Elevated Permissions (First 10) :: administrator/cache/ (770) | administrator/components/ (770) | administrator/components/com_admin/ (770) | administrator/components/com_admin/controllers/ (770) | administrator/components/com_admin/helpers/ (770) | administrator/components/com_admin/helpers/html/ (770) | administrator/components/com_admin/models/ (770) | administrator/components/com_admin/models/forms/ (770) | administrator/components/com_admin/sql/ (770) | administrator/components/com_admin/sql/updates/ (770) |
Database Information :: wrote:Database statistics :: Uptime: 43679723 | Threads: 6 | Questions: 23754152853 | Slow queries: 8753 | Opens: 3990443 | Flush tables: 1 | Open tables: 189866 | Queries per second avg: 543.825 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (2.5.0) 1 | com_wrapper (2.5.0) 1 |
3rd Party:: WF_AGGREGATOR_VIMEO_TITLE (2.4.3) 1 | WF_AGGREGATOR_VINE_TITLE (2.4.3) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.4.3) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.4.3) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.4.3) 1 | K2 Links for JCE Link (2.2) 1 | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.3) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.3) 1 | WF_POPUPS_WINDOW_TITLE (2.4.3) 1 | WF_LINK_SEARCH_TITLE (2.4.3) 1 | WF_ANCHOR_TITLE (2.4.3) 1 | WF_ARTICLE_TITLE (2.4.3) 1 | WF_AUTOSAVE_TITLE (2.4.3) 1 | WF_BROWSER_TITLE (2.4.3) 1 | WF_CHARMAP_TITLE (2.4.3) 1 | WF_CLEANUP_TITLE (2.4.3) 1 | WF_CLIPBOARD_TITLE (2.4.3) 1 | WF_CONTEXTMENU_TITLE (2.4.3) 1 | WF_DIRECTIONALITY_TITLE (2.4.3) 1 | WF_FONTCOLOR_TITLE (2.4.3) 1 | WF_FONTSELECT_TITLE (2.4.3) 1 | WF_FONTSIZESELECT_TITLE (2.4.3) 1 | WF_FORMATSELECT_TITLE (2.4.3) 1 | WF_FULLSCREEN_TITLE (2.4.3) 1 | WF_IMGMANAGER_TITLE (2.4.3) 1 | WF_INLINEPOPUPS_TITLE (2.4.3) 1 | WF_[Do not buy our kitchens!]_TITLE (2.4.3) 1 | WF_LAYER_TITLE (2.4.3) 1 | WF_LINK_TITLE (2.4.3) 1 | WF_LISTS_TITLE (2.4.3) 1 | WF_MEDIA_TITLE (2.4.3) 1 | WF_NONBREAKING_TITLE (2.4.3) 1 | WF_PREVIEW_TITLE (2.4.3) 1 | WF_PRINT_TITLE (2.4.3) 1 | WF_SEARCHREPLACE_TITLE (2.4.3) 1 | WF_SOURCE_TITLE (2.4.3) 1 | WF_SPELLCHECKER_TITLE (2.4.3) 1 | WF_STYLE_TITLE (2.4.3) 1 | WF_STYLESELECT_TITLE (2.4.3) 1 | WF_TABLE_TITLE (2.4.3) 1 | WF_TEXTCASE_TITLE (2.4.3) 1 | WF_VISUALBLOCKS_TITLE (2.4.3) 1 | WF_VISUALCHARS_TITLE (2.4.3) 1 | WF_XHTMLXTRAS_TITLE (2.4.3) 1 |

Components :: ADMIN ::
Core :: com_admin (2.5.0) 1 | com_banners (2.5.0) 1 | com_cache (2.5.0) 1 | com_categories (2.5.0) 1 | com_checkin (2.5.0) 1 | com_config (2.5.0) 1 | com_content (2.5.0) 1 | com_cpanel (2.5.0) 1 | com_finder (2.5.0) 1 | com_installer (2.5.0) 1 | com_joomlaupdate (2.5.0) 1 | com_languages (2.5.0) 1 | com_login (2.5.0) 1 | com_media (2.5.0) 1 | com_menus (2.5.0) 1 | com_messages (2.5.0) 1 | com_modules (2.5.0) 1 | com_newsfeeds (2.5.0) 1 | com_plugins (2.5.0) 1 | com_redirect (2.5.0) 1 | com_search (2.5.0) 1 | com_templates (2.5.0) 1 | com_users (2.5.0) 1 | com_weblinks (2.5.0) 1 |
3rd Party:: JCE (2.4.3) 1 | COM_K2 (2.6.8) 1 | COM_K2ADDITIONALCATEGORIES (1.0.1) 1 | com_rsform (1.50.17) 1 | com_xmap (2.3.4) 1 |

