host keeps locking my index.php file

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

host keeps locking my index.php file

Post by antifmradio » Sat Aug 31, 2019 8:41 pm

Couple times now over a couple weeks i have recieved the same email from my hosting company.
A few minutes ago, our security systems detected unusual e-mail activity on your webspace.

Dispatch of the e-mails was initiated by the following files on your webspace:

~/Edited.com/edited/index.php

Details about the incident:

Sender: ( EDITED )
Date sent: 2019-08-29 09:05:18 UTC
Number of e-mails: 7
Number of delivery attempts: 16
Country of originating IP: 47.52.x.x (HK), 47.52.x.x (HK), 47.90.x.x (HK), 47.52.x.x (HK), 47.52.x.x (HK), 47.52.x.x (HK)
Recipient domain: gmail.com, qq.com, 163.com

To stop the sending of e-mails and prevent further misuse of your contract, we have locked the files listed above.
This deactivates my website and i just need to change permission on the index.php file.

A) I have the most updated version of Joomla
B) I have no additional or extra code in the index.php file

How do i prevent this from continuing?

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8056
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: host keeps locking my index.php file

Post by sozzled » Sat Aug 31, 2019 9:20 pm

Without knowing anything about your website (because you have chosen to not use the Forum Post Assistant tool), there are a couple of standout items from the description of situation presented to you by your webhosting provider.

The domain names qq.com and 163.com are well-known sources of spam traffic. My guess is that you have users who have registered with email addresses like xxxxxxx@qq.com or xxxxxxx@163.com and they're the source of the trouble.

How do you prevent this from happening in the future? Watch out for spam/disposable email addresses and don't allow them to register on your website. ;)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Sun Sep 01, 2019 1:08 pm

sozzled wrote:
Sat Aug 31, 2019 9:20 pm

The domain names qq.com and 163.com are well-known sources of spam traffic. My guess is that you have users who have registered with email addresses like xxxxxxx@qq.com or xxxxxxx@163.com...
Sozzled. i have checked my registered memebers. There is no one registered with these email domains or anything outside of Gmail.com.

GPA is posted below

Forum Post Assistant (v1.4.9 (lambrusca) : 1st September 2019 wrote:
Problem Description :: wrote:index.php keeps sending out unneeded emails. Host locks index.php
Log/Error Message :: wrote:acess denide :after host locks index.php"
Log/Error Message :: wrote:9-28-2019
Actions Taken To Resolve wrote:Inspect index.php for changes and nothing found
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.10-Stable (Amani) 10-July-2019
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: No | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 30 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.10: Yes | Database Supports J! 3.9.10: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | OS Version: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | Technology: Linux info 3.0 #1337 SMP Tue Jan 01 00:00:00 CEST 2000 all GNU/Linux | Web Server: Apache | Encoding: gzip | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 551.29 GiB |

PHP Configuration :: Version: 7.1.31 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22517 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: -1 | Max. Execution Time: 50000 | Memory Limit: -1

Database Configuration :: Version: 5.5.60-0+deb7u1-log (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | Host: --protected-- (--protected--) | default Collation: utf8_general_ci (default Character Set: utf8) | Database Size: 13.17 MiB | #of Tables:  221
Detailed Environment :: wrote:PHP Extensions :: Core (7.1.31) | date (7.1.31) | libxml (7.1.31) | openssl (7.1.31) | pcre (7.1.31) | sqlite3 (7.1.31) | zlib (7.1.31) | bcmath (7.1.31) | bz2 (7.1.31) | calendar (7.1.31) | ctype (7.1.31) | curl (7.1.31) | dba (7.1.31) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.31) | ftp (7.1.31) | gd (7.1.31) | gettext (7.1.31) | gmp (7.1.31) | SPL (7.1.31) | iconv (7.1.31) | session (7.1.31) | intl (1.1.0) | json (1.5.0) | mbstring (7.1.31) | mcrypt (7.1.31) | standard (7.1.31) | PDO (7.1.31) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | pdo_sqlite (7.1.31) | Phar (2.0.2) | posix (7.1.31) | Reflection (7.1.31) | imap (7.1.31) | shmop (7.1.31) | SimpleXML (7.1.31) | soap (7.1.31) | pdo_mysql (7.1.31) | exif (7.1.31) | tidy (7.1.31) | tokenizer (7.1.31) | wddx (7.1.31) | xml (7.1.31) | xmlreader (7.1.31) | xmlwriter (7.1.31) | xsl (7.1.31) | zip (1.13.5) | mysqli (7.1.31) | cgi-fcgi () | Zend Engine (3.1.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (705) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (705) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 1576342 | Threads: 2 | Questions: 814656782 | Slow queries: 334 | Opens: 20303223 | Flush tables: 1 | Open tables: 600 | Queries per second avg: 516.802 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: Default (4.6.0) ? | Shadow (4.3.5) ? |

