Recovering from Site Hack --- Posted persuant to instructions.

Discussion regarding Joomla! 3.x security issues.
Post Reply
arthurjohnston
Joomla! Intern
Joomla! Intern
Posts: 50
Joined: Fri Apr 30, 2010 9:36 am
Location: Huntington Beach, California
Contact:

Recovering from Site Hack --- Posted persuant to instructions.

Post by arthurjohnston » Mon Feb 15, 2021 12:51 am

This is on a Local Server. I turned off Modsecurity to upgrade certain items and failed to turn it back on!

Arthur Johnston

Forum Post Assistant (v1.6.2) : 14-Feb-2021 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.24-Stable (Amani) 12-January-2021
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (644) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: true | Cache: true | CacheTime: 15 | CacheHandler: memcache | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 2 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.24: Yes | Database Supports J! 3.9.24: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 5.4.0-65-generic | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | System TMP Writable: Yes | Free Disk Space : 3450.81 GiB |

PHP Configuration :: Version: 7.4.3 | PHP API: fpm-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: php_errors.log | Last Known Error: 12th February 2021 23:48:09. | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 60M | Max. POST Size: 60M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 512M

Database Configuration :: Version: 8.0.23-0ubuntu0.20.04.1 (Client:mysqlnd 7.4.3) | Database Size: 8.77 MiB | #of Tables with config prefix: 157 | #of other Tables: 0 | User Privileges : GRANT APPLICATION_PASSWORD_ADMINUser Privileges : AUDIT_ADMINUser Privileges : BACKUP_ADMINUser Privileges : BINLOG_ADMINUser Privileges : BINLOG_ENCRYPTION_ADMINUser Privileges : CLONE_ADMINUser Privileges : CONNECTION_ADMINUser Privileges : ENCRYPTION_KEY_ADMINUser Privileges : FLUSH_OPTIMIZER_COSTSUser Privileges : FLUSH_STATUSUser Privileges : FLUSH_TABLESUser Privileges : FLUSH_USER_RESOURCESUser Privileges : GROUP_REPLICATION_ADMINUser Privileges : INNODB_REDO_LOG_ARCHIVEUser Privileges : INNODB_REDO_LOG_ENABLEUser Privileges : PERSIST_RO_VARIABLES_ADMINUser Privileges : REPLICATION_APPLIERUser Privileges : REPLICATION_SLAVE_ADMINUser Privileges : RESOURCE_GROUP_ADMINUser Privileges : RESOURCE_GROUP_USERUser Privileges : ROLE_ADMINUser Privileges : SERVICE_CONNECTION_ADMINUser Privileges : SESSION_VARIABLES_ADMINUser Privileges : SET_USER_IDUser Privileges : SHOW_ROUTINEUser Privileges : SYSTEM_USERUser Privileges : SYSTEM_VARIABLES_ADMINUser Privileges : TABLE_ENCRYPTION_ADMINUser Privileges : XA_RECOVER_ADMIN ON *.* TO `hank`@`localhost` WITH GRANT OPTION
Detailed Environment :: wrote:PHP Extensions :: Core (7.4.3) | date (7.4.3) | libxml (7.4.3) | openssl (7.4.3) | pcre (7.4.3) | zlib (7.4.3) | filter (7.4.3) | hash (7.4.3) | Reflection (7.4.3) | SPL (7.4.3) | session (7.4.3) | standard (7.4.3) | sodium (7.4.3) | cgi-fcgi (7.4.3) | mysqlnd (mysqlnd 7.4.3) | PDO (7.4.3) | xml (7.4.3) | apcu (5.1.18) | bz2 (7.4.3) | calendar (7.4.3) | ctype (7.4.3) | curl (7.4.3) | dom (20031129) | mbstring (7.4.3) | FFI (7.4.3) | fileinfo (7.4.3) | ftp (7.4.3) | gd (7.4.3) | geoip (1.1.1) | gettext (7.4.3) | gmp (7.4.3) | iconv (7.4.3) | igbinary (3.1.2) | imagick (3.4.4) | intl (7.4.3) | json (7.4.3) | exif (7.4.3) | memcache (3.0.9-dev) | msgpack (2.1.0beta1) | mysqli (7.4.3) | pdo_mysql (7.4.3) | pdo_sqlite (7.4.3) | apc (5.1.18) | posix (7.4.3) | readline (7.4.3) | shmop (7.4.3) | SimpleXML (7.4.3) | sockets (7.4.3) | sqlite3 (7.4.3) | sysvmsg (7.4.3) | sysvsem (7.4.3) | sysvshm (7.4.3) | tokenizer (7.4.3) | xmlreader (7.4.3) | xmlrpc (7.4.3) | xmlwriter (7.4.3) | xsl (7.4.3) | zip (1.15.6) | Phar (7.4.3) | memcached (3.1.4) | Zend OPcache (7.4.3) | Zend Engine (3.4.0) |
Potential Missing Extensions ::
Disabled Functions :: pcntl_alarm | pcntl_fork | pcntl_waitpid | pcntl_wait | pcntl_wifexited | pcntl_wifstopped | pcntl_wifsignaled | pcntl_wifcontinued | pcntl_wexitstatus | pcntl_wtermsig | pcntl_wstopsig | pcntl_signal | pcntl_signal_get_handler | pcntl_signal_dispatch | pcntl_get_last_error | pcntl_strerror | pcntl_sigprocmask | pcntl_sigwaitinfo | pcntl_sigtimedwait | pcntl_exec | pcntl_getpriority | pcntl_setpriority | pcntl_async_signals | pcntl_unshare | |

