My site has been hacked Please help - Joomla! Forum - community, help and support

-

problem description :: forum post assistant (v1.2.3) : 25th november 2012 wrote:my site hacked
log/error message :: forum post assistant (v1.2.3) : 25th november 2012 wrote:[hacker kudos]
forum post assistant (v1.2.3) : 25th november 2012 wrote:
basic environment :: wrote:joomla! instance :: joomla! 2.5.1-stable (ember) 2-feb-2012
joomla! platform :: joomla platform 11.4.0-stable (brian kernighan) 03-jan-2012
joomla! configured :: yes | read-only (444) | owner: dimomtnv (uid: 1/gid: 1) | group: dimomtnv (gid: 1) | valid for: 2.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: 1 | unicode slugs: 0 | database credentials present: no

host configuration :: os: linux | os version: 2.6.18-308.8.2.el5.028stab101.1ent | technology: i686 | web server: apache/2.2.21 (unix) mod_ssl/2.2.21 openssl/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 frontpage/5.0.2.2635 | encoding: gzip, deflate | doc root: /home/dimomtnv/public_html | system tmp writable: yes

php configuration :: version: 5.2.17 | php api: cgi | session path writable: unknown | display errors: 1 | error reporting: 6135 | log errors to: | last known error: | register globals: 0 | magic quotes: 1 | safe mode: | open base: | uploads: 1 | max. upload size: 1000m | max. post size: 1010m | max. input time: 40000000 | max. execution time: 40000000 | memory limit: 1010m

mysql configuration :: database credentials incomplete or not available nothing display.
missing credentials detected: mysql host missing |
detailed environment :: wrote:php extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dbase () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | mysql (1.0) | simplexml (0.1) | posix () | pspell () | reflection (0.1) | imap () | spl (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $id: exif.c 293036 2010-01-03 09:23:27z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi () | zend engine (2.2.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: yes | server su: yes | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: no
folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (777) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) :: cache/lofthumbs/ (777) | logs/ (777) | studentsportal/cache/0/ (775) | studentsportal/cache/1/ (775) | studentsportal/cache/2/ (775) | studentsportal/cache/6/ (775) | studentsportal/cache/7/ (775) | studentsportal/cache/9/ (775) | studentsportal/cache/d/ (775) | studentsportal/cache/lofthumbs/ (777) |
extensions discovered :: wrote:components :: site :: com_wrapper (2.5.0) | wf_popups_jcemediabox_title (2.0.21) | wf_popups_window_title (2.0.21) | wf_mediaplayer_jceplayer_title (2.0.21) | wf_links_joomlalinks_title (2.0.21) | wf_filesystem_joomla_title (2.0.21) | wf_aggregator_vimeo_title (2.0.21) | [youtube] (2.0.21) | wf_paste_title (2.0.21) | wf_browser_title (2.0.21) | wf_textcase_title (2.0.21) | wf_nonbreaking_title (2.0.21) | wf_source_title (2.0.21) | wf_media_title (2.0.21) | wf_autosave_title (2.0.21) | wf_directionality_title (2.0.21) | wf_fullscreen_title (2.0.21) | wf_xhtmlxtras_title (2.0.21) | wf_searchreplace_title (2.0.21) | wf_table_title (2.0.21) | wf_print_title (2.0.21) | wf_article_title (2.0.21) | wf_link_title (2.0.21) | wf_preview_title (2.0.21) | wf_layer_title (2.0.21) | wf_imgmanager_title (2.0.21) | wf_inlinepopups_title (2.0.21) | wf_spellchecker_title (2.0.21) | wf_style_title (2.0.21) | wf_visualchars_title (2.0.21) | wf_contextmenu_title (2.0.21) | wf_cleanup_title (2.0.21) | com_mailto (2.5.0) |
components :: admin :: com_cache (2.5.0) | com_newsfeeds (2.5.0) | com_menus (2.5.0) | com_languages (2.5.0) | com_plugins (2.5.0) | ppinstaller (2.0.10.2683) | com_content (2.5.0) | com_config (2.5.0) | com_modules (2.5.0) | com_installer (2.5.0) | com_categories (2.5.0) | sh404sef control panel icon (3.4.5.1255) | plg_sh404sefcore_sh404sefsocia (3.4.5.1255) | sh404sef - similar urls plugin (3.4.5.1255) | sh404sef - offline code plugin (3.4.5.1255) | sh404sef - analytics plugin (3.4.5.1255) | sh404sef - system mobile templ (3.4.5.1255) | sh404sef - system plugin (3.4.5.1255) | sh404sef - default component s (3.4.5.1255) | sh404sef (3.4.5.1255) | com_weblinks (2.5.0) | rsform (1.4.0 r42) | com_users (2.5.0) | editor - jce (2.0.21) | unknown (-) | jce (2.0.21) | com_media (2.5.0) | com_redirect (2.5.0) | com_finder (2.5.0) | ninjaxplorer (1.0.6) | com_banners (2.5.0) | com_messages (2.5.0) | com_fjrelated (1.03) | mod_kunenamenu (2.0.2) | kunena menu (2.0.2) | plg_system_kunena (-) | plg_kunena_uddeim (2.0.2) | kunena - uddeim integration (2.0.2) | plg_quickicon_kunena (2.0.2) | system - kunena forum (2.0.2) | plg_system_kunena (2.0.2) | plg_kunena_gravatar (2.0.2) | kunena - gravatar integration (2.0.2) | plg_finder_kunena (2.0.2) | plg_kunena_joomla (2.0.2) | kunena - joomla integration (2.0.2) | kunena - kunena integration (2.0.2) | plg_kunena_kunena (2.0.2) | kunena - jomsocial integration (2.0.2) | plg_kunena_community (2.0.2) | kunena - communitybuilder inte (2.0.2) | plg_kunena_comprofiler (2.0.2) | kunena - alphauserpoints integ (2.0.2) | plg_kunena_alphauserpoints (2.0.2) | com_kunena (2.0.2) | com_checkin (2.5.0) | rsinstaller (1.3.0) | com_templates (2.5.0) | com_search (2.5.0) | fpss (3.2.0) | akeeba (3.3.13) | com_admin (2.5.0) | com_login (2.5.0) | com_cpanel (2.5.0) |