Modules :: SITE ::
Core :: mod_articles_archive (2.5.0) 1 | mod_articles_categories (2.5.0) 1 | mod_articles_category (2.5.0) 1 | mod_articles_latest (2.5.0) 1 | mod_articles_news (2.5.0) 1 | mod_articles_popular (2.5.0) 1 | mod_banners (2.5.0) 1 | mod_breadcrumbs (2.5.0) 1 | mod_custom (2.5.0) 1 | mod_feed (2.5.0) 1 | mod_finder (2.5.0) 1 | mod_footer (2.5.0) 1 | mod_languages (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_random_image (2.5.0) 1 | mod_related_items (2.5.0) 1 | mod_search (2.5.0) 1 | mod_stats (2.5.0) 1 | mod_syndicate (2.5.0) 1 | mod_users_latest (2.5.0) 1 | mod_weblinks (2.5.0) 1 | mod_whosonline (2.5.0) 1 | mod_wrapper (2.5.0) 1 |
3rd Party:: JA Content Slider (2.6.4) 1 | JA Facebook Like Box Module (2.5.6) 1 | JA Masshead (2.5.6) 1 | JA Side News (2.6.1) 1 | JA Slideshow Lite (1.1.6) 1 | K2 Comments (2.6.8) 1 | K2 Content (2.6.8) 1 | K2 Tools (2.6.8) 1 | K2 User (2.6.8) 1 | K2 Users (2.6.8) 1 | RSForm! Pro Module (1.4.0) 1 | sigplus (1.4.2.17) 1 | Custom Facebook Display (1.0.0) 1 |

Modules :: ADMIN ::
Core :: mod_custom (2.5.0) 1 | mod_feed (2.5.0) 1 | mod_latest (2.5.0) 1 | mod_logged (2.5.0) 1 | mod_login (2.5.0) 1 | mod_menu (2.5.0) 1 | mod_multilangstatus (2.5.0) 1 | mod_popular (2.5.0) 1 | mod_quickicon (2.5.0) 1 | mod_status (2.5.0) 1 | mod_submenu (2.5.0) 1 | mod_title (2.5.0) 1 | mod_toolbar (2.5.0) 1 | mod_version (2.5.0) 1 |
3rd Party:: K2 Quick Icons (admin) (2.6.8) 1 | K2 Stats (admin) (2.6.8) 1 |

Plugins :: SITE ::
Core :: plg_authentication_gmail (2.5.0) 0 | plg_authentication_joomla (2.5.0) 1 | plg_authentication_ldap (2.5.0) 0 | plg_captcha_recaptcha (2.5.0) 0 | plg_content_emailcloak (2.5.0) 1 | plg_content_finder (2.5.0) 0 | plg_content_geshi (2.5.0) 0 | plg_content_joomla (2.5.0) 1 | plg_content_loadmodule (2.5.0) 1 | plg_content_pagebreak (2.5.0) 1 | plg_content_pagenavigation (2.5.0) 1 | plg_content_vote (2.5.0) 1 | plg_editors-xtd_article (2.5.0) 1 | plg_editors-xtd_image (2.5.0) 1 | plg_editors-xtd_pagebreak (2.5.0) 1 | plg_editors-xtd_readmore (2.5.0) 1 | plg_extension_joomla (2.5.0) 1 | plg_finder_categories (2.5.0) 1 | plg_finder_contacts (2.5.0) 1 | plg_finder_content (2.5.0) 1 | plg_finder_newsfeeds (2.5.0) 1 | plg_finder_weblinks (2.5.0) 1 | PLG_EOSNOTIFY (2.5.0) 1 | plg_quickicon_extensionupdate (2.5.0) 1 | plg_quickicon_joomlaupdate (2.5.0) 1 | plg_search_categories (2.5.0) 1 | plg_search_contacts (2.5.0) 1 | plg_search_content (2.5.0) 1 | plg_search_newsfeeds (2.5.0) 1 | plg_search_weblinks (2.5.0) 1 | plg_system_cache (2.5.0) 1 | plg_system_debug (2.5.0) 1 | plg_system_highlight (2.5.0) 1 | plg_system_languagecode (2.5.0) 0 | plg_system_languagefilter (2.5.0) 0 | plg_system_log (2.5.0) 1 | plg_system_logout (2.5.0) 1 | plg_system_p3p (2.5.0) 1 | plg_system_redirect (2.5.0) 1 | plg_system_remember (2.5.0) 1 | plg_system_sef (2.5.0) 1 | plg_user_contactcreator (2.5.0) 0 | plg_user_joomla (2.5.0) 1 | plg_user_profile (2.5.0) 0 |
3rd Party:: Content - RSForm! Pro (1.4.0) 1 | Content - Image gallery - sigp (1.4.2.19) 1 | plg_editors_codemirror (1.0) 1 | plg_editors_jce (2.4.3) 1 | plg_editors_tinymce (3.5.11) 1 | plg_finder_k2 (2.6.8) 1 | Josetta - K2 Categories (2.6.8) 1 | Josetta - K2 Items (2.6.8) 1 | K2 - Additional Categories for (1.0.1) 1 | plg_quickicon_jcefilebrowser (2.4.3) 1 | Search - K2 (2.6.8) 1 | JA T3 Framework (2.6.2) 1 | System - K2 (2.6.8) 1 | PLG_SYSTEM_NNFRAMEWORK (13.12.7) 1 | System - RSForm! Pro (1.50.10) 1 | System - RSForm! Pro reCAPTCHA (1.4.0) 1 | User - K2 (2.6.8) 1 |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) 1 | beez5 (2.5.0) 1 | beez_20 (2.5.0) 1 | () 1 |
Templates :: ADMIN :: bluestork (2.5.0) 1 | hathor (2.5.0) 1 |
Last edited by toivo on Mon Aug 06, 2018 9:42 am, edited 3 times in total.
Reason: mod note: moved to 3.x Security

