Possible new hack [ redacted ]

Discussion regarding Joomla! 3.x security issues.
Post Reply
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Thu Aug 21, 2008 3:32 am

Possible new hack [ redacted ]

Post by daveburstein » Wed Jan 20, 2021 2:12 am

Got hacked about 90 minutes ago. Defaced hacked by [ redacted ]. Google search shows it is rapidly spreading but finds little information. Standard security scans don't have details.
Rapidly spread through 6 sites on same server, 3 joomla, 3 Wordpress.
Advice needed:
1- Blocks administrator with hack screen. To get to my security software, I need to get in. Any ideas how to bypass? All files are there in ftp, look right.
2- Other advice?

Puts in an index.php file beginning like this. When I delete it, still hacked. Am checking database for odd files.
<title>Hacked By: [ redacted ]</title>
<link href="http://fonts.googleapis.com/css?family= [ redacted ]>
<meta property='og:image:width ' content='500'>
<meta property='og:image:height' content='200'>
<!-- Meta Tag -->
<meta property="og:image" content="https:// [ redacted ]"/>
<meta name="keywords" content="Hacked By - [ redacted ]">
<meta name="description" content=" [ redacted ] ">
<script type="text/javascript">

[ redacted ]

Last edited by toivo on Wed Jan 20, 2021 6:46 am, edited 1 time in total.
Reason: mod note: kudos removed - the forum rules available from https://forum.joomla.org/viewtopic.php?f=8&t=65

User avatar
Joomla! Master
Joomla! Master
Posts: 39463
Joined: Sat Apr 05, 2008 9:58 pm

Re: Possible new hack chemod 77

Post by Webdongle » Wed Jan 20, 2021 2:36 am

Wiping all the files applies to all the sites on your server
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

Post Reply

Return to “Security in Joomla! 3.x”