modules :: site :: mod_custom (2.5.0) | mod_breadcrumbs (2.5.0) | mod_menu (2.5.0) | mod_articles_category (2.5.0) | mod_footer (2.5.0) | mod_login (2.5.0) | mod_articles_archive (2.5.0) | mod_articles_popular (2.5.0) | subscription (2.0.10.2683) | rsform! pro feedback module (1.3.0) | mod_articles_news (2.5.0) | mod_stats (2.5.0) | mod_wrapper (2.5.0) | mod_random_image (2.5.0) | mod_weblinks (2.5.0) | rsform! pro module (1.3.0) | mod_articles_categories (2.5.0) | mod_umi3dtagcloud (1.3.4) | frontpage slideshow (by joomla (3.2.0) | mod_users_latest (2.5.0) | mod_search (2.5.0) | mod_related_items (2.5.0) | mini frontpage (2.1.2) | lof articlesslideshow module (2.2) | lof article scroller module (2.3) | mod_feed (2.5.0) | mod_whosonline (2.5.0) | mod_finder (2.5.0) | mod_syndicate (2.5.0) | ninja simple icon menu (1.8.3) | mod_articles_latest (2.5.0) | rsform! pro module frontend li (1.3.0) | mod_languages (2.5.0) | mod_banners (2.5.0) |
modules :: admin :: mod_version (2.5.0) | mod_custom (2.5.0) | mod_multilangstatus (1.7.1) | import data () | mod_toolbar (2.5.0) | quick search (--- ) | mod_menu (2.5.0) | mod_login (2.5.0) | mod_status (2.5.0) | mod_latest (2.5.0) | sh404sef control panel icon (3.4.5.1255) | mod_quickicon (2.5.0) | mod_submenu (2.5.0) | mod_popular (2.5.0) | mod_feed (2.5.0) | mod_logged (2.5.0) | setup checklist (2.0.10.2683) | akeeba backup notification mod (3.3.13) | mod_title (2.5.0) | frontpage slideshow statistics (3.2.0) |

