Stop Hackers from Accessing Template index.php?

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
sawgore
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Oct 05, 2009 2:00 pm

Stop Hackers from Accessing Template index.php?

Post by sawgore » Mon Dec 05, 2016 7:41 pm

I keep getting code inserted into my website's index.php template file which causes the website to become blacklisted for malware.

Is there any way to lock down the template, even at the server level so that it can't be edited? I tried using an ftp program to change the permissions but it just gets reset back to writable again. I thought about using phpmyadmin but I can't say I know enough to start mucking about.

I plan on upgrading the CMS in the new year, but for now, I just need to lock it down until then. Thanks in advance.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5520
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Stop Hackers from Accessing Template index.php?

Post by sozzled » Mon Dec 05, 2016 7:51 pm

sawgore wrote:I plan on upgrading the CMS in the new year, but for now, I just need to lock it down until then.
This probably explains why you're getting hacked.

I have two questions for you:

1) Do you want to stop your website being hacked?
2) Are you willing to keep patching your site every time it gets hacked until you complete your upgrade plan?

There are costs associated with each of these. It depends on the cost—your time and/or your money—that you're prepared to invest. We can help (to some extent) depending on your answers and your willingness to follow our advice.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

sawgore
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Oct 05, 2009 2:00 pm

Re: Stop Hackers from Accessing Template index.php?

Post by sawgore » Mon Dec 05, 2016 10:29 pm

This probably explains why you're getting hacked.
Not sure what you mean by this but it comes across patronizing instead of helpful.

I'm just going to start from scratch on a new website in the new year (the design is old, as is the CMS). For now I just want to find a way to stop them from editing the template file. Anyone have any suggestions? Thanks.

User avatar
dhuelsmann
Joomla! Master
Joomla! Master
Posts: 19643
Joined: Sun Oct 02, 2005 12:50 am
Location: Omaha, NE
Contact:

Re: Stop Hackers from Accessing Template index.php?

Post by dhuelsmann » Mon Dec 05, 2016 10:34 pm

Webdongle wrote:Cleaning the site is easy ... just delete all the folders/files. Rebuilding the site is easy ... just install a fresh Joomla to a empty database and install 3rd party extensions then edit the configuration.php.

First make a backup of your database
Here is a summary of what you need to do

Before you ask what other user ask. No there is no real alternative ... you need to delete all folders/files.
  1. Run the fpa and post the results on here
  2. Uninstall any untrusted 3rd party extensions and Templates https://vel.joomla.org/live-vel
  3. Delete all the files on the server
  4. Scan your computer and all computers that have server or Joomla admin access
  5. Change Passwords
  6. Install Joomla (of the same version) to a new database. Install up to date 3rd party extensions (that are not on the VEL) then edit the configuration.php to connect to the original database. Update Joomla if you have and old version
  7. Change your Joomla SU/Admin Passwords and check the users/groups/access levels are correct and not been tampered with. Update your Joomla And run the fpa again
Step #f is simply installing Joomla and 3rd party extensions to an empty database so you get fresh files. Then connect the files to the database that has your data. That gives you your site back. The rest cleans the site and helps keep it secure.

Full details http://forum.joomla.org/viewtopic.php?f=714&t=757645
Regards, Dave
Past Treasurer Open Source Matters, Inc.
Past Global Moderator
http://www.kiwaniswest.org

mbabker
Joomla! Hero
Joomla! Hero
Posts: 2176
Joined: Sun Feb 28, 2010 8:26 pm

Re: Stop Hackers from Accessing Template index.php?

Post by mbabker » Tue Dec 06, 2016 12:24 am

The fact your template keeps getting modified after you cleaned it means you haven't cleaned the hack, you're just fixing the symptoms (and only partially at best). The hacker probably has uploaded a file onto your server that allows them to keep defacing your site, until you clean the hack fully you're going to keep having to play cleanup.

Follow the advice in the quoted post above, that will help you clean up as best as you are able. But be warned that Joomla 1.5 cannot be considered secure anymore and requires at least two out-of-cycle patches addressing high level vulnerabilities.
So long and thanks for all the fish.

Manually updating Joomla? See https://gist.github.com/mbabker/d7bfb4e ... 3607f89281

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5520
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Stop Hackers from Accessing Template index.php?

Post by sozzled » Tue Dec 06, 2016 12:27 am

@sawgore: I was not being "patronising" (and I don't appreciate that kind of characterisation). This kind of question arises thousands of times—as you would probably imagine—and so you're not alone.

You asked for help. I asked you two questions (neither of which you took the time to answer).

In reality you have a couple of choices if you want to stop your site being continually attacked. One way is to quantine your site, take it offline, and deal with the issues as @dhuelsmann outlines. The other way is to deal with the root cause of the problem—I believe it lies in using an outdated version of Joomla that has not been maintained—and bring the software up to date.

I really hope that some of our advice will help you. On the other hand, there is a third possibility that will occur and will guarantee that your site is never attacked again: your webhost will disable the site.

Good luck. 8)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 35248
Joined: Sat Apr 05, 2008 9:58 pm

Re: Stop Hackers from Accessing Template index.php?

Post by Webdongle » Tue Dec 06, 2016 12:31 am

sawgore wrote:
This probably explains why you're getting hacked.
Not sure what you mean by this but it comes across patronizing instead of helpful.
...
It means that not updating your software promptly was the most likely cause of you being hacked.


sawgore wrote:...
For now I just want to find a way to stop them from editing the template file. Anyone have any suggestions? Thanks.
dhuelsmann kindly quoted me with what you need to do. At step #b you will mot likely have problems because many of your 3rd party extensions will be vulnerable but not listed in JED
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

itoctopus
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4027
Joined: Mon Nov 25, 2013 4:35 pm
Location: Montreal, Canada
Contact:

Re: Stop Hackers from Accessing Template index.php?

Post by itoctopus » Tue Dec 06, 2016 12:33 am

Most likely you have at least one backdoor file on your website causing this - you will need to find it and remove it. You will also need to proceed with the unhacking instructions, and then update your Joomla website and extensions to the latest version (the thing is, old versions are not that easy to secure).

If your website is really small, then I suggest you recreate your website from scratch, it'll take less time to do so.
http://www.itoctopus.com - Joomla consulting at its finest
https://twitter.com/itoctopus - Follow us on Twitter


Post Reply

Return to “Security in Joomla! 1.5”