Hackers sending SPAM from my site

[bevco]

I am using Joomla 3.7.2, have changed all passwords and usernames, reloaded the sites from a backup before this started, added jHackguard to the sites, made sure nothing is writable and checked the sites with Sucuri Site Check and IsItHacked? And still somehow they are inserting php files in various folders (not always the same ones) - that are unwritable - that are sending out SPAM. Sometimes my ISP is able to catch the emails before they go out and deletes thousands of them at a time. This is happening on 3 of our 13 sites and there is no addon only used by those 3 sites. It also seemed to happen when our ISP moved to a cloud server.....I don't know what else to do.

Any suggestions will be very welcome!
Bev

[websitedons]

Does JHackguard or Sucuri check file integrity or scan for recently changed files? If not, get RSFirewall. The hackers may have placed files deep within your system directories and are able to get in via those files. It's also possible that they placed files in the hosting root, (outside public_html or htdocs).

[Webdongle]

There are a lot of things that you missed
Please see viewtopic.php?f=714&t=946026 and the pages it links to. Your backup files could be hacked or you have a vulnerable extension or ...

[bevco]

My ISP found and deleted some of the files and I have found a couple more - buried deep. I do believe that IsItHacked watches for Spam links, but somehow they are getting through anyway. I will look into RSFirewall....

[toivo]

In addition to cleaning your site properly, based on the instructions in the sticky post viewtopic.php?f=714&t=757645 and Webdongle's recovery instructions, you should check out Admin Tools from JED - https://extensions.joomla.org/extension/admin-tools - and the myJoomla.com service at https://myjoomla.com, where the first scan is free.

[bevco]

Thanks! Will check these out and try one as soon as I find out which sites are now being hit the most. Try one at a time

[Webdongle]

...as soon as I find out which sites are now being hit the most. Try one at a time

Step #C of viewtopic.php?f=714&t=946026 means all the files not just the files of one site. Still waiting for step #A

[bevco]

I have been finding strange files and deleting them - will get to the above asap. Thanks!

[bevco]

OK - I tried to install the FPA and got the message "JInstaller: :Install: Can't find XML setup file."

[Webdongle]

I have been finding strange files and deleting them - will get to the above asap. ...

Deleting strange files is not enough. Every file you find and delete the hackers will probably upload another 3.

Yes hackers plural ... once a hacker has found a weakness in your site they post the vulnerability on hack forums. Then other hackers use it to put their own hack files on. There will be hack files all over the server and in genuine files. Cherry picking files to delete will just have you running around in circles. Unless you hire a professional to clean your site then your only viable option is to delete ALL the files after running the fpa.

[Webdongle]

OK - I tried to install the FPA and got the message "JInstaller: :Install: Can't find XML setup file."

The fpa is not installed into Joomla. You unzip the file and ftp fpa-en.php to the server and point your browser at

Code: Select all

http://www.yoursite.com/fpa-en.php

[bevco]

I tried to post the code but get the message

Your message contains 20621 characters.
The maximum number of allowed characters is 20000.

now what?

[Webdongle]

Put it in a file and attach it ?

[bevco]

This is without plugins

Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.16.0-4-amd64 | Technology: x86_64 | Web Server: Apache/2.4.10 (Debian) | Encoding: gzip, deflate | Doc Root: /var/www/iehiministries.org/web | System TMP Writable: Yes

PHP Configuration :: Version: 7.1.0 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/clients/client11/web20/web:/var/www/clients/client11/web20/private:/var/www/clients/client11/web20/tmp:/var/www/iehiministries.org/web:/srv/www/iehiministries.org/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.5-10.0.30-MariaDB-0+deb8u2 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.40 MiB | #of Tables: 83