Components :: ADMIN ::
Core :: com_admin (3.0.0) 1 | com_ajax (3.2.0) 1 | com_associations (3.7.0) 1 | com_banners (3.0.0) 1 | com_cache (3.0.0) 1 | com_categories (3.0.0) 1 | com_checkin (3.0.0) 1 | com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_cpanel (3.0.0) 1 | com_fields (3.7.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_login (3.0.0) 1 | com_media (3.0.0) 1 | com_menus (3.0.0) 1 | com_messages (3.0.0) 1 | com_modules (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_plugins (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_redirect (3.0.0) 1 | com_search (3.0.0) 1 | com_tags (3.1.0) 1 | com_templates (3.0.0) 1 | com_users (3.0.0) 1 | com_weblinks (3.0.0) 1 | com_actionlogs (3.9.0) 1 | com_privacy (3.9.0) 1 |
3rd Party:: AcyMailing (5.10.4) 1 | JXTC (3.4.0) ? | jxtceasyimage (1.5.3) 1 | JXTCREADINGLIST (1.3.1) ? | com_komento (1.7.5) 1 | com_j2xml (3.3.153.237) 1 | MusCol (3.0.6) 1 | com_advancedmodules (7.11.0) 1 | Community (4.6.0) 1 | Community (4.6.0) 1 | Akeeba (6.6.0) 1 |

Modules :: SITE ::
Core :: mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_search (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_tags_similar (3.1.0) 1 | mod_users_latest (3.0.0) 1 | mod_weblinks (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_wrapper (3.0.0) 1 |
3rd Party:: AcyMailing Module (3.7.0) 1 | JoomlaXTC Contact Wall (1.5.3) 1 | JoomlaXTC Easy Image Gallery (1.5.3) 1 | JoomlaXTC Easy Image Gallery Fancyb (1.0.0) ? | JoomlaXTC Easy Image Slideshow (1.5.3) 1 | JoomlaXTC Easy Image UnoSlider (1.5.3) 1 | JoomlaXTC HTML Module (1.0.3) 1 | JoomlaXTC Deluxe News Pro (3.66.0) 1 | Reading List (1.3.1) 0 | Reading List Information (1.3.1) 0 | JoomlaXTC Slide (1.2.0) 1 | Komento Activities (1.0.4) 1 | Komento Comments (1.0.7) 1 | Albums (3.0.2) 1 | Artists (3.0.0) 1 | Music Collection Letter Bar (3.0.0) 1 | Playlists (1.0.0) 1 | Music Collection Search Bars (3.0.0) 1 | Songs (3.0.0) 1 | JS Activity Stream (4.6.0) 1 | JS Discussions (4.6.0) 1 | JS Events (4.6.0) 1 | JS Events Calendar (4.6.0) 1 | JS Groups (4.6.0) 1 | JS Hello Me (4.6.0) 1 | JS Members (4.6.0) 1 | JS Members Search (4.6.0) 1 | JS Nearby Events Search (4.6.0) 1 | JS Notifications (4.6.0) 1 | JS Photo Comments (4.6.0) 1 | JS Photos (4.6.0) 1 | JS Statistics (4.6.0) 1 | JS Top Members (4.6.0) 1 | JS Video Comments (4.6.0) 1 | JS Videos (4.6.0) 1 | JS Toolbar (4.5.1) 1 |

Modules :: ADMIN ::
Core :: mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_stats_admin (3.0.0) 1 | mod_status (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_version (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_latestactions (3.9.0) 1 |
3rd Party::

