Hackers sending SPAM from my site
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Hackers sending SPAM from my site
I am using Joomla 3.7.2, have changed all passwords and usernames, reloaded the sites from a backup before this started, added jHackguard to the sites, made sure nothing is writable and checked the sites with Sucuri Site Check and IsItHacked? And still somehow they are inserting php files in various folders (not always the same ones) - that are unwritable - that are sending out SPAM. Sometimes my ISP is able to catch the emails before they go out and deletes thousands of them at a time. This is happening on 3 of our 13 sites and there is no addon only used by those 3 sites. It also seemed to happen when our ISP moved to a cloud server.....I don't know what else to do.
Any suggestions will be very welcome!
Bev
Any suggestions will be very welcome!
Bev
Bev
Mt Garfield Software
Mt Garfield Software
- websitedons
- I've been banned!
- Posts: 389
- Joined: Sat May 27, 2017 9:42 am
Re: Hackers sending SPAM from my site
Does JHackguard or Sucuri check file integrity or scan for recently changed files? If not, get RSFirewall. The hackers may have placed files deep within your system directories and are able to get in via those files. It's also possible that they placed files in the hosting root, (outside public_html or htdocs).
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
There are a lot of things that you missed
Please see viewtopic.php?f=714&t=946026 and the pages it links to. Your backup files could be hacked or you have a vulnerable extension or ...
Please see viewtopic.php?f=714&t=946026 and the pages it links to. Your backup files could be hacked or you have a vulnerable extension or ...
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
My ISP found and deleted some of the files and I have found a couple more - buried deep. I do believe that IsItHacked watches for Spam links, but somehow they are getting through anyway. I will look into RSFirewall....
Bev
Mt Garfield Software
Mt Garfield Software
- toivo
- Joomla! Master
- Posts: 17431
- Joined: Thu Feb 15, 2007 5:48 am
- Location: Sydney, Australia
Re: Hackers sending SPAM from my site
In addition to cleaning your site properly, based on the instructions in the sticky post viewtopic.php?f=714&t=757645 and Webdongle's recovery instructions, you should check out Admin Tools from JED - https://extensions.joomla.org/extension/admin-tools - and the myJoomla.com service at https://myjoomla.com, where the first scan is free.
Toivo Talikka, Global Moderator
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
Thanks! Will check these out and try one as soon as I find out which sites are now being hit the most. Try one at a time
Bev
Mt Garfield Software
Mt Garfield Software
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
Step #C of viewtopic.php?f=714&t=946026 means all the files not just the files of one site. Still waiting for step #Abevco wrote:...as soon as I find out which sites are now being hit the most. Try one at a time
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
I have been finding strange files and deleting them - will get to the above asap. Thanks!
Bev
Mt Garfield Software
Mt Garfield Software
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
OK - I tried to install the FPA and got the message "JInstaller: :Install: Can't find XML setup file."
Bev
Mt Garfield Software
Mt Garfield Software
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
Deleting strange files is not enough. Every file you find and delete the hackers will probably upload another 3.bevco wrote:I have been finding strange files and deleting them - will get to the above asap. ...
Yes hackers plural ... once a hacker has found a weakness in your site they post the vulnerability on hack forums. Then other hackers use it to put their own hack files on. There will be hack files all over the server and in genuine files. Cherry picking files to delete will just have you running around in circles. Unless you hire a professional to clean your site then your only viable option is to delete ALL the files after running the fpa.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
The fpa is not installed into Joomla. You unzip the file and ftp fpa-en.php to the server and point your browser atbevco wrote:OK - I tried to install the FPA and got the message "JInstaller: :Install: Can't find XML setup file."
Code: Select all
http://www.yoursite.com/fpa-en.php
Last edited by fcoulter on Mon Jun 12, 2017 9:45 am, edited 1 time in total.
Reason: broke link - there is an actual site at yoursite.com so lets not give them any free links
Reason: broke link - there is an actual site at yoursite.com so lets not give them any free links
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
I tried to post the code but get the message
Your message contains 20621 characters.
The maximum number of allowed characters is 20000.
now what?
Your message contains 20621 characters.
The maximum number of allowed characters is 20000.
now what?
