My website maybe got hacked! Topic is solved
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
My website maybe got hacked!
Hello,
I have scanned my site but nothing is telling me that my site is hacked but I see the attached pictures in my Joomla site directory. The pictures are from [ redacted ] hackers. Please can you tell me what I have to do?
Thanks in advance.
[ redacted ]
I have scanned my site but nothing is telling me that my site is hacked but I see the attached pictures in my Joomla site directory. The pictures are from [ redacted ] hackers. Please can you tell me what I have to do?
Thanks in advance.
[ redacted ]
Last edited by toivo on Sun Aug 02, 2020 4:57 pm, edited 2 times in total.
Reason: mod note: attachment removed, kudos redacted
Reason: mod note: attachment removed, kudos redacted
- toivo
- Joomla! Master
- Posts: 17442
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: My website maybe got hacked!
Recommend that you contact Phil Taylor of https://mysites.guru/. He cleans hacked sites for a fee, in addition to providing online tools for auditing and managing Joomla sites. The first software audit is free and it may also include Suspect Content Tool, which should help to identify hacked files.
Alternatively, study the sticky topics of this 3.x Security forum how to rebuild a hacked site and observe best security practice.
Please note that removing hacked files does not remove the vulnerability that allowed the site to be compromised. You should therefore post the results from the Forum Post Assistant (FPA) so that our volunteer experts can review the configuration. They may be able to identify vulnerable extensions, for example.
Alternatively, study the sticky topics of this 3.x Security forum how to rebuild a hacked site and observe best security practice.
Please note that removing hacked files does not remove the vulnerability that allowed the site to be compromised. You should therefore post the results from the Forum Post Assistant (FPA) so that our volunteer experts can review the configuration. They may be able to identify vulnerable extensions, for example.
Toivo Talikka, Global Moderator
- JurajB
- Joomla! Guru
- Posts: 642
- Joined: Fri Oct 02, 2015 3:28 pm
Re: My website maybe got hacked!
I think mysites.guru have also some kind of protection at least you can harden the thing such a .htaccess and more.
Also you may find useful siteguarding.com (designed also for Joomla) but I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.
Also you may find useful siteguarding.com (designed also for Joomla) but I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.
- toivo
- Joomla! Master
- Posts: 17442
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: My website maybe got hacked!
@JurajB, modifying the Joomla core files is a bad idea, neither recommended nor supported.
About security extensions, among the services, tools and extensions I have used, in addition to mysites.guru (no affiliation), Admin Tools of Akeeba Ltd (no affiliation) is an excellent option that keeps the hackers away.
Toivo Talikka, Global Moderator
- JurajB
- Joomla! Guru
- Posts: 642
- Joined: Fri Oct 02, 2015 3:28 pm
Re: My website maybe got hacked!
So OK then you may use Joomla plugin for this.
edit: but my hosting provider (the best around, they are max. experts) said its safe to put the code in index.php (maybe only on their hosting or maybe the admin in support area wasnt informed) so what to say about this?
edit: but my hosting provider (the best around, they are max. experts) said its safe to put the code in index.php (maybe only on their hosting or maybe the admin in support area wasnt informed) so what to say about this?
-
- I've been banned!
- Posts: 13639
- Joined: Sun Jul 05, 2009 3:30 am
- Location: Canberra, Australia
Re: My website maybe got hacked!
What "code"?
@toivo's advice is sensible:
I agree 100%. Don't modify the J! core files and please don't recommend this idea to others. "Modifying" the core files in J! is why we see so many problems reported on the forum. These problems can be caused by "modifying" the core files in J!. It's a bad idea.
- JAVesey
- Joomla! Hero
- Posts: 2637
- Joined: Tue May 14, 2013 1:21 pm
- Location: Cardiff, Wales, UK
- Contact:
Re: My website maybe got hacked!
+1
The other reason not to modify core files is that they can be overwritten during a core update, thereby losing any changes made.
@OP:
Follow Toivo's advice and post the output from the FPA. Might help identify the way your site was exploited.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
- Webdongle
- Joomla! Master
- Posts: 44093
- Joined: Sat Apr 05, 2008 9:58 pm
Re: My website maybe got hacked!
Either contact https://mysites.guru/
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026
Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.
When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026
Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.
When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Enthusiast
- Posts: 191
- Joined: Fri Dec 18, 2015 6:40 pm
Re: My website maybe got hacked!
Webdongle wrote: ↑Mon Aug 03, 2020 7:20 pmEither contact https://mysites.guru/
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026
Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.
When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.
Hello, I cleaned the site by my self. Thank you.
- Webdongle
- Joomla! Master
- Posts: 44093
- Joined: Sat Apr 05, 2008 9:58 pm
Re: My website maybe got hacked!
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".