Updating and cleaning a hacked 3.x site [SOLVED] Topic is solved

Need help upgrading your Joomla! website or converting to Joomla! 4.x?

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44070
Joined: Sat Apr 05, 2008 9:58 pm

Updating and cleaning a hacked 3.x site [SOLVED]

Post by Webdongle » Sun Sep 12, 2021 5:46 pm

If your Joomla 3.x site was hacked then here is a method that will clean your site and update it at the same time. Your database is your site ... first and foremost make a backup of your database.

All the files do is put/get data to/from the database and display the data on the screen.

The problem with some 3.x/4.x compatible extensions 3rd party extensions is that they use different install files. Even when a 3.x/4.x compatible extension uses the same zip is that some will detect the version of Joomla and install the files accordingly. One way to avoid 3rd party extension files corrupting the update is to update the database and 3rd party extension files separately.

Method
  • Update the database with files from a fresh Joomla 3.10.1 install
  • Install the 3rd party extensions into a fresh Joomla install
  • Then connect the Joomla and 3rd party extension files to the updated database.
Preparation
  • Install Wamp on your PC (mamp on a mac) and performing the migration locally.
  • Run the fpa and post the results in this forum
  • Copy your site to localhost and delete all the files from the server
Process
  1. Step #1
  2. Set Beez3 as your default Template
  3. Disable the 'Remember me plugin (it sometimes causes problems with updates from earlier versions)
  4. Update to 3.10.1 if your version is lower.
    • Uninstall any untrusted/unwanted 3rd party extensions and Templates https://extensions.joomla.org/vulnerabl ... ons/about/
    • Delete the site files ... you don't need them any more.
    • Scan your computer and all computers that have server or Joomla admin access
    • Change PasswordsThis makes sure the hack is not replicated
    Step #2
  5. Install a fresh Joomla 3.10.1 to a separate database
  6. Edit the configuration.php (of the fresh 3.10.1 install) to use the original database.
  7. Go to the Joomla update component, set the channel (in options) to 'Next' and run the update
    (see viewtopic.php?f=812&t=988003 for full migration instructions)
  8. This allows you to update the database with fresh Joomla files without files from 3rd party extensions interfering with the process.

    Step #3
  9. Install a fresh Joomla of the latest version in a separate folder to an empty database
  10. Install your 3rd party extensions/Templates into the fresh Joomla install
  11. This creates the the new versions of the Joomla and 3rd party extension files
  12. Edit the configuration.php (of the fresh Joomla install) to connect to the updated database (that has your sites data)
  13. This connects the new versions of the Joomla and 3rd party extension files to the updated database (that has your sites data)
You can now transfer you clean/updated site to the server
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
Top
Locked

Return to “Migrating and Upgrading to Joomla! 4.x”