Bev
Mt Garfield Software
Mt Garfield Software
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
Put it in a file and attach it ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
This is without plugins
Forum Post Assistant (v1.3.0) : 12th June 2017 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 3.16.0-4-amd64 | Technology: x86_64 | Web Server: Apache/2.4.10 (Debian) | Encoding: gzip, deflate | Doc Root: /var/www/iehiministries.org/web | System TMP Writable: Yes
PHP Configuration :: Version: 7.1.0 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/clients/client11/web20/web:/var/www/clients/client11/web20/private:/var/www/clients/client11/web20/tmp:/var/www/iehiministries.org/web:/srv/www/iehiministries.org/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.5.5-10.0.30-MariaDB-0+deb8u2 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.40 MiB | #of Tables: 83Detailed Environment :: wrote:PHP Extensions :: Core (7.1.0) | date (7.1.0) | libxml (7.1.0) | openssl (7.1.0) | pcre (7.1.0) | sqlite3 (0.7-dev) | zlib (7.1.0) | bcmath (7.1.0) | bz2 (7.1.0) | calendar (7.1.0) | ctype (7.1.0) | curl (7.1.0) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.0) | ftp (7.1.0) | gd (7.1.0) | gettext (7.1.0) | SPL (7.1.0) | iconv (7.1.0) | session (7.1.0) | json (1.5.0) | mbstring (7.1.0) | mcrypt (7.1.0) | standard (7.1.0) | pcntl (7.1.0) | PDO (7.1.0) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | pdo_pgsql (7.1.0) | pdo_sqlite (7.1.0) | pgsql (7.1.0) | Phar (2.0.2) | posix (7.1.0) | Reflection (7.1.0) | imap (7.1.0) | SimpleXML (7.1.0) | soap (7.1.0) | sockets (7.1.0) | pdo_mysql (7.1.0) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | sysvsem (7.1.0) | sysvshm (7.1.0) | tokenizer (7.1.0) | xml (7.1.0) | xmlreader (7.1.0) | xmlrpc (7.1.0) | xmlwriter (7.1.0) | xsl (7.1.0) | zip (1.13.5) | mysqli (7.1.0) | cgi-fcgi () | memcached (3.0.0b1) | Zend OPcache (7.1.0) | Zend Engine (3.1.0-dev) |
Potential Missing Extensions :: mysql | suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.14) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.14) 1 | WF_POPUPS_WINDOW_TITLE (2.6.14) 1 | WF_LINK_SEARCH_TITLE (2.6.14) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.14) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.14) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.14) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.14) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.14) 1 | WF_LINK_TITLE (2.6.14) 1 | WF_CLIPBOARD_TITLE (2.6.14) 1 | WF_VISUALCHARS_TITLE (2.6.14) 1 | WF_FONTSIZESELECT_TITLE (2.6.14) 1 | WF_PREVIEW_TITLE (2.6.14) 1 | WF_FONTSELECT_TITLE (2.6.14) 1 | WF_FORMATSELECT_TITLE (2.6.14) 1 | WF_IMGMANAGER_TITLE (2.6.14) 1 | WF_PRINT_TITLE (2.6.14) 1 | WF_CHARMAP_TITLE (2.6.14) 1 | WF_VISUALBLOCKS_TITLE (2.6.14) 1 | WF_TABLE_TITLE (2.6.14) 1 | WF_NONBREAKING_TITLE (2.6.14) 1 | WF_SOURCE_TITLE (2.6.14) 1 | WF_BROWSER_TITLE (2.6.14) 1 | WF_EMOTIONS_TITLE (2.6.14) 1 | WF_TEXTCASE_TITLE (2.6.14) 1 | WF_CONTEXTMENU_TITLE (2.6.14) 1 | WF_LAYER_TITLE (2.6.14) 1 | WF_ARTICLE_TITLE (2.6.14) 1 | WF_INLINEPOPUPS_TITLE (2.6.14) 1 | WF_FULLSCREEN_TITLE (2.6.14) 1 | WF_SPELLCHECKER_TITLE (2.6.14) 1 | WF_STYLESELECT_TITLE (2.6.14) 1 | WF_SEARCHREPLACE_TITLE (2.6.14) 1 | WF_LISTS_TITLE (2.6.14) 1 | WF_AUTOSAVE_TITLE (2.6.14) 1 | WF_FONTCOLOR_TITLE (2.6.14) 1 | WF_DIRECTIONALITY_TITLE (2.6.14) 1 | WF_STYLE_TITLE (2.6.14) 1 | WF_HR_TITLE (2.6.14) 1 | WF_CLEANUP_TITLE (2.6.14) 1 | WF_ANCHOR_TITLE (2.6.14) 1 | WF_KITCHENSINK_TITLE (2.6.14) 1 | WF_MEDIA_TITLE (2.6.14) 1 | WF_XHTMLXTRAS_TITLE (2.6.14) 1 | com_mailto (3.0.0) 1 | User (1.5.0) 1 |