PHP Extensions :: Core (7.1.0) | date (7.1.0) | libxml (7.1.0) | openssl (7.1.0) | pcre (7.1.0) | sqlite3 (0.7-dev) | zlib (7.1.0) | bcmath (7.1.0) | bz2 (7.1.0) | calendar (7.1.0) | ctype (7.1.0) | curl (7.1.0) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.0) | ftp (7.1.0) | gd (7.1.0) | gettext (7.1.0) | SPL (7.1.0) | iconv (7.1.0) | session (7.1.0) | json (1.5.0) | mbstring (7.1.0) | mcrypt (7.1.0) | standard (7.1.0) | pcntl (7.1.0) | PDO (7.1.0) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | pdo_pgsql (7.1.0) | pdo_sqlite (7.1.0) | pgsql (7.1.0) | Phar (2.0.2) | posix (7.1.0) | Reflection (7.1.0) | imap (7.1.0) | SimpleXML (7.1.0) | soap (7.1.0) | sockets (7.1.0) | pdo_mysql (7.1.0) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | sysvsem (7.1.0) | sysvshm (7.1.0) | tokenizer (7.1.0) | xml (7.1.0) | xmlreader (7.1.0) | xmlrpc (7.1.0) | xmlwriter (7.1.0) | xsl (7.1.0) | zip (1.13.5) | mysqli (7.1.0) | cgi-fcgi () | memcached (3.0.0b1) | Zend OPcache (7.1.0) | Zend Engine (3.1.0-dev) |
Potential Missing Extensions :: mysql | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: com_wrapper (3.0.0) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.14) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.14) 1 | WF_POPUPS_WINDOW_TITLE (2.6.14) 1 | WF_LINK_SEARCH_TITLE (2.6.14) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.14) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.14) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.14) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.14) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.14) 1 | WF_LINK_TITLE (2.6.14) 1 | WF_CLIPBOARD_TITLE (2.6.14) 1 | WF_VISUALCHARS_TITLE (2.6.14) 1 | WF_FONTSIZESELECT_TITLE (2.6.14) 1 | WF_PREVIEW_TITLE (2.6.14) 1 | WF_FONTSELECT_TITLE (2.6.14) 1 | WF_FORMATSELECT_TITLE (2.6.14) 1 | WF_IMGMANAGER_TITLE (2.6.14) 1 | WF_PRINT_TITLE (2.6.14) 1 | WF_CHARMAP_TITLE (2.6.14) 1 | WF_VISUALBLOCKS_TITLE (2.6.14) 1 | WF_TABLE_TITLE (2.6.14) 1 | WF_NONBREAKING_TITLE (2.6.14) 1 | WF_SOURCE_TITLE (2.6.14) 1 | WF_BROWSER_TITLE (2.6.14) 1 | WF_EMOTIONS_TITLE (2.6.14) 1 | WF_TEXTCASE_TITLE (2.6.14) 1 | WF_CONTEXTMENU_TITLE (2.6.14) 1 | WF_LAYER_TITLE (2.6.14) 1 | WF_ARTICLE_TITLE (2.6.14) 1 | WF_INLINEPOPUPS_TITLE (2.6.14) 1 | WF_FULLSCREEN_TITLE (2.6.14) 1 | WF_SPELLCHECKER_TITLE (2.6.14) 1 | WF_STYLESELECT_TITLE (2.6.14) 1 | WF_SEARCHREPLACE_TITLE (2.6.14) 1 | WF_LISTS_TITLE (2.6.14) 1 | WF_AUTOSAVE_TITLE (2.6.14) 1 | WF_FONTCOLOR_TITLE (2.6.14) 1 | WF_DIRECTIONALITY_TITLE (2.6.14) 1 | WF_STYLE_TITLE (2.6.14) 1 | WF_HR_TITLE (2.6.14) 1 | WF_CLEANUP_TITLE (2.6.14) 1 | WF_ANCHOR_TITLE (2.6.14) 1 | WF_KITCHENSINK_TITLE (2.6.14) 1 | WF_MEDIA_TITLE (2.6.14) 1 | WF_XHTMLXTRAS_TITLE (2.6.14) 1 | com_mailto (3.0.0) 1 | User (1.5.0) 1 |
Components :: ADMIN :: com_cpanel (3.0.0) 1 | Contact Items (1.0.0) 1 | com_jhackguard (2.0.2) 1 | com_contenthistory (3.2.0) 1 | Polls (1.5.0) 1 | com_plugins (3.0.0) 1 | com_fields (3.7.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_templates (3.0.0) 1 | com_menus (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_banners (3.0.0) 1 | com_login (3.0.0) 1 | com_tags (3.1.0) 1 | com_cache (3.0.0) 1 | com_finder (3.0.0) 1 | com_modules (3.0.0) 1 | com_admin (3.0.0) 1 | com_media (3.0.0) 1 | COM_JCE (2.6.14) 1 | com_ajax (3.2.0) 1 | com_search (3.0.0) 1 | com_content (3.0.0) 1 | Frontpage (1.5.0) 1 | COM_SPUPGRADE (4.1.5) 1 | com_postinstall (3.2.0) 1 | com_users (3.0.0) 1 | Mass Mail (1.5.0) 1 | com_redirect (3.0.0) 1 | Weblinks (1.5.0) 1 | Trash (1.0.0) 1 | com_config (3.0.0) 1 | com_checkin (3.0.0) 1 |

