Page 1 of 1

Websites send hundreds of spoofed emails - FPA attached

Posted: Fri Apr 19, 2019 9:18 am
by johk2
Hi,

Our website is currently sending hundreds of emails using PHP-mail function.
The site is hosted on Azure and Yes I know the site is outdated and using an older PHP version.
According to the server guy the PHP version can’t apparently be update yet – a new webserver need to be build/configured on Azure.
I am hesitant to update Joomla to the latest version until we at least use PHP 7.1 – or am I being to precautious will the latest Joomla version run OK on PHP 7.0.33?

The spam emails sent “From Address” is the email address entered under Global Configuration.

I have attached the Joomla FPA log.

I have also attached my .htaccess file


Any suggestions on what might be causing this would be much appreciated.

Code: Select all

##
# @package    Joomla
# @copyright  Copyright (C) 2005 - 2017 Open Source Matters. All rights reserved.
# @license    GNU General Public License version 2 or later; see LICENSE.txt
##

AddHandler application/x-httpd-php72 .php .php5 .php4 .php3
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of mod_rewrite, but it may have already been set by your 
# server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the 
# beginning of the line), reload your site in your browser and test your sef urls. If 
# they work, then it has been set by your server administrator and you do not need to 
# set it here.
##

## No directory listings
<IfModule autoindex>
  IndexIgnore *
</IfModule>

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed 
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

Redirect 301 www.marash.qld.edu.au/sport/orientation-sign-on-2017 https://www.marash.qld.edu.au/orientation-sign-on-2017

Re: Websites send hundreds of spoofed emails - FPA attached

Posted: Fri Apr 19, 2019 9:20 am
by johk2
Forum Post Assistant (v1.4.8 (koine)) : 19th April 2019 wrote:
Problem Description :: wrote:Spam Emails Sent from website
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.1-Stable (Amani) 27-November-2018
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: Yes | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 2 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.1: Yes | Database Supports J! 3.9.1: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 4.4.0-145-generic | Technology: x86_64 | Web Server: Apache/2.4.18 (Ubuntu) | Encoding: gzip, deflate, br | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 51.90 GiB |

PHP Configuration :: Version: 7.0.33-0ubuntu0.16.04.3 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 300 | Memory Limit: 128M