tr1
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 237
Joined: Sun Apr 30, 2006 11:35 am
Location: UK

Re: Site hacked, new installation 3.8 not working

Post by tr1 » Thu Aug 02, 2018 1:08 pm

Hi
I'm not sure if it's the case here, but it may be the version of PHP that you're using. It's worth checking if you're using 7.2 as this caused a few problems for others a while back.
See this post:
https://issues.joomla.org/tracker/joomla-cms/19193
and this one:
https://www.joomshaper.com/forums/param ... -countable

Crystalrain
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Aug 13, 2007 2:54 pm

Re: Site hacked, new installation 3.8 not working

Post by Crystalrain » Thu Aug 02, 2018 1:21 pm

Thank you for your answer. I did try to switch it to PHP 7.2. Installation stops at step 1 as well with php set to 7.2 :-( Should I try lower version of PHP?
tr1 wrote:
Thu Aug 02, 2018 1:08 pm
Hi
I'm not sure if it's the case here..... [/url]

tr1
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 237
Joined: Sun Apr 30, 2006 11:35 am
Location: UK

Re: Site hacked, new installation 3.8 not working

Post by tr1 » Thu Aug 02, 2018 1:39 pm

I'd try a lower version first to see if it installs. The only other scenario where I've experienced a fresh install not working is when the php.ini settings are too low, similar to this thread:

https://stackoverflow.com/questions/390 ... -at-step-1

However, if your install is freezing at the first step, I think this is unlikely. You could try installing joomla on localhost on a home pc and then uploading it to your server to see if you can get it running that way.

Crystalrain
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Aug 13, 2007 2:54 pm

Re: Site hacked, new installation 3.8 not working

Post by Crystalrain » Thu Aug 02, 2018 2:31 pm

OK, I did try to install it with PHP 7.1 and PHP 7.2, nothing helps.

I used parameters:
memory_limit = 256M
max_execution_time = 300

Any ideas how to solve it? I found on various forums these questions:

- I use https on my web site. Does it prevent installation?
- installation in sub-directory could not be possible

I am not technically skilled to install it locally :-(
tr1 wrote:
Thu Aug 02, 2018 1:39 pm
I'd try a lower version first to see if it installs.

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3761
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Site hacked, new installation 3.8 not working

Post by AMurray » Thu Aug 02, 2018 9:51 pm

While your question (according to the subject line) is about installing Joomla 3.8.x, the provided FPA reports concerns your (hacked) 2.5.28 site (so won't help answer the question....).

Joomla 3.8.x runs on PHP 7 quite happily (has done since 3.5.x).

As to why the site was hacked in the first place, that could be a number of reasons - out of date Joomla (support for Joomla 2.5 ended 3 years ago and has not been updated since), out of date third-party extensions etc etc. Also for what it's worth, the FPA you did provide does show some incorrect file/folder permissions: 750 / 770???. On Linux hosting, they should be 755 for folders and 644 for files (and 444 for the configuration.php file).

Since the FPA is designed to give system information about an installed Joomla it won't really help here (for your immediate problem of installing 3.8.x).

I would say that the above PHP setting increases should get you past the "stuck on Step 1" problem.

