"This site may be hacked"

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
KembleSteve2
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Oct 29, 2018 8:05 pm

"This site may be hacked"

Post by KembleSteve2 » Mon Oct 29, 2018 8:19 pm

Like many web managers, I find myself being labelled as having a site which is open to hacking.
I cannot disagree with Google on this, as they show me several URLs which are obviously not of my making.
So thanks Google, but my problem is how to find where these rogue URLs actually lie within my joomla code.
So for example, one of the example is something like...
http://kemble.co.uk/hgrc8yh/6u461ck.php ... video-rude
(I have changed a couple of characters, to protect the actual location)
As I can find no files containing any of these strings, I suspect it is tied up somewhere in the SQL database, but there again, I cannot seem to find anything to help me there either, allowing me to delete the hacked data.
Can anyone help?
Steve
Last edited by toivo on Mon Oct 29, 2018 8:34 pm, edited 1 time in total.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 6063
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: "This site may be hacked"

Post by sozzled » Mon Oct 29, 2018 8:36 pm

KembleSteve2 wrote:
Mon Oct 29, 2018 8:19 pm
Like many web managers, I find myself being labelled as having a site which is open to hacking. I cannot disagree with Google on this, as they show me several URLs which are obviously not of my making.
Yeah, these things happen. And, while you may not be able to argue with Google, many of these instances of rogue/unexplained URL references finding their way into Googles index may be the result of referrer (or ghost) spam.

If you've satisfied yourself that the URLs that Google has "complained about" are non-existent, then request Google to do a site review. It may be an idea to do some background reading about referrer spam; for example, https://www.google.com/search?q=%22who% ... site%3F%22
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

KembleSteve2
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Oct 29, 2018 8:05 pm

Re: "This site may be hacked"

Post by KembleSteve2 » Thu Nov 08, 2018 10:09 pm

Many thanks for getting back to me "sozzled". I have only just picked up your reply as I assumed (being a new forum user) that I would get emailed if I had a response - I guess not.
Anyway, the problem I have is that I do believe the URL could be real, I just cannot see how to interpret it's contents, as it is obviously not as simple as following a link, as if it were a file in a directory structure.
Most of the examples are labelled as "redirected" - I guess some form of forwarding.

e.g.
This URL redirected to:

Code: Select all

https://www.kemble.co.ukuhs91sl/7dnqwko.php?oeuyrilfj=mat-card-height
I guess the different elements of the URL are in some way decoded by the SQL database, but even there I cannot find where I need to delete it before getting back to Google to plead my case.
Anyway, I will follow your link, and see if it helps.
Thanks again. Steve.

KembleSteve2
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Mon Oct 29, 2018 8:05 pm

Re: "This site may be hacked"

Post by KembleSteve2 » Fri Nov 16, 2018 12:18 pm

Ref the comments "Joomla forum is about Joomla CMS. Linking to your website that is not a Joomla website or a Joomla related website may be considered as spam, and may be banned and reported to stopforumspam.com and Google."

This site, www.kemble.co.uk is a full Joomla CMS site, so am surprised at the implication that it is anything other.
I was hoping that the knowledgeable members might be able to help with a genuine problem which I would imagine must be of real concern to others in a similar situation.

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4040
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: "This site may be hacked"

Post by AMurray » Fri Nov 16, 2018 11:53 pm

KembleSteve2 wrote:Many thanks for getting back to me "sozzled". I have only just picked up your reply as I assumed (being a new forum user) that I would get emailed if I had a response - I guess not.
You can subscribe to receive notification by email of responses in the forum - but you need to "opt-in" to that. Edit your profile, the options are there. There's an option in the 'Board Preferences' in your profile area "Notify me upon replies by default: (Yes/No)."
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.


Post Reply

Return to “Security in Joomla! 3.x”