Hacked again with malicious pop ups

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
Blackcab
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Nov 18, 2017 5:53 pm

Hacked again with malicious pop ups

Post by Blackcab » Sat Nov 18, 2017 6:12 pm

Please help me as my site continues to be hacked with some sort of malicious pop ups and opens up lots of diffrent web pages when you click any where on the home page or any other page.
Have reinstalled site from many diffrent backs and have RSFirewall installed giving me a reading of 100.
Below is my forum assistant details.
Forum Post Assistant (v1.3.6) : 18th November 2017 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.8.2-Stable (Amani) 7-November-2017
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.8
Configuration Options :: Offline: 1 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 1 | CacheTime: 30 | CacheHandler: file | CachePlatformPrefix: 1 | FTP Layer: 0 | Proxy: 0 | LiveSite: | Session lifetime: 15 | Session handler: none | Shared sessions: 0 | SSL: 2 | FrontEdit: 1 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | dbConnection Type: mysqli | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.83 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate, br | Doc Root: --protected-- | System TMP Writable: Yes

PHP Configuration :: Version: 7.1.5 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 32759 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/sites/j/justdawah.org/public_html:/tmp:/var/sites/j/justdawah.org/public_html/tmp:/var/sites/j/justdawah.org/public_html/logs | Uploads: 1 | Max. Upload Size: 100M | Max. POST Size: 100M | Max. Input Time: 6000 | Max. Execution Time: 60 | Memory Limit: 768M