Switch User Environment :: PHP CGI: No | Server SU: No | PHP SU: No | Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 8142 | Threads: 2 | Questions: 95 | Slow queries: 0 | Opens: 224 | Flush tables: 3 | Open tables: 143 | Queries per second avg: 0.011 |
Extensions Discovered :: wrote:Components :: Site ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party:: WF_HR_TITLE (2.9.2) ? | WF_IMGMANAGER_TITLE (2.9.2) ? | WF_CONTEXTMENU_TITLE (2.9.2) ? | JCE - Noneditable (1.0.0) ? | WF_FONTCOLOR_TITLE (2.9.2) ? | WF_TEMPLATEMANAGER_TITLE (2.9.2) ? | WF_FORMATSELECT_TITLE (2.9.2) ? | WF_ATTRIBUTES_TITLE (2.9.2) ? | WF_MICRODATA_TITLE (2.9.2) ? | WF_SPELLCHECKER_TITLE (2.9.2) ? | WF_ARTICLE_TITLE (2.9.2) ? | WF_XHTMLXTRAS_TITLE (2.9.2) ? | WF_EMOTIONS_TITLE (2.9.2) ? | WF_SOURCE_TITLE (2.9.2) ? | WF_WORDCOUNT_TITLE (2.9.2) ? | WF_PREVIEW_TITLE (2.9.2) ? | WF_CAPTION_TITLE (2.9.2) ? | WF_MEDIAMANAGER_TITLE (2.9.2) ? | WF_VISUALCHARS_TITLE (2.9.2) ? | WF_IMGMANAGER_EXT_TITLE (2.9.2) ? | WF_CHARMAP_TITLE (2.9.2) ? | WF_MEDIA_TITLE (2.9.2) ? | WF_NONBREAKING_TITLE (2.9.2) ? | WF_IFRAME_TITLE (2.9.2) ? | WF_LINK_TITLE (2.9.2) ? | WF_TEXTCASE_TITLE (2.9.2) ? | WF_CLIPBOARD_TITLE (2.9.2) ? | WF_FONTSIZESELECT_TITLE (2.9.2) ? | WF_BROWSER_TITLE (2.9.2) ? | WF_PRINT_TITLE (2.9.2) ? | WF_VISUALBLOCKS_TITLE (2.9.2) ? | WF_SEARCHREPLACE_TITLE (2.9.2) ? | JCE - Columns (1.0.0) ? | WF_FONTSELECT_TITLE (2.9.2) ? | WF_STYLESELECT_TITLE (2.9.2) ? | WF_FULLSCREEN_TITLE (2.9.2) ? | WF_REFERENCE_TITLE (2.9.2) ? | WF_TABLE_TITLE (2.9.2) ? | WF_DIRECTIONALITY_TITLE (2.9.2) ? | WF_KITCHENSINK_TITLE (2.9.2) ? | WF_CLEANUP_TITLE (2.9.2) ? | WF_TEXTPATTERN_TITLE (2.9.2) ? | WF_STYLE_TITLE (2.9.2) ? | WF_LISTS_TITLE (2.9.2) ? | WF_ANCHOR_TITLE (2.9.2) ? | WF_FILEMANAGER_TITLE (2.9.2) ? | WF_HELP_TITLE (2.9.2) ? | WF_AUTOSAVE_TITLE (2.9.2) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.9.2) ? | WF_AGGREGATOR_AUDIO_TITLE (2.9.2) ? | WF_AGGREGATOR_VIMEO_TITLE (2.9.2) ? | WF_AGGREGATOR_[youtube]_TITLE (2.9.2) ? | WF_AGGREGATOR_VIDEO_TITLE (2.9.2) ? | WF_LINK_SEARCH_TITLE (2.9.2) ? | WF_LINKS_JOOMLALINKS_TITLE (2.9.2) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.9.2) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.9.2) ? |