Modules :: SITE :: Sections (1.5.0) 1 | mod_users_latest (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_finder (3.0.0) 1 | Most Read Content (1.5.0) 1 | mod_articles_archive (3.0.0) 1 | mod_languages (3.5.0) 1 | Menu (1.5.0) 1 | mod_articles_popular (3.0.0) 1 | Latest News (1.5.0) 1 | mod_footer (3.0.0) 1 | Poll (1.5.0) 1 | jModule (1.0.3) 1 | mod_custom (3.0.0) 1 | mod_search (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_menu (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | Newsflash (1.5.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_login (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_whosonline (3.0.0) 1 | Archived Content (1.5.0) 1 | mod_articles_category (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_feed (3.0.0) 1 |
Modules :: ADMIN :: Akeeba Backup Notification Mod (3.4.3) 1 | mod_latest (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_status (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_logged (3.0.0) 1 | Online Users (1.0.0) 1 | mod_title (3.0.0) 1 | Footer (1.0.0) 1 | jModule (1.0.3) 1 | mod_custom (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_quickicon (3.0.0) 1 | Unread Items (1.0.0) 1 | mod_login (3.0.0) 1 | Items Stats (1.0.0) 1 | mod_submenu (3.0.0) 1 | mod_version (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_toolbar (3.0.0) 1 |

Templates :: SITE :: IEHI2 (1.0) 1 | IEHI3 (1.0) 1 | jTemplate (1.0.3) 1 | IEHI3a (1.0) 1 | IEHI (1.0) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: jTemplate (1.0.3) 1 | isis (1.0) 1 | hathor (3.0.0) 1 | Khepri (1.0) 1 |

[bevco]

This is without modules

Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.16.0-4-amd64 | Technology: x86_64 | Web Server: Apache/2.4.10 (Debian) | Encoding: gzip, deflate | Doc Root: /var/www/iehiministries.org/web | System TMP Writable: Yes

PHP Configuration :: Version: 7.1.0 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/clients/client11/web20/web:/var/www/clients/client11/web20/private:/var/www/clients/client11/web20/tmp:/var/www/iehiministries.org/web:/srv/www/iehiministries.org/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.5-10.0.30-MariaDB-0+deb8u2 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.40 MiB | #of Tables: 83