Libraries ::
Core ::
3rd Party:: Regular Labs Library (19.4.18605) 1 | file_fof30 (3.4.5) ? |

Plugins ::
Core :: plg_authentication_cookie (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_captcha_recaptcha (3.4.0) 1 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_content_emailcloak (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_weblinks (3.0.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_webinstaller (2.0.1) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 0 | plg_search_weblinks (3.0.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_log (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_redirect (3.0.0) 1 | plg_system_remember (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_privacyconsent (3.9.0) 0 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_terms (3.9.0) 0 | plg_privacy_consents (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 |
3rd Party:: AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Manage text (1.0.0) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing table of contents genera (1.0.0) ? | AcyMailing Tag : CB User informatio (3.7.0) ? | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Tag : Subscriber informa (5.10.4) ? | AcyMailing Tag : Manage the Subscri (5.10.4) ? | AcyMailing Tag : Date / Time (5.10.4) 1 | AcyMailing Tag : Joomla User Inform (5.10.4) ? | AcyMailing Template Class Replacer (5.10.4) 1 | Reading List (1.3.1) 0 | PLG_COMMUNITY_ARTICLENOTIFICATIONS_ (4.6.0) ? | PLG_MUTUALFRIENDS_TITLE (4.6.0) 0 | PLG_MYARTICLES_TITLE (4.6.0) 0 | PLG_MYCONTACTS_TITLE (4.6.0) 0 | PLG_MYEVENTS_TITLE (4.6.0) 1 | PLG_MYFRIENDS_TITLE (4.6.0) 1 | PLG_FRIENDSLOCATION_TITLE (4.6.0) 0 | PLG_MYGOOGLEADS_TITLE (4.6.0) 0 | PLG_MYGROUPS_TITLE (4.6.0) 1 | PLG_KUNENA_TITLE (4.6.0) 0 | PLG_COMMUNITY_MYLATESTPHOTOS_TITLE (4.6.0) 0 | PLG_MYRSSFEEDS_TITLE (4.6.0) 0 | PLG_MYTAGGEDVIDEOS_TITLE (4.6.0) 0 | PLG_MYVIDEOS_TITLE (4.6.0) 0 | PLG_TWITTER_XML_TITLE (4.6.0) 0 | PLG_WALLS_TITLE (4.6.0) 1 | PLG_WORDFILTER_TITLE (4.6.0) 1 | JoomlaXTC Easy Image Gallery (1.5.3) 1 | JoomlaXTC Modal plugin (1.0.1) 1 | JoomlaXTC Reading List (1.3.1) 0 | JoomlaXTC Reading List for K2 (1.3.1) 0 | Content - Komento (1.0) 0 | Content - Show album (2.0.0) 0 | JomSocial Article Comments (4.6.0) 1 | JoomlaXTC [youtube] plugin (1.0.0) 1 | Content - Load [URL not permitted] (1.2) 1 | AcyMailing Editor (5.10.4) 1 | plg_editors_codemirror (5.40.0) 1 | plg_editors_tinymce (4.5.11) 1 | plg_fields_audio (1.0.0) 1 | plg_quickicon_akeebabackup (6.6.0) 1 | Search - Albums (2.2.2) 0 | JoomlaXTC xmenu (1.6.2) 1 | System - Komento (1.0) 0 | AcyMailing : (auto)Subscribe during (5.10.4) ? | PLG_SYSTEM_J2XML (3.4.34.64) 1 | System - Music Collection (3.0.1) 1 | plg_system_regularlabs (19.4.18605) 1 | plg_system_advancedmodules (7.11.0) 1 | System - JomSocial System (4.6.0) 1 | System - Jomsocial Chat Bar (4.6.0) 0 | System - Jomsocial Redirect (4.6.0) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK (6.6.0) 0 | PLG_SYSTEM_BACKUPONUPDATE (6.6.0) 0 | AcyMailing JCE integration (5.10.4) 1 | User - Komento Users (1.0.0) 0 | User - Jomsocial User (4.6.0) 1 | Music Collection Comments - Faceboo (1.0.1) ? | Music Collection Comments - Komento (1.0.3) 0 | Music Collection for Antifmradio (1.0.2) 1 | Muscol - JW Player (3.1.0) 1 | plg_actionlog_advancedmodules (7.11.0) 1 | PLG_ACTIONLOG_AKEEBABACKUP (6.6.0) 0 |
Templates Discovered :: wrote:Templates :: SITE :: Versant (1.0.4) 1 | beez3 (3.1.0) 1 | protostar (1.0) 1 | Versant (1.2.3) 1 | blog_box (1.0.1) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3689
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: host keeps locking my index.php file