MySQL Configuration :: Version: 5.7.17 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 30.34 MiB | #of Tables: 94
Detailed Environment :: wrote:PHP Extensions :: Core (7.1.5) | date (7.1.5) | libxml (7.1.5) | openssl (7.1.5) | pcre (7.1.5) | sqlite3 (0.7-dev) | zlib (7.1.5) | bcmath (7.1.5) | calendar (7.1.5) | ctype (7.1.5) | curl (7.1.5) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.5) | ftp (7.1.5) | gd (7.1.5) | gettext (7.1.5) | SPL (7.1.5) | iconv (7.1.5) | session (7.1.5) | intl (1.1.0) | json (1.5.0) | ldap (7.1.5) | mbstring (7.1.5) | mcrypt (7.1.5) | standard (7.1.5) | imap (7.1.5) | memcached (3.0.3) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $) | mysqli (7.1.5) | PDO (7.1.5) | pdo_mysql (7.1.5) | pdo_pgsql (7.1.5) | pdo_sqlite (7.1.5) | pgsql (7.1.5) | Phar (2.0.2) | posix (7.1.5) | Reflection (7.1.5) | SimpleXML (7.1.5) | soap (7.1.5) | sockets (7.1.5) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | tidy (7.1.5) | tokenizer (7.1.5) | xml (7.1.5) | xmlreader (7.1.5) | xmlrpc (7.1.5) | xmlwriter (7.1.5) | xsl (7.1.5) | zip (1.13.5) | cgi-fcgi () | Zend Engine (3.1.0) |
Potential Missing Extensions :: mysql | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 236678 | Threads: 88 | Questions: 786709447 | Slow queries: 0 | Opens: 35579510 | Flush tables: 1 | Open tables: 1984 | Queries per second avg: 3323.965 |
Extensions Discovered :: wrote:Components :: SITE :: WF_LAYER_TITLE (2.6.20) 1 | WF_TABLE_TITLE (2.6.20) 1 | WF_AUTOSAVE_TITLE (2.6.20) 1 | WF_FONTSELECT_TITLE (2.6.20) 1 | WF_ANCHOR_TITLE (2.6.20) 1 | WF_DIRECTIONALITY_TITLE (2.6.20) 1 | WF_CLIPBOARD_TITLE (2.6.20) 1 | WF_HR_TITLE (2.6.20) 1 | WF_EMOTIONS_TITLE (2.6.20) 1 | WF_TEXTPATTERN_TITLE (2.6.20) 1 | WF_LISTS_TITLE (2.6.20) 1 | WF_ARTICLE_TITLE (2.6.20) 1 | WF_XHTMLXTRAS_TITLE (2.6.20) 1 | WF_FULLSCREEN_TITLE (2.6.20) 1 | WF_TEMPLATEMANAGER_TITLE (2.6.20) 1 | WF_TEXTCASE_TITLE (2.6.20) 1 | WF_PREVIEW_TITLE (2.6.20) 1 | WF_INLINEPOPUPS_TITLE (2.6.20) 1 | WF_BROWSER_TITLE (2.6.20) 1 | WF_CONTEXTMENU_TITLE (2.6.20) 1 | WF_FILEMANAGER_TITLE (2.6.20) 1 | WF_SOURCE_TITLE (2.6.20) 1 | WF_KITCHENSINK_TITLE (2.6.20) 1 | WF_VISUALCHARS_TITLE (2.6.20) 1 | WF_CHARMAP_TITLE (2.6.20) 1 | WF_IFRAME_TITLE (2.6.20) 1 | WF_IMGMANAGER_TITLE (2.6.20) 1 | WF_LINK_TITLE (2.6.20) 1 | WF_STYLESELECT_TITLE (2.6.20) 1 | WF_SPELLCHECKER_TITLE (2.6.20) 1 | WF_CLEANUP_TITLE (2.6.20) 1 | WF_MEDIAMANAGER_TITLE (2.6.20) 1 | WF_MEDIA_TITLE (2.6.20) 1 | WF_SEARCHREPLACE_TITLE (2.6.20) 1 | WF_PRINT_TITLE (2.6.20) 1 | WF_FONTSIZESELECT_TITLE (2.6.20) 1 | WF_FORMATSELECT_TITLE (2.6.20) 1 | WF_STYLE_TITLE (2.6.20) 1 | WF_FONTCOLOR_TITLE (2.6.20) 1 | WF_NONBREAKING_TITLE (2.6.20) 1 | WF_VISUALBLOCKS_TITLE (2.6.20) 1 | WF_MICRODATA_TITLE (2.6.20) 1 | WF_CAPTION_TITLE (2.6.20) 1 | WF_IMGMANAGER_EXT_TITLE (2.6.20) 1 | WF_POPUPS_WINDOW_TITLE (2.6.20) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.20) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.20) 1 | WF_LINK_SEARCH_TITLE (2.6.20) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.20) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.20) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.20) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.20) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.20) 1 | com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
Components :: ADMIN :: com_weblinks (3.6.0) 1 | com_admin (3.0.0) 1 | COM_JCE (2.6.20) 1 | com_ajax (3.2.0) 1 | com_joomlaupdate (3.6.2) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_login (3.0.0) 1 | com_media (3.0.0) 1 | com_content (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_menus (3.0.0) 1 | RSFirewall! (2.11.10) 1 | com_newsfeeds (3.0.0) 1 | com_templates (3.0.0) 1 | com_modules (3.0.0) 1 | com_redirect (3.0.0) 1 | Akeeba (5.6.0) 1 | com_finder (3.0.0) 1 | com_languages (3.0.0) 1 | com_associations (3.7.0) 1 | com_gantry5 (5.4.19) 1 | com_config (3.0.0) 1 | com_users (3.0.0) 1 | com_banners (3.0.0) 1 | com_tags (3.1.0) 1 | com_fields (3.7.0) 1 | com_plugins (3.0.0) 1 | COM_GANTRY (4.1.33) 1 | com_cache (3.0.0) 1 | com_installer (3.0.0) 1 | com_search (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_checkin (3.0.0) 1 | com_cpanel (3.0.0) 1 |

Modules :: SITE :: mod_tags_popular (3.1.0) 1 | mod_languages (3.5.0) 1 | mod_menu (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_syndicate (3.0.0) 1 | RokNavMenu (2.0.9) 1 | mod_tags_similar (3.1.0) 1 | mod_footer (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_gantry5_particle (5.4.19) 1 | mod_weblinks (3.6.0) 1 | mod_users_latest (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_login (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_search (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_articles_category (3.0.0) 1 |
Modules :: ADMIN :: mod_latest (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_version (3.0.0) 1 | mod_status (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_quickicon (3.0.0) 1 | RSFirewall! Control Panel Modu (1.4.0) 1 | mod_sampledata (3.8.0) 1 | mod_feed (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_title (3.0.0) 1 | mod_login (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_toolbar (3.0.0) 1 |

