Site Hacked

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
twstevensuk
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Oct 03, 2018 10:25 am

Site Hacked

Post by twstevensuk » Wed Oct 03, 2018 10:29 am

Long story our site was hacked, and it is reporting unsafe content with google ads

we have checked and in chrome when we inspect the see under Source
<head>
<script type="text/javascript" src="[redacted]/js/45531.js" ></script>
<noscript><img src="[redacted]/45531.png" style="display:none;" /></noscript>

we have checked the files within the site and cannot find code this anyway!


We cant restore from back as we have backups from 3 months and the oldest is still reporting this issue

Does anyone know where it is calling this from?

Pulling my hair out here and help?
Last edited by fcoulter on Wed Oct 03, 2018 10:37 am, edited 1 time in total.
Reason: removed links to malicious javascript files

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Site Hacked

Post by fcoulter » Wed Oct 03, 2018 10:41 am

This is the process for clearing up your site: viewtopic.php?f=714&t=946026

If you just try to find the malicious code and delete it you will almost certainly be hacked again because you have not removed the source of the hack.
Last edited by toivo on Wed Oct 03, 2018 11:26 am, edited 1 time in total.
Reason: mod note: corrected the URL to point to the start of the sticky topic
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

twstevensuk
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Oct 03, 2018 10:25 am

Re: Site Hacked

Post by twstevensuk » Wed Oct 03, 2018 10:55 am

Thanks, we know that but need to identify the Source file which is redirecting this

So far we are unable to find it.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Site Hacked

Post by fcoulter » Wed Oct 03, 2018 11:23 am

The point of the instructions is that you do not waste time trying to track down the source, which really could be anywhere, but remove everything from the server, and rebuild the site using clean files, hence removing the hack files in the process.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

twstevensuk
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Wed Oct 03, 2018 10:25 am

Re: Site Hacked

Post by twstevensuk » Wed Oct 03, 2018 11:25 am

Thanks

I thought as much but thought i would ask anyway

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 36444
Joined: Sat Apr 05, 2008 9:58 pm

Re: Site Hacked

Post by Webdongle » Wed Oct 03, 2018 11:30 am

viewtopic.php?f=714&t=946026
step #f will restore your site with fresh files. The other steps secure the site against further hacks.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Security in Joomla! 3.x”