Components :: Admin ::
Core :: com_categories (3.0.0) 1 | com_associations (3.7.0) 1 | com_weblinks (3.7.0) 1 | com_templates (3.0.0) 1 | com_fields (3.7.0) 1 | com_tags (3.1.0) 1 | com_media (3.0.0) 1 | com_menus (3.0.0) 1 | com_banners (3.0.0) 1 | com_admin (3.0.0) 1 | com_plugins (3.0.0) 1 | com_languages (3.0.0) 1 | com_checkin (3.0.0) 1 | com_modules (3.0.0) 1 | com_installer (3.0.0) 1 | com_redirect (3.0.0) 1 | com_messages (3.0.0) 1 | com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_login (3.0.0) 1 | com_privacy (3.9.0) 1 | com_postinstall (3.2.0) 1 | com_joomlaupdate (3.6.2) 1 | com_cache (3.0.0) 1 | com_ajax (3.2.0) 1 | com_finder (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_users (3.0.0) 1 | com_search (3.0.0) 1 | com_actionlogs (3.9.0) 1 |
3rd Party:: com_phocaphoto (3.0.2) 1 | com_phocagallery (4.4.0) 1 | com_jaextmanager (2.5.3) 1 | com_jaextmanager (2.6.5) 1 | com_phocacommander (3.0.5) 1 | COM_JCE (2.9.2) 1 | JoomGallery (3.3.4) 0 | COM_OSMAP (4.2.39) 1 | com_slideshowck (2.3.0) 1 | Slideshow CK (2.3.0) 1 | COM_K2 (2.10.3) 1 | Admintools (5.9.3) 1 | Akeeba (7.5.3) 1 |

Modules :: Site ::
Core :: mod_wrapper (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_weblinks (3.7.0) 1 | mod_footer (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_search (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_login (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_custom (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_tags_similar (3.1.0) 1 | mod_syndicate (3.0.0) 1 |
3rd Party:: Slideshow CK (2.3.0) 1 | JA Masshead (2.5.8) 1 | K2 Tools (2.10.3) 1 | K2 User (2.10.3) 1 | mod_phocacarousel (3.0.4) 1 | K2 Users (2.10.3) 1 | mod_phocagallery_slideshow_noob (1.0.6) 0 | SCLogin (8.4.6) 1 | sigplus (1.5.0.285) 1 | Image Show GK4 (1.6.9) 1 | Simple Contact Form (VERSION) 0 | mod_showplus (2.0.0.4) 1 | K2 Comments (2.10.3) 1 | K2 Content (2.10.3) 1 |

Modules :: Admin ::
Core :: mod_feed (3.0.0) 1 | mod_version (3.0.0) 1 | mod_title (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_menu (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_login (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_status (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_submenu (3.0.0) 1 |
3rd Party:: K2 Stats (admin) (2.10.3) 1 | mod_cachecleaner (7.3.3) 1 | K2 Quick Icons (admin) (2.10.3) 1 |

Libraries ::
Core ::
3rd Party:: file_fof30 (3.6.2) ? | Regular Labs Library (20.11.23860) 1 |