Database Configuration :: Version: 5.7.25-0ubuntu0.16.04.2 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | Host: --protected-- (--protected--) | default Collation: latin1_swedish_ci (default Character Set: latin1) | Database Size: 105.69 MiB | #of Tables:  292
Detailed Environment :: wrote:PHP Extensions :: Core (7.0.33-0ubuntu0.16.04.3) | date (7.0.33-0ubuntu0.16.04.3) | libxml (7.0.33-0ubuntu0.16.04.3) | openssl (7.0.33-0ubuntu0.16.04.3) | pcre (7.0.33-0ubuntu0.16.04.3) | zlib (7.0.33-0ubuntu0.16.04.3) | filter (7.0.33-0ubuntu0.16.04.3) | hash (1.0) | Reflection (7.0.33-0ubuntu0.16.04.3) | SPL (7.0.33-0ubuntu0.16.04.3) | session (7.0.33-0ubuntu0.16.04.3) | standard (7.0.33-0ubuntu0.16.04.3) | apache2handler () | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: b5c5906d452ec590732a93b051f3827e02749b83 $) | PDO (7.0.33-0ubuntu0.16.04.3) | xml (7.0.33-0ubuntu0.16.04.3) | calendar (7.0.33-0ubuntu0.16.04.3) | ctype (7.0.33-0ubuntu0.16.04.3) | curl (7.0.33-0ubuntu0.16.04.3) | dom (20031129) | mbstring (7.0.33-0ubuntu0.16.04.3) | fileinfo (1.0.5) | ftp (7.0.33-0ubuntu0.16.04.3) | gd (7.0.33-0ubuntu0.16.04.3) | gettext (7.0.33-0ubuntu0.16.04.3) | iconv (7.0.33-0ubuntu0.16.04.3) | json (1.4.0) | exif (7.0.33-0ubuntu0.16.04.3) | mcrypt (7.0.33-0ubuntu0.16.04.3) | mysqli (7.0.33-0ubuntu0.16.04.3) | pdo_mysql (7.0.33-0ubuntu0.16.04.3) | Phar (2.0.2) | posix (7.0.33-0ubuntu0.16.04.3) | readline (7.0.33-0ubuntu0.16.04.3) | shmop (7.0.33-0ubuntu0.16.04.3) | SimpleXML (7.0.33-0ubuntu0.16.04.3) | sockets (7.0.33-0ubuntu0.16.04.3) | sysvmsg (7.0.33-0ubuntu0.16.04.3) | sysvsem (7.0.33-0ubuntu0.16.04.3) | sysvshm (7.0.33-0ubuntu0.16.04.3) | tokenizer (7.0.33-0ubuntu0.16.04.3) | wddx (7.0.33-0ubuntu0.16.04.3) | xmlreader (7.0.33-0ubuntu0.16.04.3) | xmlwriter (7.0.33-0ubuntu0.16.04.3) | xsl (7.0.33-0ubuntu0.16.04.3) | Zend OPcache (7.0.33-0ubuntu0.16.04.3) | Zend Engine (3.0.0) |
Potential Missing Extensions :: zip |
Disabled Functions :: pcntl_alarm | pcntl_fork | pcntl_waitpid | pcntl_wait | pcntl_wifexited | pcntl_wifstopped | pcntl_wifsignaled | pcntl_wifcontinued | pcntl_wexitstatus | pcntl_wtermsig | pcntl_wstopsig | pcntl_signal | pcntl_signal_dispatch | pcntl_get_last_error | pcntl_strerror | pcntl_sigprocmask | pcntl_sigwaitinfo | pcntl_sigtimedwait | pcntl_exec | pcntl_getpriority | pcntl_setpriority | |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | mod_so | mod_watchdog | http_core | mod_log_config | mod_logio | mod_version | mod_unixd | mod_access_compat | mod_alias | mod_auth_basic | mod_authn_core | mod_authn_file | mod_authz_core | mod_authz_host | mod_authz_user | mod_autoindex | mod_deflate | mod_dir | mod_env | mod_filter | mod_mime | prefork | mod_negotiation | mod_php7 | mod_rewrite | mod_setenvif | mod_socache_shmcb | mod_ssl | mod_status | Apache/2.4.18 (Ubuntu) |
Potential Missing Modules :: mod_expires | mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) :: files/Buzz2019/ (775) | files/Video/ (775) | files/buzz2018/ (775) | files/jobs/ (775) | files/sport/thebuzz2018/ (775) | images/collegenewsletter/180524/ (775) | images/collegenewsletter/180823/ (775) | images/collegenewsletter/181101/ (775) | images/collegenewsletter/181129/ (775) | images/collegenewsletter/190321/ (775) |
Database Information :: wrote:Database statistics :: Uptime: 590440 | Threads: 1 | Questions: 6404740 | Slow queries: 0 | Opens: 61501 | Flush tables: 1 | Open tables: 415 | Queries per second avg: 10.847 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party::