Components :: ADMIN :: com_cpanel (3.0.0) 1 | Contact Items (1.0.0) 1 | com_jhackguard (2.0.2) 1 | com_contenthistory (3.2.0) 1 | Polls (1.5.0) 1 | com_plugins (3.0.0) 1 | com_fields (3.7.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_templates (3.0.0) 1 | com_menus (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_banners (3.0.0) 1 | com_login (3.0.0) 1 | com_tags (3.1.0) 1 | com_cache (3.0.0) 1 | com_finder (3.0.0) 1 | com_modules (3.0.0) 1 | com_admin (3.0.0) 1 | com_media (3.0.0) 1 | COM_JCE (2.6.14) 1 | com_ajax (3.2.0) 1 | com_search (3.0.0) 1 | com_content (3.0.0) 1 | Frontpage (1.5.0) 1 | COM_SPUPGRADE (4.1.5) 1 | com_postinstall (3.2.0) 1 | com_users (3.0.0) 1 | Mass Mail (1.5.0) 1 | com_redirect (3.0.0) 1 | Weblinks (1.5.0) 1 | Trash (1.0.0) 1 | com_config (3.0.0) 1 | com_checkin (3.0.0) 1 |
Modules :: SITE :: Sections (1.5.0) 1 | mod_users_latest (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_finder (3.0.0) 1 | Most Read Content (1.5.0) 1 | mod_articles_archive (3.0.0) 1 | mod_languages (3.5.0) 1 | Menu (1.5.0) 1 | mod_articles_popular (3.0.0) 1 | Latest News (1.5.0) 1 | mod_footer (3.0.0) 1 | Poll (1.5.0) 1 | jModule (1.0.3) 1 | mod_custom (3.0.0) 1 | mod_search (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_menu (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | Newsflash (1.5.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_login (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_whosonline (3.0.0) 1 | Archived Content (1.5.0) 1 | mod_articles_category (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_feed (3.0.0) 1 |
Modules :: ADMIN :: Akeeba Backup Notification Mod (3.4.3) 1 | mod_latest (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_status (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_logged (3.0.0) 1 | Online Users (1.0.0) 1 | mod_title (3.0.0) 1 | Footer (1.0.0) 1 | jModule (1.0.3) 1 | mod_custom (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_quickicon (3.0.0) 1 | Unread Items (1.0.0) 1 | mod_login (3.0.0) 1 | Items Stats (1.0.0) 1 | mod_submenu (3.0.0) 1 | mod_version (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_toolbar (3.0.0) 1 |
Templates Discovered :: wrote:Templates :: SITE :: IEHI2 (1.0) 1 | IEHI3 (1.0) 1 | jTemplate (1.0.3) 1 | IEHI3a (1.0) 1 | IEHI (1.0) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: jTemplate (1.0.3) 1 | isis (1.0) 1 | hathor (3.0.0) 1 | Khepri (1.0) 1 |
Bev
Mt Garfield Software
Mt Garfield Software
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
This is without modules
Forum Post Assistant (v1.3.0) : 12th June 2017 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | FTP Layer: 1 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 3.16.0-4-amd64 | Technology: x86_64 | Web Server: Apache/2.4.10 (Debian) | Encoding: gzip, deflate | Doc Root: /var/www/iehiministries.org/web | System TMP Writable: Yes
PHP Configuration :: Version: 7.1.0 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/clients/client11/web20/web:/var/www/clients/client11/web20/private:/var/www/clients/client11/web20/tmp:/var/www/iehiministries.org/web:/srv/www/iehiministries.org/web:/usr/share/php5:/usr/share/php:/tmp:/usr/share/phpmyadmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/dev/random:/dev/urandom | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M
