Hacked Mambo website redirecting traffic

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
MarkSteger
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Jan 08, 2020 3:40 am

Hacked Mambo website redirecting traffic

Post by MarkSteger » Wed Jan 08, 2020 3:50 am

My website has been hacked. The symptom is that calls to certain pages get redirected to a porn website. The pages have names like "/buscar-numeros-de-telefonos-de-mujeres-solteras/". In other words, nothing like any page that exists on my website. There are numerous versions of this, but all redirect to the same place. If I change even a single character and make a call to my website with the variant, it gets directed to my home page, as expected. In short, my website seems to be working correctly for everyone, but it also seems to be working like a redirect engine for whoever is directing traffic my way using these porn page names.

I've checked my .httaccess without finding anything. I've looked at my index.php page without finding anything. I've looked for in the redirected website name in the text of any of my own website pages without finding anything. I'm stumped. How can I find what is causing a simple request to my website to get redirected to a porn website, without such requests impacting normal traffic?
Last edited by toivo on Wed Jan 08, 2020 9:56 am, edited 2 times in total.
Reason: mod note: retitled, moved from 3.x Security

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19907
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Hacked website redirecting traffic

Post by leolam » Wed Jan 08, 2020 4:15 am

If you do not want to do viewtopic.php?f=714&t=946026 you should subscribe to https://mysites.guru/ which will identify all for you. First scan is free.

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

MarkSteger
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Jan 08, 2020 3:40 am

Re: Hacked website redirecting traffic

Post by MarkSteger » Wed Jan 08, 2020 4:23 am

I didn't link to *any* website. But now I see that if you Google the page name I mentioned, it leads to several websites that have been hacked like my own has been hacked. My website happens to be running Mambo, which is a very early incarnation of Joomla but is now obsolete. I hoped some Joomla user either might have seen a similar hack, or at least might be interested in whether the latest version of Joomla might be vulnerable as well. If that is out of line, let me know and I will delete my question and go away.
Last edited by MarkSteger on Wed Jan 08, 2020 5:10 am, edited 1 time in total.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11755
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Hacked website redirecting traffic

Post by toivo » Wed Jan 08, 2020 5:06 am

Please do not go away, @leolam's point is very valid because you will need professional help, and Phil Taylor from mysites.guru would be a good choice.

However, it may be difficult to convince Joomla experts to repair a 15 year old Mambo site, rather than rebuild it quickly using the secure and supported current version of Joomla with a free responsive template and a few free whizz-bang third party extensions.
Toivo Talikka, Global Moderator

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1206
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Hacked website redirecting traffic

Post by PhilTaylor-Prazgod » Wed Jan 08, 2020 9:23 am

I'll bite my tongue, however, even Phil Taylor is not interested in Mambo sites. Its 2020 now. Its unprofessional and insane that there are live sites running Mambo in 2020.

Im not surprised you are hacked. Im only surprised that you are surprised.
Phil Taylor
Founder, Lead Developer
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/ - My Twitter Streams

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11755
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Hacked website redirecting traffic

Post by toivo » Wed Jan 08, 2020 9:50 am

You could still post your requirements to the Professional Development Services forum at viewforum.php?f=177 with your details so that interested Joomla experts can contact you with their proposals.
Toivo Talikka, Global Moderator

MarkSteger
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Jan 08, 2020 3:40 am

Re: Hacked Mambo website redirecting traffic

Post by MarkSteger » Wed Jan 08, 2020 1:28 pm

Toivo Talikka, thanks for your reply. I'm not really looking for professional development services. I run a hobby site that I've always used as a platform for me to learn about website development.

Phil Taylor, thanks for your reply. I am not surprised that I was hacked. It's a moot point why I am still running Mambo, but FYI, I created my site 20 years ago as a hobby site, not a commercial site. It's a labor of love. I could have shut it down a decade or more ago, but I have a couple of dozen loyal users that I've kept it alive for their enjoyment. But I've invested little time or money in it. I've warned the users that if the site were ever hacked, I might just shut it down. And that might or might not still be my reaction here. But I came here not to discuss what I should do with my personal hobby site, I came here to learn something about how my particular hack works. If I just shut down, or paid someone to upgrade to Joomla, I still wouldn't know how the hack works. And I want to learn. If this forum is more for selling services, I'd understand.

I thought I understood how Apache turns a request like mysite.tld/abcde into returning a particular page from my website's file directory, but obviously I don't. Because mysite.tld/abcde returns a page named abcde if that page exists, and if it doesn't, it returns mysite.tld/index.php, except if it's a page name from the hack like mysite.tld/special-porn-page, and then it redirects to a different site altogether, a porn site like porn-site.tld/special-porn-page. I'm not even sure it's a Joomla hack (or Mambo). It might be a hack outside of whatever CMS I'm running. I'm willing to track down the problem, but I was hoping someone could give me some leads where to start looking, even if it's a good tutorial on sources of selective redirect hacks.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37798
Joined: Sat Apr 05, 2008 9:58 pm

Re: Hacked Mambo website redirecting traffic

Post by Webdongle » Wed Jan 08, 2020 1:56 pm

Wipe the server, scan all computers that have access to the server and rebuild with the latest Joomla.

Addendum
Forgot to say ... change your user/pass after that.
Last edited by Webdongle on Wed Jan 08, 2020 2:35 pm, edited 1 time in total.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11755
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Hacked Mambo website redirecting traffic

Post by toivo » Wed Jan 08, 2020 2:19 pm

Cheers. This purpose of the Security sub-forums is to provide advice on best security practice and to help webmasters and site owners to configure their servers and rebuild their websites so that they are secure.

Study the sticky topics at the top of the 3.x Security forum at viewforum.php?f=714. The point there is to fix possible security vulnerabilities in the server environment and update obsolete third party extensions and to rebuild the website so that no compromised files are left behind, as recommended by @Webdongle, who is an expert and one of the authors of those tutorials.

Hack code is not allowed to be presented in this forum. If you want to learn about how hackers attack vulnerabilities in web software, there is plenty of material available on the internet about things like SQL injection or cross-site scripting, but that is an area of specialist knowledge and a profession for many experts.
Toivo Talikka, Global Moderator

MarkSteger
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Wed Jan 08, 2020 3:40 am

Re: Hacked Mambo website redirecting traffic

Post by MarkSteger » Wed Jan 08, 2020 4:03 pm

Toivo, thanks. I believe I am asking for help on the wrong forum. My apologies.


Post Reply

Return to “Security - 1.0.x”