PHP Extensions :: Core (7.1.0) | date (7.1.0) | libxml (7.1.0) | openssl (7.1.0) | pcre (7.1.0) | sqlite3 (0.7-dev) | zlib (7.1.0) | bcmath (7.1.0) | bz2 (7.1.0) | calendar (7.1.0) | ctype (7.1.0) | curl (7.1.0) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.0) | ftp (7.1.0) | gd (7.1.0) | gettext (7.1.0) | SPL (7.1.0) | iconv (7.1.0) | session (7.1.0) | json (1.5.0) | mbstring (7.1.0) | mcrypt (7.1.0) | standard (7.1.0) | pcntl (7.1.0) | PDO (7.1.0) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | pdo_pgsql (7.1.0) | pdo_sqlite (7.1.0) | pgsql (7.1.0) | Phar (2.0.2) | posix (7.1.0) | Reflection (7.1.0) | imap (7.1.0) | SimpleXML (7.1.0) | soap (7.1.0) | sockets (7.1.0) | pdo_mysql (7.1.0) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | sysvsem (7.1.0) | sysvshm (7.1.0) | tokenizer (7.1.0) | xml (7.1.0) | xmlreader (7.1.0) | xmlrpc (7.1.0) | xmlwriter (7.1.0) | xsl (7.1.0) | zip (1.13.5) | mysqli (7.1.0) | cgi-fcgi () | memcached (3.0.0b1) | Zend OPcache (7.1.0) | Zend Engine (3.1.0-dev) |
Potential Missing Extensions :: mysql | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: com_wrapper (3.0.0) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.14) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.14) 1 | WF_POPUPS_WINDOW_TITLE (2.6.14) 1 | WF_LINK_SEARCH_TITLE (2.6.14) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.14) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.14) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.14) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.14) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.14) 1 | WF_LINK_TITLE (2.6.14) 1 | WF_CLIPBOARD_TITLE (2.6.14) 1 | WF_VISUALCHARS_TITLE (2.6.14) 1 | WF_FONTSIZESELECT_TITLE (2.6.14) 1 | WF_PREVIEW_TITLE (2.6.14) 1 | WF_FONTSELECT_TITLE (2.6.14) 1 | WF_FORMATSELECT_TITLE (2.6.14) 1 | WF_IMGMANAGER_TITLE (2.6.14) 1 | WF_PRINT_TITLE (2.6.14) 1 | WF_CHARMAP_TITLE (2.6.14) 1 | WF_VISUALBLOCKS_TITLE (2.6.14) 1 | WF_TABLE_TITLE (2.6.14) 1 | WF_NONBREAKING_TITLE (2.6.14) 1 | WF_SOURCE_TITLE (2.6.14) 1 | WF_BROWSER_TITLE (2.6.14) 1 | WF_EMOTIONS_TITLE (2.6.14) 1 | WF_TEXTCASE_TITLE (2.6.14) 1 | WF_CONTEXTMENU_TITLE (2.6.14) 1 | WF_LAYER_TITLE (2.6.14) 1 | WF_ARTICLE_TITLE (2.6.14) 1 | WF_INLINEPOPUPS_TITLE (2.6.14) 1 | WF_FULLSCREEN_TITLE (2.6.14) 1 | WF_SPELLCHECKER_TITLE (2.6.14) 1 | WF_STYLESELECT_TITLE (2.6.14) 1 | WF_SEARCHREPLACE_TITLE (2.6.14) 1 | WF_LISTS_TITLE (2.6.14) 1 | WF_AUTOSAVE_TITLE (2.6.14) 1 | WF_FONTCOLOR_TITLE (2.6.14) 1 | WF_DIRECTIONALITY_TITLE (2.6.14) 1 | WF_STYLE_TITLE (2.6.14) 1 | WF_HR_TITLE (2.6.14) 1 | WF_CLEANUP_TITLE (2.6.14) 1 | WF_ANCHOR_TITLE (2.6.14) 1 | WF_KITCHENSINK_TITLE (2.6.14) 1 | WF_MEDIA_TITLE (2.6.14) 1 | WF_XHTMLXTRAS_TITLE (2.6.14) 1 | com_mailto (3.0.0) 1 | User (1.5.0) 1 |
Components :: ADMIN :: com_cpanel (3.0.0) 1 | Contact Items (1.0.0) 1 | com_jhackguard (2.0.2) 1 | com_contenthistory (3.2.0) 1 | Polls (1.5.0) 1 | com_plugins (3.0.0) 1 | com_fields (3.7.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_templates (3.0.0) 1 | com_menus (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_banners (3.0.0) 1 | com_login (3.0.0) 1 | com_tags (3.1.0) 1 | com_cache (3.0.0) 1 | com_finder (3.0.0) 1 | com_modules (3.0.0) 1 | com_admin (3.0.0) 1 | com_media (3.0.0) 1 | COM_JCE (2.6.14) 1 | com_ajax (3.2.0) 1 | com_search (3.0.0) 1 | com_content (3.0.0) 1 | Frontpage (1.5.0) 1 | COM_SPUPGRADE (4.1.5) 1 | com_postinstall (3.2.0) 1 | com_users (3.0.0) 1 | Mass Mail (1.5.0) 1 | com_redirect (3.0.0) 1 | Weblinks (1.5.0) 1 | Trash (1.0.0) 1 | com_config (3.0.0) 1 | com_checkin (3.0.0) 1 |



