Removing unused components

[stuffdone]

There are some components of Joomla I do not use on most sites. Recently I have found them targets of hacker's to place malicious code.

There is no "uninstall" option for these and no sure way I can find to totally disable them that also removes their directories.

My question: Can I manually remove them via FTP or cPanel file manager and not break site?

I want to eliminate (delete their directories) these from certain sites: ( maybe others at some future time)

• tags
  newsfeeds
  search
  smart search
  contacts

--
Thoughts?

//

[mandville]

There are some components of Joomla I do not use on most sites. Recently I have found them targets of hacker's to place malicious code.

they may be targets but are they actually laces where code can/has been inserted?

There is no "uninstall" option for these and no sure way I can find to totally disable them that also removes their directories.

no, becuase the ones you list are core components and not meant to be uninstalled.

My question: Can I manually remove them via FTP or cPanel file manager and not break site?

have you taken a back up, tried it and then found out.

Thoughts?

there is no proof these extensions are the cause of infection on your site. if they were then the security forum would fill up quicker than the seo spam click bait post forum on woodpress.sad

[toivo]

The locations of malware files was mentioned briefly in the earlier topic by @stuffdone, Malware detected in scans.

[sozzled]

There are some components of Joomla I do not use on most sites. Recently I have found them targets of hackers to place malicious code ...

Thoughts?

The presence (or absence) of these components, by themselves, is not indicative of the success that people may have in depositing **** on your website. How one uses those extensions, however, may be an entry point by which hackers can infiltrate a website, or another website, or someone else's website, in order to spread their mischief. In the end, however, it's not for me to say whether any of those extensions is a weak point or a target for hackers.

I will say, however, that whether one chooses to use the Tags, Newsfeeds, Search, Smart Search and/or Contacts components is a matter of individual choice. I use some of these things but not all of them. These are core parts of the J! CMS and are not "uninistallable" (unless you want to completely uninstall Joomla!). Again, the choice in using J! is an individual one; whether J! works for one person and doesn't work for another person doesn't say anything about the individual.

In conclusion: no, you cannot optionally uninstall those components but you can certainly choose to not use them.

[stuffdone]

they may be targets but are they actually laces where code can/has been inserted?

Yes hence my question.

[stuffdone]

The presence (or absence) of these components, by themselves, is not indicative of the success that people may have in depositing **** on your website. How one uses those extensions, however, may be an entry point by which hackers can infiltrate a website, or another website, or someone else's website, in order to spread their mischief. In the end, however, it's not for me to say whether any of those extensions is a weak point or a target for hackers.

I will say, however, that whether one chooses to use the Tags, Newsfeeds, Search, Smart Search and/or Contacts ...

In conclusion: no, you cannot optionally uninstall those components but you can certainly choose to not use them.

I don't use them and make what ever settings I could find to disable them. Their directories are where the malware has been deposited. I am not concluding those extensions are themselves at fault. My only thinking was to make those locations unavailable to them.

[sozzled]

I understand the question (and the motivation for asking it) about uninstalling core CMS extensions such as a few of those that have been mentioned in this discussion topic. I repeat my earlier answer:

No, you cannot optionally uninstall those components but you can ... choose to not use them.

This doesn't, however, explain the source of malware infections [that may target specific or random file locations] nor eliminate the potential for rogue processes—residing from within or outside the website—that deposit unwanted material. In other words, unless someone is willing to undertake a deep analysis/audit of the files stored on the server, the source of malware infestation remains a mystery.

From what I've researched, malware is generated either manually (which is usually quite difficult to do) or by some script. The server log should contain every instance of when, where and how such malware/files are created but it could take several days to analyse every instance of them. Basically, one would have to constantly watch the kettle until the water boils.

What are the options?

1. Analyse the website looking for how the malware is generated. This task could take anywhere from a couple of hours to a couple of years.
2. Accept the inevitable: there's a [kind of] "cancer" that needs to be surgically excised with the possibility that the "patient" won't survive. Alternatively, take the "patient" off life-support and allow it to die a natural death.
3. Remove the website from the server and relocate it elsewhere. This may result in preventing cross-infection of other we assets owned by the OP w.r.t. their other websites. By quarantining the problem website elsewhere, the OP can attend to further investigation at their leisure.
4. [Probably not worth the investment but included for the sake of completeness] Give the job to someone, with full access to the server, who's skilled in website security and competent with J!

I would guess that it's possible to adjust folder/file permissions so that no-one (not even the J! update processes) could add/modify/delete files therein. This could break the website and stop it working because I don't know how changing the folder/file permissions would affect the "normal" operations (e.g. creating/editing/deleting J! articles, etc.). That would also put one outside of the availability of help from the community—one would be flying solo using one's own wits to navigate—and I wouldn't advise that course of action. However, it's not my flying machine or my patient; one can always seek a second, third or other opinions, of course.

[stuffdone]

I have totally replaced the site with fresh install and database.

Only thing kept was content exported via XML file so I don't have to rebuild all the text content.

Quiet for a week or so then same kind of .ico files started to appear as well as placeholder index.html files renamed index.bak.bak replaced with index.php that used an include to pull that back in.

Scans always find the .ico files but never the .php files. I find those with a search for "index.bak.bak" which never belong there.

.htaccess site wide blocks running any script ending with .ico just as an added precaution.

Last infection was in /tmp and /temp ( the default temp )

As stated before this is not a customer site so I can afford to play around with permissions etc. Administrator access is blocked with .htaccess that stops all web access. When I want to log in I go via FTP and temporarily rename to allow myself access.

Just for sake of trying something new I am going to try the Joom 4 Beta.

First will try the upgrade from 3x version then if that fails do a clean install with full version.

What can I say...I'm poor but stubborn !

As always thanks for the thoughts.