MySQL Configuration :: Version: 5.5.5-10.0.30-MariaDB-0+deb8u2 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 4.40 MiB | #of Tables: 83Detailed Environment :: wrote:PHP Extensions :: Core (7.1.0) | date (7.1.0) | libxml (7.1.0) | openssl (7.1.0) | pcre (7.1.0) | sqlite3 (0.7-dev) | zlib (7.1.0) | bcmath (7.1.0) | bz2 (7.1.0) | calendar (7.1.0) | ctype (7.1.0) | curl (7.1.0) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.0) | ftp (7.1.0) | gd (7.1.0) | gettext (7.1.0) | SPL (7.1.0) | iconv (7.1.0) | session (7.1.0) | json (1.5.0) | mbstring (7.1.0) | mcrypt (7.1.0) | standard (7.1.0) | pcntl (7.1.0) | PDO (7.1.0) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: d8daadaf41e3cd81d7c6ae96c6091fd15b2c9382 $) | pdo_pgsql (7.1.0) | pdo_sqlite (7.1.0) | pgsql (7.1.0) | Phar (2.0.2) | posix (7.1.0) | Reflection (7.1.0) | imap (7.1.0) | SimpleXML (7.1.0) | soap (7.1.0) | sockets (7.1.0) | pdo_mysql (7.1.0) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | sysvsem (7.1.0) | sysvshm (7.1.0) | tokenizer (7.1.0) | xml (7.1.0) | xmlreader (7.1.0) | xmlrpc (7.1.0) | xmlwriter (7.1.0) | xsl (7.1.0) | zip (1.13.5) | mysqli (7.1.0) | cgi-fcgi () | memcached (3.0.0b1) | Zend OPcache (7.1.0) | Zend Engine (3.1.0-dev) |
Potential Missing Extensions :: mysql | suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.14) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.14) 1 | WF_POPUPS_WINDOW_TITLE (2.6.14) 1 | WF_LINK_SEARCH_TITLE (2.6.14) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.14) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.14) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.14) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.14) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.14) 1 | WF_LINK_TITLE (2.6.14) 1 | WF_CLIPBOARD_TITLE (2.6.14) 1 | WF_VISUALCHARS_TITLE (2.6.14) 1 | WF_FONTSIZESELECT_TITLE (2.6.14) 1 | WF_PREVIEW_TITLE (2.6.14) 1 | WF_FONTSELECT_TITLE (2.6.14) 1 | WF_FORMATSELECT_TITLE (2.6.14) 1 | WF_IMGMANAGER_TITLE (2.6.14) 1 | WF_PRINT_TITLE (2.6.14) 1 | WF_CHARMAP_TITLE (2.6.14) 1 | WF_VISUALBLOCKS_TITLE (2.6.14) 1 | WF_TABLE_TITLE (2.6.14) 1 | WF_NONBREAKING_TITLE (2.6.14) 1 | WF_SOURCE_TITLE (2.6.14) 1 | WF_BROWSER_TITLE (2.6.14) 1 | WF_EMOTIONS_TITLE (2.6.14) 1 | WF_TEXTCASE_TITLE (2.6.14) 1 | WF_CONTEXTMENU_TITLE (2.6.14) 1 | WF_LAYER_TITLE (2.6.14) 1 | WF_ARTICLE_TITLE (2.6.14) 1 | WF_INLINEPOPUPS_TITLE (2.6.14) 1 | WF_FULLSCREEN_TITLE (2.6.14) 1 | WF_SPELLCHECKER_TITLE (2.6.14) 1 | WF_STYLESELECT_TITLE (2.6.14) 1 | WF_SEARCHREPLACE_TITLE (2.6.14) 1 | WF_LISTS_TITLE (2.6.14) 1 | WF_AUTOSAVE_TITLE (2.6.14) 1 | WF_FONTCOLOR_TITLE (2.6.14) 1 | WF_DIRECTIONALITY_TITLE (2.6.14) 1 | WF_STYLE_TITLE (2.6.14) 1 | WF_HR_TITLE (2.6.14) 1 | WF_CLEANUP_TITLE (2.6.14) 1 | WF_ANCHOR_TITLE (2.6.14) 1 | WF_KITCHENSINK_TITLE (2.6.14) 1 | WF_MEDIA_TITLE (2.6.14) 1 | WF_XHTMLXTRAS_TITLE (2.6.14) 1 | com_mailto (3.0.0) 1 | User (1.5.0) 1 |
Components :: ADMIN :: com_cpanel (3.0.0) 1 | Contact Items (1.0.0) 1 | com_jhackguard (2.0.2) 1 | com_contenthistory (3.2.0) 1 | Polls (1.5.0) 1 | com_plugins (3.0.0) 1 | com_fields (3.7.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_templates (3.0.0) 1 | com_menus (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_banners (3.0.0) 1 | com_login (3.0.0) 1 | com_tags (3.1.0) 1 | com_cache (3.0.0) 1 | com_finder (3.0.0) 1 | com_modules (3.0.0) 1 | com_admin (3.0.0) 1 | com_media (3.0.0) 1 | COM_JCE (2.6.14) 1 | com_ajax (3.2.0) 1 | com_search (3.0.0) 1 | com_content (3.0.0) 1 | Frontpage (1.5.0) 1 | COM_SPUPGRADE (4.1.5) 1 | com_postinstall (3.2.0) 1 | com_users (3.0.0) 1 | Mass Mail (1.5.0) 1 | com_redirect (3.0.0) 1 | Weblinks (1.5.0) 1 | Trash (1.0.0) 1 | com_config (3.0.0) 1 | com_checkin (3.0.0) 1 |