Post by abernyte » Mon Sep 02, 2019 7:50 am

Out of date extensions, one of which, very out of date, previously appeared in the VEL and was subsequently patched. I hope your site is not compromised.
What we obtain too cheap, we esteem too lightly…Thomas Paine

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Mon Sep 02, 2019 2:02 pm

abernyte wrote:
Mon Sep 02, 2019 7:50 am
Out of date extensions, one of which, very out of date, previously appeared in the VEL and was subsequently patched. I hope your site is not compromised.

im trying to understand how to compare the VEL list against what i have installed.

also, THe host has again this morning locked the index.php file stating its for the same reason and even though i reset the file permissions its still showing ACCESS DENIED.
They are stating its because of the same emailing issue but i just loooked and there are NO new members joined because i turned off registration approval by the user and left it to the administrator.

So now the site is ACCESS DENIED (www.antifmradio.com/urb)
I can still get into the admin area.

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3689
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: host keeps locking my index.php file

Post by abernyte » Mon Sep 02, 2019 3:02 pm

Perhaps you should get your site scanned by a professional. https://myjoomla.guru/ do the initial scan for free.
What we obtain too cheap, we esteem too lightly…Thomas Paine

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Mon Sep 02, 2019 3:38 pm

abernyte wrote:
Mon Sep 02, 2019 3:02 pm
Perhaps you should get your site scanned by a professional. https://myjoomla.guru/ do the initial scan for free.
You mentioned out of date extensions. Where are you seeing on out of date?
Currently the only one i can not UPDATE via the notifications in Admin area is JomSocial

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3689
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: host keeps locking my index.php file

Post by abernyte » Mon Sep 02, 2019 4:14 pm

Komento 1.7.5 is now at 3.1.2 was in the VEL in 2015 and 2017 at versions 2.0.6 and 2.0.4

Joomla XTC easy image slide show is now at 1.7.0 you are using 1.5.3
You can check the rest yourself.
What we obtain too cheap, we esteem too lightly…Thomas Paine

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26141
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: host keeps locking my index.php file

Post by Per Yngve Berg » Mon Sep 02, 2019 4:53 pm

I see that you have AcyMailing installed. That is an extension that send out mails. Have you checked that they have not signed up for a newsletter?

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19740
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: host keeps locking my index.php file

Post by leolam » Mon Sep 02, 2019 4:56 pm

Site is perfectly accessible http://www.antifmradio.com/urb/ with Firefox 68.0.2 So how was this solved?

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Mon Sep 02, 2019 5:31 pm

abernyte wrote:
Mon Sep 02, 2019 4:14 pm
Komento 1.7.5 is now at 3.1.2 was in the VEL in 2015 and 2017 at versions 2.0.6 and 2.0.4

Joomla XTC easy image slide show is now at 1.7.0 you are using 1.5.3
You can check the rest yourself.
i must be using the VEL the wrong way. I searched Komento yesterday and came up ZERO results.
None the less i already knew i wasnt using it anywhere so i deleted everything Komento anyway

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19740
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: host keeps locking my index.php file

Post by leolam » Mon Sep 02, 2019 5:41 pm

Komento is not presently in VEL so if you update the recommendations properly (!) no need to delete it (but I know it need a license and if you have none you are open to problems when they arise)

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3689
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: host keeps locking my index.php file

Post by abernyte » Mon Sep 02, 2019 6:10 pm

Resolved VEL - filter for Komodo
OP is using a pre 2015 version of Komodo
What we obtain too cheap, we esteem too lightly…Thomas Paine

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Mon Sep 02, 2019 10:44 pm

leolam wrote:
Mon Sep 02, 2019 4:56 pm
Site is perfectly accessible http://www.antifmradio.com/urb/ with Firefox 68.0.2 So how was this solved?

