framework.php and index.php

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
jwmuriel
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Fri Mar 23, 2018 2:53 pm

framework.php and index.php

Post by jwmuriel » Sun Mar 25, 2018 8:15 pm

I have a site [ redacted ]
every day, I repeat every day, for some strange reason the files framework.php and index.php was damaged, every morning I have to replace them with a new copy and the site works fine but at some time during the day these are corrupted and they become huge an the site does not work
Look for information and I was suggested to review the permits, but everything is in order
I can not find a solution
Please, if someone has an idea about what happens, I thank you in advance.

Saludos
Wladimir
Last edited by toivo on Sun Mar 25, 2018 9:27 pm, edited 1 time in total.
Reason: mod note: moved to 3.x Security, removed the URL

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4052
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: framework.php and index.php

Post by AMurray » Sun Mar 25, 2018 9:34 pm

Can you post what file-sizes they have been before and after?

index.php should be around 2kb. (there are other 'index.php' as well, but this is the one in the root folder).

Searching found 2 "framework.php" files both around 3kb.

What sizes are you saying they become?

I don't believe they should change size (or if they do not to the point of the site being unusable), or have code added to them ordinarily. Perhaps your site is hacked - you may need to follow the procedures outlined here.

Ask your host if they have any security scan tools (to look for Malware and such). You might have access to such tools in your hosting's control panel (cPanel, Plesk etc).

You could also use the myjoomla.com service; run an audit scan - it will tell you what files have changed, and you can review them to see what changes have been made if it happens again. It's a subscription service, but the first scan is free.

Also please post the FPA Report. (refer Forum Rules section at top of this thread).
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.


Post Reply

Return to “Security in Joomla! 3.x”