Components :: ADMIN ::
Core :: com_banners (3.0.0) 1 | com_tags (3.1.0) 1 | com_content (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_actionlogs (3.9.0) 1 | com_messages (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_admin (3.0.0) 1 | com_search (3.0.0) 1 | com_plugins (3.0.0) 1 | com_privacy (3.9.0) 1 | com_languages (3.0.0) 1 | com_templates (3.0.0) 1 | com_associations (3.7.0) 1 | com_checkin (3.0.0) 1 | com_cache (3.0.0) 1 | com_modules (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_users (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_fields (3.7.0) 1 | com_contenthistory (3.2.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_menus (3.0.0) 1 | com_ajax (3.2.0) 1 | com_config (3.0.0) 1 | com_categories (3.0.0) 1 | com_media (3.0.0) 1 | com_login (3.0.0) 1 | com_redirect (3.0.0) 1 |
3rd Party:: com_jaextmanager (2.5.3) 1 | com_jaextmanager (2.6.5) 1 | Akeeba (6.4.2.1) 1 | eXtplorer (2.1.10) 1 | COM_CREATIVEIMAGESLIDER (3.0.0) 1 | Unknown (administrator/components/com_arkeditor/editor/plugins/toolbar.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/contextmenu.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/dialog.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/scayt.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/video.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/pastetext.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/find.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/sourcearea.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/editingblock.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/replace.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/removeformat.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/indent.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/pastefromword.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/colorbutton.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/audio.xml) (0.1) ? | TreeLink (1.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/format.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/image.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/link.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/jabout.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/autogrow.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/filebrowser.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/smiley.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/tab.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/templates.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/showborders.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/imagedragndrop.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/flash.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/showblocks.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/undo.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/wysiwygarea.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/colordialog.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/font.xml) (0.1) ? | Unknown (administrator/components/com_arkeditor/editor/plugins/enterkey.xml) (0.1) ? | Ark Editor Update Module (1.0.0) ? | Ark Editor Control Panel (1.0.0) ? | Ark Editor Cpanel Module (1.0.0) ? | Ark Editor Vote Module (1.0.0) ? | Ark Editor Statistical Module (1.0.0) ? | Ark Editor Pro Module (1.0.0) ? | com_arkeditor (2.6.10) 1 | COM_BREEZINGFORMS ((build 919)) 1 | COM_K2 (2.7.0) 1 | AcyMailing: override Joomla mailing (5.6.1) ? | AcyMailing Module (3.7.0) 1 | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing Tag : Subscriber informa (5.6.1) ? | AcyMailing Template Class Replacer (5.6.1) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : (auto)Subscribe during (5.6.1) ? | AcyMailing table of contents genera (1.0.0) ? | AcyMailing : Handle Click tracking (5.6.1) ? | AcyMailing Tag : Joomla User Inform (5.6.1) ? | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Tag : Manage the Subscri (5.6.1) ? | AcyMailing Manage text (1.0.0) 1 | AcyMailing Tag : Date / Time (5.6.1) 1 | AcyMailing : Handle Click tracking (5.6.1) ? | AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Editor (5.6.1) 1 | AcyMailing Editor (beta) (4.6.2) ? | AcyMailing (5.6.1) 1 |

Modules :: SITE ::
Core :: mod_footer (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_feed (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_login (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_search (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_finder (3.0.0) 1 |
3rd Party:: AcyMailing Module (3.7.0) 1 | PopUp Aholic (1.3.1) 1 | K2 Tools (2.7.0) 1 | K2 Users (2.7.0) 1 | MOD_JA_ACM (2.1.4) 1 | Creative Image Slider (3.0.0) 1 | MOD_ENTRYCALCULATOR (0.0.2) 1 | K2 Comments (2.7.0) 1 | OT News Grid (1.0.1) 1 | JA Masthead (1.0.5) 1 | MOD_DRAWER (0.4.1) 1 | K2 Dropdown (1.1.1c) 1 | JF Mobile Menu (1.3) 1 | Custom Inline HTML (1.0) 1 | K2 Content (2.7.0) 1 | BreezingForms (1.8.4) 1 | Menu Accordeon CK (2.1.3) 1 | K2 User (2.7.0) 1 |

Modules :: ADMIN ::
Core :: mod_status (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_logged (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_title (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_login (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_quickicon (3.0.0) 1 | mod_version (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_popular (3.0.0) 1 |
3rd Party:: Ark Editor Update Module (1.0.0) ? | Ark Editor Control Panel (1.0.0) ? | Ark Editor Cpanel Module (1.0.0) ? | Ark Editor Vote Module (1.0.0) ? | Ark Editor Statistical Module (1.0.0) ? | K2 Stats (admin) (2.7.0) 1 | K2 Quick Icons (admin) (2.7.0) 1 | Ark Editor Pro Module (1.0.0) ? |

Libraries :: SITE ::
Core ::
3rd Party:: file_fof30 (3.4.2) ? | Regular Labs Library (19.4.11218) 1 |