Leo 8)
Not exactly resolved. I contacted the host company to unlock it. I let them know im working on a fix but need it accessible to do so. Ive also been going through and uninstalling any Modules / Plugins / Components that i no longer use

I think im going to have to rebuild all together though and i want to avoid that since im simply in the middle of updating

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26141
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: host keeps locking my index.php file

Post by Per Yngve Berg » Tue Sep 03, 2019 5:50 pm

You should disable the "Send a copy to yourself" option on the contact form. This is a feature that may be abused.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19740
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: host keeps locking my index.php file

Post by leolam » Mon Sep 09, 2019 9:39 am

@Antifmradio no need to rebuild at all. Just find the culprit and update your extensions. Did you read Abernyte's post???
Resolved VEL - filter for Komodo
OP is using a pre 2015 version of Komodo
Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37463
Joined: Sat Apr 05, 2008 9:58 pm

Re: host keeps locking my index.php file

Post by Webdongle » Sun Sep 15, 2019 7:57 am

antifmradio wrote:
Mon Sep 02, 2019 2:02 pm
...
im trying to understand how to compare the VEL list against what i have installed....
You expand the Live vel page to show all then look for one of your extensions in the list. You repeat that for each of your extensions in turn. Your problem is that you have out of date extensions ... so you will need to repeat the process with the Resolved vel.

At one time there was one list but (for some reason) the list got split into two. As you have outdated extensions that may have been vulnerable but now fixed then you need to check the Resolved vel as well.

It is a long process that would have been simplified if you had kept your extensions up to date. If any of your extensions are on either of the lists then you might need to treat your site as hacked. In reality you have that many extensions then it would probably be quicker to treat your site as been hacked. Please see viewtopic.php?f=714&t=946026
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14820
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: host keeps locking my index.php file

Post by mandville » Sun Sep 15, 2019 9:11 am

There is now a search tool .. has for a while

https://vel.joomla.org/articles/search
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Mon Sep 16, 2019 11:19 pm

I may have resolved the issue.

Account approval is now left to the admin.
and
I created a SPAM folder.
Also
I went into my account at cloudflare.com and completely blocked the IP Addresses of attackers that have been coming to my site by a RANGE of IPs that account for

79,228,162,514,264,337,593,543,950,336 IP addresses

For anyone unfamiliar thats 79 octillion or (quadrillion) IPs

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11478
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: host keeps locking my index.php file

Post by toivo » Tue Sep 17, 2019 2:17 am

antifmradio wrote:For anyone unfamiliar thats 79 octillion or (quadrillion) IPs
Your website seems to be still accessible, even though, AFAIK, the four quads of the IPv4 address can only hold approximately 4 billion or less than 4294967296 public IP addresses.
Toivo Talikka, Global Moderator

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37463
Joined: Sat Apr 05, 2008 9:58 pm

Re: host keeps locking my index.php file

Post by Webdongle » Tue Sep 17, 2019 9:45 am

Be aware that many IP address are dynamic so you may end up blocking genuine visitors.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

antifmradio
Joomla! Explorer
Joomla! Explorer
Posts: 393
Joined: Sun Feb 07, 2010 3:22 pm
Location: NJ NYC
Contact:

Re: host keeps locking my index.php file

Post by antifmradio » Sat Sep 21, 2019 9:11 pm

Webdongle wrote:
Tue Sep 17, 2019 9:45 am
Be aware that many IP address are dynamic so you may end up blocking genuine visitors.
completely understood. However it seems that since making this change, i am having no more DDoS and spam attacks on the domain.

THanks all. Seems the solution was to block off the road

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37463
Joined: Sat Apr 05, 2008 9:58 pm

Re: host keeps locking my index.php file

Post by Webdongle » Sat Sep 21, 2019 9:56 pm

antifmradio wrote:
Sat Sep 21, 2019 9:11 pm
...

THanks all. Seems the solution was to block off the road
Unless malicious files have been placed on the server. If they have then you may not see the next attack coming.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Security in Joomla! 3.x”