Plugins ::
Core :: plg_finder_contacts (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_weblinks (3.7.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_weblinks (3.7.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 0 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_system_privacyconsent (3.9.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_redirect (3.0.0) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_weblinks (3.7.0) 1 | plg_system_languagecode (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_log (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_remember (3.0.0) 1 | plg_system_cache (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_languagefilter (3.0.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_user (3.7.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_captcha_recaptcha (3.4.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_weblink (3.7.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_confirmconsent (3.9.0) 1 | plg_content_vote (3.0.0) 0 | plg_content_joomlarrssb (3.0.6) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_joomla (3.0.0) 1 | plg_user_terms (3.9.0) 1 | plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 1 | plg_user_profile (3.0.0) 1 |
3rd Party:: PLG_CONSOLE_AKEEBABACKUP (7.5.0.1) 0 | plg_finder_k2 (2.10.3) 1 | Search - K2 (2.10.3) 1 | plg_search_sigplus (1.5.0.285) 1 | plg_installer_jce (2.9.2) 1 | PLG_SYSTEM_ADMINTOOLS (5.9.3) 1 | plg_system_jcemediabox (2.0.13) 1 | plg_system_ossystem (1.3.1) 0 | T3 Framework (2.7.6) 1 | PLG_SYSTEM_BACKUPONUPDATE (7.5.3) 1 | plg_system_emailprotector (4.5.1) 1 | System - SP Cookie Consent (1.0.0) 1 | System - K2 (2.10.3) 1 | plg_system_jce (2.9.2) 1 | plg_system_t4 (1.1.3) 1 | plg_system_cachecleaner (7.3.3) 1 | plg_system_regularlabs (20.11.23860) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK (7.3.0) 1 | PLG_OSMAP_JOOMLA (4.2.39) 1 | PLG_ACTIONLOG_ADMINTOOLS (5.9.3) 1 | PLG_ACTIONLOG_AKEEBABACKUP (7.5.3) 0 | plg_extension_jce (2.9.2) 1 | plg_jce_filesystem_server (1.1.2) 0 | PLG_JCE_LINKS_K2 (2.6.2) 1 | plg_fields_mediajce (2.9.2) 1 | plg_quickicon_jce (2.9.2) 1 | plg_quickicon_akeebabackup (7.5.3) 1 | plg_editors_codemirror (5.56.0) 1 | plg_editors_jce (2.9.2) 1 | plg_editors_tinymce (4.5.12) 1 | plg_editors-xtd_sigplus (1.5.0.285) 1 | plg_content_jce (2.9.2) 1 | plg_content_sigplus (1.5.0.285) 1 | User - K2 (2.10.3) 1 |
Templates Discovered :: wrote:Templates :: Site :: t4_blank (1.0.9) 1 | phoca_photography (1.0.1) 1 | t3_bs3_blank (2.3.3) 1 | beez3 (3.1.0) 0 | purity_III (1.2.6) 1 | t3_blank (2.2.9) 1 | protostar (1.0) 0 |
Templates :: Admin :: isis (1.0) 1 | hathor (3.0.0) 1 |
Arthur Johnston

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39461
Joined: Sat Apr 05, 2008 9:58 pm

Re: Recovering from Site Hack --- Posted persuant to instructions.

Post by Webdongle » Mon Feb 15, 2021 2:26 am

That's step #a of viewtopic.php?f=714&t=946026 have you performed any of the other steps yet?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

arthurjohnston
Joomla! Intern
Joomla! Intern
Posts: 50
Joined: Fri Apr 30, 2010 9:36 am
Location: Huntington Beach, California
Contact:

Re: Recovering from Site Hack --- Posted persuant to instructions.

Post by arthurjohnston » Mon Feb 15, 2021 3:16 am

Working on it.
Arthur Johnston

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 39461
Joined: Sat Apr 05, 2008 9:58 pm

Re: Recovering from Site Hack --- Posted persuant to instructions.

Post by Webdongle » Mon Feb 15, 2021 8:22 am

Step #f will probably take the longest because you need to check all the extensions on their home page for the latest version.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.


Post Reply

Return to “Security in Joomla! 3.x”