Plugins :: SITE :: XML-RPC - Joomla API (1.0) 1 | XML-RPC - Blogger API (1.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_cache (3.0.0) 0 | plg_system_p3p (3.0.0) 0 | System - SEF (1.5) 1 | plg_system_remember (3.0.0) 1 | System - Debug (1.5) 1 | System - Remember Me (1.5) 1 | plg_system_fields (3.7.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) 1 | System - Cache (1.5) 1 | plg_system_languagecode (3.0.0) 0 | System - Mootools Upgrade (1.5) 1 | plg_system_updatenotification (3.5.0) 1 | System - Log (1.5) 1 | plg_system_log (3.0.0) 1 | Akeeba Backup Lazy Scheduling (3.3) 1 | JHackGuard Plugin (2.0.4) 1 | System - Backlinks (1.5) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_jce (2.6.14) 1 | plg_system_debug (3.0.0) 1 | System - Legacy (1.5) 1 | plg_system_logout (3.0.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | Content - Pagebreak (1.5) 1 | Content - Example (1.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_emailcloak (3.0.0) 1 | Content - Code Highlighter (Ge (1.5) 1 | plg_content_vote (3.0.0) 1 | Content - Email Cloaking (1.5) 1 | plg_content_finder (3.0.0) 0 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_jce (2.6.14) 1 | Content - Load Modules (1.5) 1 | Content - Vote (1.5) 1 | Content - Page Navigation (1.5) 1 | plg_content_pagebreak (3.0.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_jce (2.6.14) 1 | plg_editors-xtd_image (3.0.0) 1 | Button - Pagebreak (1.5) 1 | plg_editors-xtd_fields (3.7.0) 1 | Button - Image (1.0.0) 1 | Button - Readmore (1.5) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 0 | plg_editors_tinymce (4.5.6) 1 | plg_editors_codemirror (5.25.2) 1 | Editor - JCE 1.5.6 (1.5.6) 1 | Editor - TinyMCE 3 (3.2.6) 1 | plg_editors_jce (2.6.14) 1 | Template Manager (1.5.5) 1 | Paste (1.5.6) 1 | Image Manager (1.5.2) 1 | File Manager (1.5.2) 1 | Image Manager Extended (1.5.5) 1 | File Browser (1.5.0 Stable) 1 | Media Manager (1.5.4) 1 | Paste (1.5.0) 1 | Advanced Code Editor (1.5.6) 1 | SpellChecker (2.0.0) 1 | Joomla! Links for Advanced Lin (1.2.1) 1 | Advanced Link (1.5.1) 1 | Object Support (1.5.1) 1 | Editor - XStandard Lite for Jo (1.0) 1 | Search - Content (1.5) 1 | Search - Contacts (1.5) 1 | plg_search_categories (3.0.0) 1 | plg_search_content (3.0.0) 1 | Search - Weblinks (1.5) 1 | plg_search_contacts (3.0.0) 1 | plg_search_tags (3.0.0) 1 | Search - Sections (1.5) 1 | Search - Newsfeeds (1.5) 1 | plg_search_newsfeeds (3.0.0) 1 | Search - Categories (1.5) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_extension_jce (2.6.14) 1 | Authentication - Example (1.5) 1 | Authentication - Joomla (1.5) 1 | plg_authentication_joomla (3.0.0) 1 | Authentication - OpenID (1.5) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_ldap (3.0.0) 0 | Authentication - LDAP (1.5) 1 | Authentication - GMail (1.5) 1 | plg_authentication_cookie (3.0.0) 1 | User - Example (1.0) 1 | User - Joomla! (1.5) 1 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_contactcreator (3.0.0) 0 | jPlugin (1.0.3) 1 |Templates Discovered :: wrote:Templates :: SITE :: IEHI2 (1.0) 1 | IEHI3 (1.0) 1 | jTemplate (1.0.3) 1 | IEHI3a (1.0) 1 | IEHI (1.0) 1 | protostar (1.0) 1 |
Templates :: ADMIN :: jTemplate (1.0.3) 1 | isis (1.0) 1 | hathor (3.0.0) 1 | Khepri (1.0) 1 |
Bev
Mt Garfield Software
Mt Garfield Software
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Hackers sending SPAM from my site
Mod comment. Relocated to j1.5 forum
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
Why is the FPA saying 1.5 when I am using Joomla 3.7.2???