plugins :: site :: plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_weblinks (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_gmail (2.5.0) | plg_content_joomla (2.5.0) | plg_content_finder (2.5.0) | plg_content_loadmodule (2.5.0) | content - rsform! pro (1.3.0) | plg_content_pagenavigation (2.5.0) | plg_content_geshi (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_pagebreak (2.5.0) | tabs & sliders [for articl (2.5) | plg_content_vote (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_tabber (2.1.0free) | plg_editors-xtd_image (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_weblinks (2.5.0) | plg_sh404sefcore_sh404sefsocia (3.4.5.1255) | sh404sef - similar urls plugin (3.4.5.1255) | sh404sef - offline code plugin (3.4.5.1255) | sh404sef - analytics plugin (3.4.5.1255) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | email activation (1.2.1) | plg_user_profile (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_kunena (2.0.2) | plg_quickicon_extensionupdate (2.5.0) | sh404sef - system mobile templ (3.4.5.1255) | system - rsform! pro - rsmail! (1.3.0) | plg_system_log (2.5.0) | plg_system_cache (2.5.0) | plg_system_nnframework (12.5.1) | plg_system_languagecode (2.5.0) | system - rsform! pro google (1.3.0) | plg_system_logout (2.5.0) | plg_system_redirect (2.5.0) | plg_system_highlight (2.5.0) | system - rsform! pro feedback (1.3.0) | sh404sef - system plugin (3.4.5.1255) | plg_system_remember (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_p3p (2.5.0) | system - jvframework (1.5.1.1) | unknown (-) | unknown (-) | system - rsform! pro recaptcha (1.3.0) | plg_system_tabber (2.1.0free) | system - rsform! pro rsevents! (1.4.0) | plg_system_debug (2.5.0) | plg_system_sef (2.5.0) | system - rsform! pro registrat (1.0.0) | akeeba backup lazy scheduling (3.3) | plg_system_kunena (2.0.2) | plg_extension_joomla (2.5.0) | sh404sef - default component s (3.4.5.1255) | plg_kunena_joomla (2.0.2) | plg_kunena_alphauserpoints (2.0.2) | plg_kunena_comprofiler (2.0.2) | plg_kunena_gravatar (2.0.2) | plg_kunena_community (2.0.2) | plg_kunena_uddeim (2.0.2) | plg_kunena_kunena (2.0.2) | editor - jce (2.0.21) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.4.7) |
templates discovered :: wrote:templates :: site :: brrrrrrrrrrrrrrrrrrrrrrrrrrrrr (1.0) | home page (1.0) | patientsportal (1.0) | untitled (1.0) |
templates :: admin :: bluestork (2.5.0) | hathor (2.5.0) |


this code forumpostassistant, main domain http://mediworm .com hacked; whereas subdomains http://studentsportal.mediworm .com , medipics.mediworm .com unaffected!
also found in other post!

[ ] download , run forum post assistant / fpa instructions available here , included in download package. post generated results in security/been hacked topic.

[ ] ensure have latest version of joomla 1.5 or 2.5 version of joomla. delete files in joomla installation, saving copy of configuration.php file.

[ ] review vulnerable extensions list make sure 3rd party extensions versions used appear on vulnerable list.

[ ] review , action security checklist 7 make sure you've gone through of steps.

[ ] scan machines ftp, joomla super admin, , joomla admin access malware, virus, trojans, spyware, etc. checklist 7 contains list or recommended scanners.

[ ] change passwords , if possible user names website host control panel. change joomla database user name , password.

[ ] use proper permissions on files , directories. should never 777, ideal 644 files , 755 directories. configuration file can set 444 read only.

[ ] check htaccess for odd code (i.e. code not in standard htaccess supplied part of joomla installation).

[ ] check crontab or task scheduler unexpected jobs/tasks.

[ ] ensure not have anonymous ftp enabled.

[ ] verify individually non-joomla file such not limited placed on website such images, pdf files, files download, , other documents , files valid , supposed part of website.

[ ] replace deleted files fresh copies of current full version of joomla (minus installation directory) downloaded earlier. install freshly downloaded copies of extensions , templates used on site. if joomla database user name , password changed earlier, make necessary changes configuration.php file , upload copy website. upload non-joomla files necessary website. replacing files in installation (including extensions , templates) can sure remove backdoors inserted , hidden in various files , directories more detailed information can found in security checklist 7 link below.


also newbie, mastered joomla! dont know coding stuff!

so how .htacccess unusual coding, mean should for?

also please tell me how can scan files through ftp.

please take me newbie , assist me accordingly!

thank you!

joomla out of date ... folders writeable 777. looka going delete every file(including in subdirectories). , described in viewforum.php?f=621





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more