Plugins :: SITE :: plg_finder_contacts (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_fields (3.7.0) 1 | PLG_SYS_ADMINEXILE (3.14) 1 | plg_system_languagefilter (3.0.0) 0 | System - Gantry 4 (4.1.33) 1 | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) 1 | plg_system_jce (2.6.20) 1 | plg_system_p3p (3.0.0) 1 | plg_system_remember (3.0.0) 1 | System - RSFirewall! Active Sc (1.4.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_ossystem (1.3.0) 1 | plg_system_languagecode (3.0.0) 1 | plg_system_redirect (3.0.0) 0 | System - JCE MediaBox (1.2.9) 1 | plg_system_gantry5 (5.4.19) 1 | plg_system_debug (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_cache (3.0.0) 1 | plg_system_log (3.0.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_user_profile (3.0.0) 1 | plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_finder (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_[youtube] (3.3.3) 1 | PLG_CONTENT_OSVIMEO (1.3.4) 1 | plg_content_jce (2.6.20) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_gantry5 (5.4.19) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_akeebabackup (1.0) 0 | plg_twofactorauth_totp (3.2.0) 1 | plg_twofactorauth_yubikey (3.2.0) 1 | plg_gantry5_preset (5.4.19) 0 | plg_authentication_gmail (3.0.0) 1 | plg_authentication_ldap (3.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_extension_jce (2.6.20) 1 | plg_editors_tinymce (4.5.7) 1 | plg_editors_jce (2.6.20) 1 | plg_editors_codemirror (5.30.0) 1 | plg_installer_jce (2.6.20) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_rsfirewall (1.0.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_menu (3.7.0) 1 |
Templates Discovered :: wrote:Templates :: SITE :: rt_anacron (1.5) 1 | protostar (1.0) 1 | beez3 (3.1.0) 1 | rt_callisto (1.3.6) 1 |
Templates :: ADMIN :: isis (1.0) 1 | hathor (3.0.0) 1 |

Blackcab
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Nov 18, 2017 5:53 pm

Re: Hacked again with malicious pop ups

Post by Blackcab » Sat Nov 18, 2017 7:36 pm

also got my host to scan site and he got the following results but was unable to help further as they are not competent in Joomla.

/public_html/administrator/cache/_system/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-_system-a16b6b2c05a6f213376b5eadc5127cdc.php -> VERY LONG LINE
./public_html/administrator/cache/com_plugins/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-com_plugins-2d193d04163a1efdc06e385768081ed2.php -> VERY LONG LINE
./public_html/cache/Gantry/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-Gantry-31f1a58312143532f268999fa87295ec.php -> VERY LONG LINE
./public_html/cache/Gantry/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-Gantry-3d69832e0b0349390eae68143c435017.php -> VERY LONG LINE
./public_html/cache/GantryLess/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-GantryLess-195bb7f7d842343a2e9adc91a40b2486.php -> VERY LONG LINE
./public_html/cache/GantryLess/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-GantryLess-320a2ce6a04317b8711b6b48c0a576b8.php -> VERY LONG LINE
./public_html/cache/GantryLess/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-GantryLess-4ef5e68967ba4b775939fca4337421db.php -> VERY LONG LINE
./public_html/cache/GantryLess/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-GantryLess-a53240d105437ac3a84467c7b3cce9d2.php -> VERY LONG LINE
./public_html/cache/_system/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-_system-a16b6b2c05a6f213376b5eadc5127cdc.php -> VERY LONG LINE
./public_html/cache/com_menus/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-com_menus-a4cb40233f0ac4f4c7ef1da889bbc90d.php -> VERY LONG LINE
./public_html/cache/com_plugins/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-com_plugins-da0198e06870d5f3df25e5b18aff72fa.php -> VERY LONG LINE
./public_html/cache/com_templates/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-com_templates-b55299c8c1e497551e1430e4f3b9ed73.php -> VERY LONG LINE
./public_html/cache/mod_roknavmenu/1c70b2cf00a9c4b7b2ecaaf898e35cc1-cache-mod_roknavmenu-f84522ccf0e96f4ffd4f8243c4078968.php -> VERY LONG LINE
./public_html/libraries/vendor/composer/autoload_classmap.php -> ntlm_sasl_client.php -> VERY LONG LINE

Hits: 14

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Hacked again with malicious pop ups

Post by fcoulter » Sat Nov 18, 2017 8:52 pm

These look like they are normal cache files to me, nothing to do with being hacked.