Bev
Mt Garfield Software
Mt Garfield Software
- mandville
- Joomla! Master
- Posts: 15152
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: Hackers sending SPAM from my site
It clearly says on your fpa report.
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 1.5.23-Stable (senu takaa ama baji) 04-March-2011
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 1.5
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
I do not understand why it is saying 1.5 my admin shows 3.7.2 - attaching clip
What do I need to do now?
What do I need to do now?
You do not have the required permissions to view the files attached to this post.
Last edited by bevco on Mon Jun 12, 2017 4:55 pm, edited 1 time in total.
Bev
Mt Garfield Software
Mt Garfield Software
- dhuelsmann
- Joomla! Master
- Posts: 19659
- Joined: Sun Oct 02, 2005 12:50 am
- Location: Omaha, NE
- Contact:
Re: Hackers sending SPAM from my site
I don't think a 1.5 site can run on php 7.1
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
I am not running a 1.5 site. I have updated it and it is 3.7.2. I don't understand why the FPA says it is 1.5????
\The site has been updated several times since 1.5.
\The site has been updated several times since 1.5.
Bev
Mt Garfield Software
Mt Garfield Software
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
Hmmm....I just checked and several of my sites show the 3.7.2 version of Joomla in the fpa, but 3 of them which are also 3.7.2 show 1.5.23. Why would this be???
I am getting more and more confused
I am getting more and more confused
Bev
Mt Garfield Software
Mt Garfield Software
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
FTP Layer: 1 should be 0 (zero). ftp layer is not needed when the Ownership is correct.
Have you checked the extension in the vel yet ?
Have you checked the extension in the vel yet ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
Changed the ftp - missed that one. Usually keep it off.Webdongle wrote:FTP Layer: 1 should be 0 (zero). ftp layer is not needed when the Ownership is correct.
Have you checked the extension in the vel yet ?
The only extension I am using in this site is JCE Editor and it is not on the vel list.
But why is the FPA showing the wrong version of Joomla on several sites??
Bev
Mt Garfield Software
Mt Garfield Software
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
It might be easier for you to rebuild the site (with fresh files) on localhost before deleting all the files from the server. If you do that then put your sites off line until you are ready to delete the files from the server.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
OK - we are having a problem with our local host server php, but guess will have to do that as soon as we get it fixed.
Would going with MyJoomla or RSFirewall correct this without having to rebuild?
Would going with MyJoomla or RSFirewall correct this without having to rebuild?
Bev
Mt Garfield Software
Mt Garfield Software
- websitedons
- I've been banned!
- Posts: 389
- Joined: Sat May 27, 2017 9:42 am
Re: Hackers sending SPAM from my site
You would be on the right path by now if you consulted with RSFirewall. Those guys know everything.bevco wrote:... or RSFirewall correct this without having to rebuild?
- Webdongle
- Joomla! Master
- Posts: 44083
- Joined: Sat Apr 05, 2008 9:58 pm
Re: Hackers sending SPAM from my site
MyJoomla has a good reputation and should be able to clean your server. If you want a professional service I would highly recommend you use them. Not sure if RsJoomla provide a service to clean hacked sites.bevco wrote:...
Would going with MyJoomla or RSFirewall correct this without having to rebuild?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
-
- Joomla! Intern
- Posts: 74
- Joined: Fri Apr 09, 2010 4:17 pm
Re: Hackers sending SPAM from my site
Thanks!
Any idea why the FPA shows the incorrect version of Joomla??
Any idea why the FPA shows the incorrect version of Joomla??
Bev
Mt Garfield Software
Mt Garfield Software