Plugins :: SITE ::
Core :: plg_search_categories (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_user_joomla (3.0.0) 1 | plg_user_terms (3.9.0) 0 | plg_user_profile (3.0.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_extension_joomla (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_system_p3p (3.0.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_redirect (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_cache (3.0.0) 0 | plg_system_logout (3.0.0) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_sef (3.0.0) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 0 | plg_system_updatenotification (3.5.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_log (3.0.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_pagebreak (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_loadmodule (3.0.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 1 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_installer_webinstaller (2.0.1) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 |
3rd Party:: Search - K2 (2.7.0) 1 | Josetta - K2 Categories (2.6.9) 1 | Josetta - K2 Items (2.6.9) 1 | Ajax - Arkbootstrap (1.0) 1 | Ajax - Arktemplates (1.0) 1 | Ajax - Inline Mode State listener (1.0) 1 | Ajax - Arktypography (1.0) 1 | Ajax - Inline content editing (1.0.2b) 1 | Ajax - TreeLink (1.0) 1 | plg_quickicon_akeebabackup (6.4.2.1) 1 | Quick Icon - Ark Editor (3.0.0) 1 | User - K2 (2.7.0) 1 | Extension - ArkManager (1.0) 0 | Extension - Arkeditor (1.0) 1 | Extension - Inline editing Plugin H (1.0) ? | Bootstrap Row Builder (1.0.0) 1 | PLG_SIGE_BUTTON (3.2.0) 1 | plg_editors-xtd_modals (11.4.0) 1 | plg_editors-xtd_sliders (6.1.1) 1 | System - Joomla Media Manager Exten (1.0) ? | AcyMailing : Handle Click tracking (5.6.1) ? | Creative Image Slider (3.0.0) 1 | System - K2 (2.7.0) 1 | T3 Framework (2.7.3) 1 | PLG_SYSTEM_BACKUPONUPDATE (6.4.2.1) 0 | System - ARK k2ExtraFields (1.0) 1 | System - Inline History (1.0) 1 | System - Ark Bootstrap (1.0) 1 | System - ARK Versions (1.0) 1 | PLG_SYSTEM_IC_LIBRARY (1.4) 1 | System - Inline HTML Module Version (1.0) ? | plg_system_modals (11.4.0) 1 | AcyMailing : (auto)Subscribe during (5.6.1) ? | PLG_SYS_MOOTABLE (1.1.3) 1 | System - Typography by ARK (1.0) 1 | PLG_SYSTEM_CLEANTALK_NAME (6.1) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK (6.4.2.1) 0 | System - Inline content editing (1.0) 1 | AcyMailing: override Joomla mailing (5.6.1) ? | PLG_SYSTEM_AKEEBAACTIONLOG (6.4.2.1) 0 | System - ArkMedia Table Observer (1.0) 1 | System - Reset SEF Base (3.0) 1 | plg_system_regularlabs (19.4.11218) 1 | plg_system_sliders (6.1.1) 1 | System - ArkEditor Modal plugin (1.0) 1 | ArkEditor - Notification (1.0) 1 | ArkEditor - TreeLink (1.0) 1 | ArkEditor - ARK Media (1.0) 1 | ArkEditor - ReadMore (1.0) 1 | ArkEditor - Inline Save content (1.0) 1 | ArkEditor - Ajax (1.0) 1 | ArkEditor - ARK Media Button (1.0) 1 | ArkEditor - JMenu (1.0) 1 | ArkEditor - Email (1.0.1) 1 | ArkEditor - Link (1.0) 1 | ArkEditor - Article (1.0) 1 | ArkEditor - Document (1.0) 1 | ArkEditor - Block Level Linkt (1.0) 1 | ArkEditor - Magicline (1.0) 1 | ArkEditor - Format (1.0) 1 | ArkEditor - Close (1.0) 1 | ArkEditor - Table Resize (1.0) 1 | ArkEditor - Styles combo (1.0) 1 | ArkEditor - UI Header (1.0) 1 | ArkEditor - Styles Override (1.0) 1 | ArkEditor - Pre-loader (1.0) 1 | ArkEditor - Div backgrounds (1.0) 1 | ArkEditor - PageBreak (1.0) 1 | ArkEditor - Toolbar Switcher (1.0) 1 | ArkEditor - Inline AutoSave content (1.0) 1 | ArkEditor - Clipboard (1.0) 1 | ArkEditor - Content CSS (1.0) 1 | ArkEditor - Line Utilites (1.0) 1 | ArkEditor - HTML5 Audio (1.0) 1 | ArkEditor - Ark Widget Button (1.0) 1 | ArkEditor - Browse Popup (1.0) 1 | ArkEditor - Menu Links (1.0) 1 | ArkEditor - Browse Browser (1.0) 1 | ArkEditor - Image Manager (1.0) 1 | ArkEditor - Core CSS (1.0) 1 | ArkEditor - XML (1.0) 1 | ArkEditor - Widget (1.0) 1 | ArkEditor - QuickTable (1.0) 1 | ArkEditor - About (1.0) 1 | ArkEditor - Notification Aggregator (1.0) 1 | ArkEditor - Auto Stylesheet Parser (1.0) 1 | ArkEditor - Versions (1.0) 1 | ArkEditor - Focus Manager (1.0) 1 | ArkEditor - SEF Resource Processor (1.0) 1 | ArkEditor - HTML5 Video (1.0) 1 | ArkEditor - Paragraph Data Processo (1.0) ? | ArkEditor - XML Templates (1.1) 1 | ArkEditor - Drag and Drop Handler (1.0) 1 | ArkEditor - Image2 (1.0) 1 | ArkEditor - Table Definition (1.0) 1 | plg_finder_k2 (2.7.0) 0 | Content - ARK Redirect Plugin (1.0) 1 | BreezingForms (1.8) 1 | Content - Inline content editing fi (1.0) ? | Content - Inline content editing (1.0) 1 | AllVideos (by JoomlaWorks) (4.8.0) 1 | AllVideos (by JoomlaWorks) (4.8.0) 1 | PLG_SIGE (3.3.3) 1 | AcyMailing Editor (5.6.1) 1 | AcyMailing Editor (beta) (4.6.2) ? | plg_editors_codemirror (5.40.0) 1 | plg_editors_tinymce (4.5.9) 1 | Editor - ARKEditor (2.6.10) 1 | AcyMailing Tag : Date / Time (5.6.1) 1 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Tag : Subscriber informa (5.6.1) ? | AcyMailing table of contents genera (1.0.0) ? | AcyMailing Manage text (1.0.0) 1 | AcyMailing : Handle Click tracking (5.6.1) ? | AcyMailing Template Class Replacer (5.6.1) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag : Joomla User Inform (5.6.1) ? | AcyMailing Tag : Manage the Subscri (5.6.1) ? | ArkEvents - Paste From Word (1.0) 1 | ArkEvents - ArkEditor Magicline plu (1.1) ? | ArkEvents - Format plugin (1.0) 1 | ArkEvents - ArkEditor extra plugins (1.0) 1 | ArkEvents - ArkEditor Enviroment pl (1.1) ? | ArkEvents - ArkEditor modal plugin (1.1) 1 | ArkEvents - ArkEditor extra plugins (1.0) 1 | ArkEvents - ArkEditor configuration (1.1) ? | ArkEvents - ArkEditor core plugins (1.0) 1 | ArkEvents - Load Mobile Toolbar (1.0) 1 | ArkEvents - ArkEditor Load Componen (1.0) ? | ArkEvents - Autostylesheet Filter p (1.0) ? | ArkEvents - Auto CSS Filter plugin (1.0) 1 | ArkEvents - ArkEditor acl plugin (1.1) 1 | ArkEvents - ArkEditor Element plugi (1.1) ? | Inline - Arkeditor (1.0) 1 | Installer - Arkwidget (1.0) 1 | Installer - Arkeditor (1.0) 1 |
Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) 1 | ja_healthcare (1.0.1) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |

Re: Websites send hundreds of spoofed emails - FPA attached

Posted: Fri Apr 19, 2019 9:56 pm
by Webdongle
Your Joomla version is old
eXtplorer is old and often has vulnerabilities
jaextmanager is old

Folders should be 755
Recommend you treat as hacked
viewtopic.php?f=714&t=946026