If you are being repeatedly hacked it probably means that when you clean your site you are leaving behind some malicious files that are allowing the hacker back in. This can happen if you rely on scans to find malicious files, because it is very hard to find all of them.

I suggest that you follow the advice here and clean everything. viewtopic.php?f=714&t=946026
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

Blackcab
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Nov 18, 2017 5:53 pm

Re: Hacked again with malicious pop ups

Post by Blackcab » Sat Nov 18, 2017 9:45 pm

Ok will do a fresh install and link to database.
Have been using akeeba back ups going back over a year
found out site is infected with the .pub2srv. malware
apparently lot of people getting it especially on wp .So im thinking if this affects the database in joomla then its time for a total fresh start. Also seems like a lot of the people affected are using same host as myself.
thanks for your help

Blackcab
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Nov 18, 2017 5:53 pm

Re: Hacked again with malicious pop ups

Post by Blackcab » Sun Nov 19, 2017 12:10 am

ok quick update after looking at the database found this script at the top of so many pages.
so a database back up is out of the question but cant find where the sql was injected.

[redacted]

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1685
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Hacked again with malicious pop ups

Post by fcoulter » Sun Nov 19, 2017 12:41 am

Please don't post malware scripts.

It may not be in the database, it may be in your template or in a hacked plugin.

It is why the advice above is to thoroughly clean your file-system first, not to try to "cherry-pick" by just removing the obvious script.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

frostmakk
Joomla! Explorer
Joomla! Explorer
Posts: 262
Joined: Sun Dec 28, 2014 9:30 am
Location: Stavanger, Norway

Re: Hacked again with malicious pop ups

Post by frostmakk » Sun Nov 19, 2017 7:10 am

There is something unusual in the database, because nearly all the templates are set to default according to the FPA.
(Bold underlined. New feature in FPA v1.3.6).

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15155
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Hacked again with malicious pop ups

Post by mandville » Sun Nov 19, 2017 9:36 am

They could be assigned templates but they are still out of date
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
portable mini golf https://www.puttersminigolf.co.uk/

frostmakk
Joomla! Explorer
Joomla! Explorer
Posts: 262
Joined: Sun Dec 28, 2014 9:30 am
Location: Stavanger, Norway

Re: Hacked again with malicious pop ups

Post by frostmakk » Sun Nov 19, 2017 10:45 am

To my knowledge template assignment is done in the menu items, and can be found in the template_style_id field in the #__menu table.
The FPA collects the home value in #__template_styles table, so i will still argue that all the templates are set to default.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 31138
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Hacked again with malicious pop ups

Post by Per Yngve Berg » Sun Nov 19, 2017 10:59 am

Are you sure it does not mean it's enabled in the #_extensions table?

frostmakk
Joomla! Explorer
Joomla! Explorer
Posts: 262
Joined: Sun Dec 28, 2014 9:30 am
Location: Stavanger, Norway

Re: Hacked again with malicious pop ups

Post by frostmakk » Sun Nov 19, 2017 12:44 pm

I wrote the code, so i am quite sure what it mean. ;)
The black number 1 or 0 behind the extension name and version is the enabled/disabled flag.
A template name in bold underlined is set to default template.
Blue extensions are core, brown are 3rdP.

Blackcab
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Nov 18, 2017 5:53 pm

Re: Hacked again with malicious pop ups

Post by Blackcab » Sun Nov 19, 2017 2:43 pm

Thanks for all the feedback.


Locked

Return to “Security in Joomla! 3.x”