Plugins :: SITE :: XML-RPC - Joomla API (1.0) 1 | XML-RPC - Blogger API (1.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_cache (3.0.0) 0 | plg_system_p3p (3.0.0) 0 | System - SEF (1.5) 1 | plg_system_remember (3.0.0) 1 | System - Debug (1.5) 1 | System - Remember Me (1.5) 1 | plg_system_fields (3.7.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) 1 | System - Cache (1.5) 1 | plg_system_languagecode (3.0.0) 0 | System - Mootools Upgrade (1.5) 1 | plg_system_updatenotification (3.5.0) 1 | System - Log (1.5) 1 | plg_system_log (3.0.0) 1 | Akeeba Backup Lazy Scheduling (3.3) 1 | JHackGuard Plugin (2.0.4) 1 | System - Backlinks (1.5) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_jce (2.6.14) 1 | plg_system_debug (3.0.0) 1 | System - Legacy (1.5) 1 | plg_system_logout (3.0.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | Content - Pagebreak (1.5) 1 | Content - Example (1.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_emailcloak (3.0.0) 1 | Content - Code Highlighter (Ge (1.5) 1 | plg_content_vote (3.0.0) 1 | Content - Email Cloaking (1.5) 1 | plg_content_finder (3.0.0) 0 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_jce (2.6.14) 1 | Content - Load Modules (1.5) 1 | Content - Vote (1.5) 1 | Content - Page Navigation (1.5) 1 | plg_content_pagebreak (3.0.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_jce (2.6.14) 1 | plg_editors-xtd_image (3.0.0) 1 | Button - Pagebreak (1.5) 1 | plg_editors-xtd_fields (3.7.0) 1 | Button - Image (1.0.0) 1 | Button - Readmore (1.5) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 0 | plg_editors_tinymce (4.5.6) 1 | plg_editors_codemirror (5.25.2) 1 | Editor - JCE 1.5.6 (1.5.6) 1 | Editor - TinyMCE 3 (3.2.6) 1 | plg_editors_jce (2.6.14) 1 | Template Manager (1.5.5) 1 | Paste (1.5.6) 1 | Image Manager (1.5.2) 1 | File Manager (1.5.2) 1 | Image Manager Extended (1.5.5) 1 | File Browser (1.5.0 Stable) 1 | Media Manager (1.5.4) 1 | Paste (1.5.0) 1 | Advanced Code Editor (1.5.6) 1 | SpellChecker (2.0.0) 1 | Joomla! Links for Advanced Lin (1.2.1) 1 | Advanced Link (1.5.1) 1 | Object Support (1.5.1) 1 | Editor - XStandard Lite for Jo (1.0) 1 | Search - Content (1.5) 1 | Search - Contacts (1.5) 1 | plg_search_categories (3.0.0) 1 | plg_search_content (3.0.0) 1 | Search - Weblinks (1.5) 1 | plg_search_contacts (3.0.0) 1 | plg_search_tags (3.0.0) 1 | Search - Sections (1.5) 1 | Search - Newsfeeds (1.5) 1 | plg_search_newsfeeds (3.0.0) 1 | Search - Categories (1.5) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_extension_jce (2.6.14) 1 | Authentication - Example (1.5) 1 | Authentication - Joomla (1.5) 1 | plg_authentication_joomla (3.0.0) 1 | Authentication - OpenID (1.5) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_ldap (3.0.0) 0 | Authentication - LDAP (1.5) 1 | Authentication - GMail (1.5) 1 | plg_authentication_cookie (3.0.0) 1 | User - Example (1.0) 1 | User - Joomla! (1.5) 1 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_contactcreator (3.0.0) 0 | jPlugin (1.0.3) 1 |

Templates :: SITE :: IEHI2 (1.0) 1 | IEHI3 (1.0) 1 | jTemplate (1.0.3) 1 | IEHI3a (1.0) 1 | IEHI (1.0) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: jTemplate (1.0.3) 1 | isis (1.0) 1 | hathor (3.0.0) 1 | Khepri (1.0) 1 |

[mandville]

Mod comment. Relocated to j1.5 forum

[bevco]

Why is the FPA saying 1.5 when I am using Joomla 3.7.2???

[mandville]

It clearly says on your fpa report.

Basic Environment :: wrote:
Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5

[bevco]

I do not understand why it is saying 1.5 my admin shows 3.7.2 - attaching clip

What do I need to do now?

[dhuelsmann]

I don't think a 1.5 site can run on php 7.1

[bevco]

I am not running a 1.5 site. I have updated it and it is 3.7.2. I don't understand why the FPA says it is 1.5????
\The site has been updated several times since 1.5.

[bevco]

Hmmm....I just checked and several of my sites show the 3.7.2 version of Joomla in the fpa, but 3 of them which are also 3.7.2 show 1.5.23. Why would this be???

I am getting more and more confused

[Webdongle]

FTP Layer: 1 should be 0 (zero). ftp layer is not needed when the Ownership is correct.

Have you checked the extension in the vel yet ?

[bevco]

FTP Layer: 1 should be 0 (zero). ftp layer is not needed when the Ownership is correct.

Have you checked the extension in the vel yet ?

Changed the ftp - missed that one. Usually keep it off.

The only extension I am using in this site is JCE Editor and it is not on the vel list.

But why is the FPA showing the wrong version of Joomla on several sites??

[Webdongle]

It might be easier for you to rebuild the site (with fresh files) on localhost before deleting all the files from the server. If you do that then put your sites off line until you are ready to delete the files from the server.

[bevco]

OK - we are having a problem with our local host server php, but guess will have to do that as soon as we get it fixed.

Would going with MyJoomla or RSFirewall correct this without having to rebuild?

[websitedons]

... or RSFirewall correct this without having to rebuild?

You would be on the right path by now if you consulted with RSFirewall. Those guys know everything.

[Webdongle]

...
Would going with MyJoomla or RSFirewall correct this without having to rebuild?

MyJoomla has a good reputation and should be able to clean your server. If you want a professional service I would highly recommend you use them. Not sure if RsJoomla provide a service to clean hacked sites.

[bevco]

Thanks!

Any idea why the FPA shows the incorrect version of Joomla??