One last thing, make sure the installation folder for the Joomla 3.8 is 755, although I think this should be set by default when you create folders through cPanel file manager or FTP programs.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 24615
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Site hacked, new installation 3.8 not working

Post by Per Yngve Berg » Thu Aug 02, 2018 10:43 pm

Session Path Writable: No

It must be yes. You also have Open Base set, that may also be the cause of the issue.

ThomasGHarris
Joomla! Apprentice
Joomla! Apprentice
Posts: 6
Joined: Thu Aug 02, 2018 5:02 am

Re: Site hacked, new installation 3.8 not working

Post by ThomasGHarris » Thu Aug 02, 2018 11:59 pm

I've only seen this kind of trouble when using newer PHP versions and older Joomla installations. Another trouble I've had is with the database step where InnoDB has to be changed to MyIsam. Let us know if you still have this issue.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18912
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site hacked, new installation 3.8 not working

Post by leolam » Mon Aug 06, 2018 4:18 am

Disabled functions on the server are incorrect. You should only disable

Code: Select all

"show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open"
and remove the open_base restrictions... They make no sense on a proper configured server

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Mon Aug 06, 2018 9:10 am

If you install 3.8.x in a sub folder before removing all the 2.5 files then it will get hacked. The hackers will have full access to your server and be able to manipulate the files just the same as you.

You need to delete ALL the folders/files from the server see viewtopic.php?f=714&t=946026 . As you are going to create a new Joomla then at step #f ... install your fresh Joomla instead of rebuilding the original site.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18912
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site hacked, new installation 3.8 not working

Post by leolam » Tue Aug 07, 2018 6:01 am

Webdongle wrote:
Mon Aug 06, 2018 9:10 am
If you install 3.8.x in a sub folder before removing all the 2.5 files then it will get hacked.
Why? I am not so sure about that since in that case all our clients who still run J2.5.28 would be hacked already so kindly clarify?

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5332
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Site hacked, new installation 3.8 not working

Post by sozzled » Tue Aug 07, 2018 6:58 am

Crystalrain wrote:
Thu Aug 02, 2018 12:54 pm
I need help regarding installation of Joomla 3.8 in subfolder /public_html/joomla3.
OK, fair enough. It's unimportant why you need to create a new website in this folder we need to get a few things sorted out first.

When you create a new website on your server, don't forget that you need to create a new database that will be used with this website! Did you do that?

The next thing to remember when posting your FPA report, is to copy the file fpa-en.php to the same "root folder" as where you have created the website. So, in this case, the file should be found in /public_html/joomla3/fpa-en.php.

@Per is correct that Session Path Writable must be set to Yes (contact your webhost provider if you do not know how to do this). You also have an Open Base Directory set (contact your webhost provider to "unset" this value.

The rest of the discussion about J! 2.5, while interesting, is irrelevant. If your J! 2.5 website was located in the folder /public_html the, in my opinion, it probably wasn't a wise choice. In my opinion, it's better to have a separate subfolder for each website that you create; I would have the J! 2.5 website in a folder named /public_html/joomla25, for example.

The error message that related to the J! 2.5 website—Parameter must be an array or an object that implements Countable—simply means that you tried to run your J! 2.5 website with PHP 7.2. You can't use PHP 7.x with J! 2.5.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Tue Aug 07, 2018 9:42 am

leolam wrote:
Tue Aug 07, 2018 6:01 am
...Why? I am not so sure about that since in that case all our clients who still run J2.5.28 would be hacked already so kindly clarify?
...
Because the OP has said his 2.5 site is already hacked.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Tue Aug 07, 2018 9:44 am

sozzled wrote:
Tue Aug 07, 2018 6:58 am
Crystalrain wrote:
Thu Aug 02, 2018 12:54 pm
...
The rest of the discussion about J! 2.5, while interesting, is irrelevant. ...
It is relevant because it is hacked. Creating other sites is pointless when there are hack files on the server.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5332
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Site hacked, new installation 3.8 not working

Post by sozzled » Tue Aug 07, 2018 9:48 am

Yeah ... so there's a problem with a website built/hacked in J! 2.5. That's not the issue here, guys.

The issue is that
Crystalrain wrote:
Thu Aug 02, 2018 12:54 pm
I need help regarding installation of Joomla 3.8 in subfolder /public_html/joomla3.
Can we please concentrate on this issue and try to ignore the other matter (about J! 2.5) that may be unrelated. In my mind it would be wiser to remove the old J! 2.5 website completely (or move the files somewhere else) but there are other more pressing matters like the two that @Per mentioned earlier.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Thu Aug 09, 2018 3:43 pm

sozzled wrote:
Tue Aug 07, 2018 9:48 am
Yeah ... so there's a problem with a website built/hacked in J! 2.5. That's not the issue here, guys.

