My website maybe got hacked!

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
aboarken
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 167
Joined: Fri Dec 18, 2015 6:40 pm

My website maybe got hacked!

Post by aboarken » Sun Aug 02, 2020 4:26 pm

Hello,
I have scanned my site but nothing is telling me that my site is hacked but I see the attached pictures in my Joomla site directory. The pictures are from [ redacted ] hackers. Please can you tell me what I have to do?
Thanks in advance.

[ redacted ]
Last edited by toivo on Sun Aug 02, 2020 4:57 pm, edited 2 times in total.
Reason: mod note: attachment removed, kudos redacted

 
User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12630
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: My website maybe got hacked!

Post by toivo » Sun Aug 02, 2020 5:04 pm

Recommend that you contact Phil Taylor of https://mysites.guru/. He cleans hacked sites for a fee, in addition to providing online tools for auditing and managing Joomla sites. The first software audit is free and it may also include Suspect Content Tool, which should help to identify hacked files.

Alternatively, study the sticky topics of this 3.x Security forum how to rebuild a hacked site and observe best security practice.

Please note that removing hacked files does not remove the vulnerability that allowed the site to be compromised. You should therefore post the results from the Forum Post Assistant (FPA) so that our volunteer experts can review the configuration. They may be able to identify vulnerable extensions, for example.
Toivo Talikka, Global Moderator

JurajB
Joomla! Explorer
Joomla! Explorer
Posts: 253
Joined: Fri Oct 02, 2015 3:28 pm

Re: My website maybe got hacked!

Post by JurajB » Mon Aug 03, 2020 1:55 pm

I think mysites.guru have also some kind of protection at least you can harden the thing such a .htaccess and more.
Also you may find useful siteguarding.com (designed also for Joomla) but I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12630
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: My website maybe got hacked!

Post by toivo » Mon Aug 03, 2020 2:58 pm

JurajB wrote:
Mon Aug 03, 2020 1:55 pm
I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.
@JurajB, modifying the Joomla core files is a bad idea, neither recommended nor supported.

About security extensions, among the services, tools and extensions I have used, in addition to mysites.guru (no affiliation), Admin Tools of Akeeba Ltd (no affiliation) is an excellent option that keeps the hackers away.
Toivo Talikka, Global Moderator

JurajB
Joomla! Explorer
Joomla! Explorer
Posts: 253
Joined: Fri Oct 02, 2015 3:28 pm

Re: My website maybe got hacked!

Post by JurajB » Mon Aug 03, 2020 3:43 pm

So OK then you may use Joomla plugin for this.
edit: but my hosting provider (the best around, they are max. experts) said its safe to put the code in index.php (maybe only on their hosting or maybe the admin in support area wasnt informed) so what to say about this?

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 9293
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: My website maybe got hacked!

Post by sozzled » Mon Aug 03, 2020 6:44 pm

JurajB wrote:
Mon Aug 03, 2020 3:43 pm
My hosting provider (the best around, they are max. experts) said its safe to put the code in index.php ...
What "code"? ???

@toivo's advice is sensible:
toivo wrote:
Mon Aug 03, 2020 2:58 pm
@JurajB, modifying the Joomla core files is a bad idea, neither recommended nor supported.
I agree 100%. Don't modify the J! core files and please don't recommend this idea to others. "Modifying" the core files in J! is why we see so many problems reported on the forum. These problems can be caused by "modifying" the core files in J!. It's a bad idea.
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2234
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: My website maybe got hacked!

Post by JAVesey » Mon Aug 03, 2020 7:14 pm

sozzled wrote:
Mon Aug 03, 2020 6:44 pm
I agree 100%. Don't modify the J! core files and please don't recommend this idea to others.
+1

The other reason not to modify core files is that they can be overwritten during a core update, thereby losing any changes made.

@OP:
Follow Toivo's advice and post the output from the FPA. Might help identify the way your site was exploited.
John V
Cardiff, Wales, UK
Uses Joomla 3.9.20 and PHP7.3.x

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 38774
Joined: Sat Apr 05, 2008 9:58 pm

Re: My website maybe got hacked!

Post by Webdongle » Mon Aug 03, 2020 7:20 pm

Either contact https://mysites.guru/
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026

Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.

When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein.

 

Post Reply

Return to “Security in Joomla! 3.x”