The issue is that
Crystalrain wrote:
Thu Aug 02, 2018 12:54 pm
I need help regarding installation of Joomla 3.8 in subfolder /public_html/joomla3.
Can we please concentrate on this issue and try to ignore the other matter (about J! 2.5) that may be unrelated. ...
The OP has an issue with installing a fresh Joomla but another issue has come to light. A hacked server issue takes residence over the inability to install. To install a fresh Joomla on a server that is hacked ... is no more useful than building a house on sand.

Until the OP cleans the server there is a risk that visitors to his site could have their browsers/pc's compromised. Getting rid of the hack is paramount and should be done before anything else.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18912
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site hacked, new installation 3.8 not working

Post by leolam » Thu Aug 09, 2018 4:07 pm

Webdongle wrote:
Thu Aug 09, 2018 3:43 pm
A hacked server issue takes residence over the inability to install.
I agree in the basics but in none of messages by OP nor from his data posted it gives any reason to think that the server was compromised. Any suspicion is probably justified due to the published server settings but it is no fact so I agree with Sozzled. Let's concentrate on the installation issue (and remove the 2.5-crap)

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Thu Aug 09, 2018 4:40 pm

Crystalrain wrote:
Thu Aug 02, 2018 12:54 pm
... The reason why I am doing so is that our site 2.5 was hacked (sending hundreds of spam e-mails). Instead of erasing Joomla 2.5 ...
The OP is installing a fresh Joomla because his site was hacked.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18912
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site hacked, new installation 3.8 not working

Post by leolam » Thu Aug 09, 2018 4:44 pm

Webdongle wrote:
Thu Aug 09, 2018 4:40 pm
The OP is installing a fresh Joomla because his site was hacked.
Site hack is not equal to server hack...these are 2 completely different entities but Webdongle start focusing on a solution to get the 3.x installed instead of having the last line (...)
Leo 8)
Last edited by ooffick on Mon Aug 13, 2018 11:05 am, edited 1 time in total.
Reason: Mod Note, removing comment which could have been understood as an attack.
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34721
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site hacked, new installation 3.8 not working

Post by Webdongle » Thu Aug 09, 2018 5:28 pm

Site hack, server hack, call it what you want but the fact is that the OP is installing a fresh Joomla (in a sub directory) to fix a hack. That is the wrong approach. You should be helping the OP by encouraging to fix the hack properly ... but you are reinforcing his incorrect fix of just installing a new Joomla and by admitting that you run out of date Joomla for some of your customers.
leolam wrote:
Tue Aug 07, 2018 6:01 am
... in that case all our clients who still run J2.5.28 would be hacked already ...
J2.5.28 has not been supported for nearly 4 years.


leolam wrote:
Thu Aug 09, 2018 4:44 pm
... but Webdongle start focusing on a solution to get the 3.x installed ...
Leo please focus on the real problem. The OP is trying to fix a hack by installing in a sub folder and you are missing to see the OP's fix is not the problem. You are focusing on the OP's fix instead of advising him that installing in a sub folder does NOT fix a hack.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18912
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Site hacked, new installation 3.8 not working

Post by leolam » Fri Aug 10, 2018 3:14 am

Webdongle, you quoted me:
leolam wrote:
Tue Aug 07, 2018 6:01 am
... in that case all our clients who still run J2.5.28 would be hacked already ...
J2.5.28 has not been supported for nearly 4 years.
Oh yeah and the trees are blue. So what? I completely agree that users (clients of us or not) should always upgrade to latest version of Joomla and I encourage that for 100% but we live in a real world and people do have budget restrains for instance or private issues etc etc so they are simply not able to upgrade at present so they run their Joomla website with the available resources they have and yes we/I support and or help those sites indeed.

Admitting what? You are completely false when you state
by admitting that you run out of date Joomla for some of your customers
and I know you do that on purpose (damaging) since I do not run these client websites, we
support
when asked for help!!! and you are fully well aware of that so stop fake stigmatizing aka a certain 'President'? You seemingly disapprove of helping EOL websites that but that is real life. Any idea how many Joomla 1.0 and Joomla 1.5 users are still operational? Right! So stop patronizing Webdongle and get on with the job supporting this Joomla 2.5 user.

@Chrystalrain Why don't you just delete all the J25 files and folders, delete the entire account, recreate the account and install a fresh Joomla 3.8.11?

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team


Post Reply

Return to “Security in Joomla! 3.x”