Unsure If My Site Has Been Breached Or Not (resolved) - Joomla! Forum - community, help and support

-

hi everyone,

i have joomla 2.5.8 site has been live 4 months now.

i have taken steps in security docs section secure site including extensive .htaccess file , password protected administrator directory.

recently however, received strange email root user of server site hosted on (shared hosting):

from: root@myhostingprovider'sserver.co.za

this automated mail joomla installation on
xxxxxxxxxx.co.za http://www.craft-word.com/

the account password application has been updated.
please make note of new password can use it
when need log in:

user name : admin
new password: xxxxxxx
database : xxxxxxx

if not using database, can safely ignore this
message. can use joomla 'recover password' facility
if prefer set secure password yourself.


i have xxxxx'd out sensitive information in message. strange thing there no user username 'admin' on website or on cpanel of host. 'admin' user default 1 joomla installs have changed different username after installation.

i contacted hosting provider , said might because of joomla installation script ran, did not run joomla installation script personally.

i compared main files (configuration, index etc) of installation previous backups , did not find strange code.

i compared dump of database few backups , found there 'admin' user in of database dumps, initial email address assume default 'admin' user created during installation. strange thing in latest database dump, password seen in database dump did change 'admin' user.

there strange entries in redirect table in latest database dump:

code: select all

insert `xxxxx_redirect_links`(`id`, `old_url`, `new_url`, `referer`, `comment`, `hits`, `published`, `created_date`, `modified_date`) values (13,'http://www.craft-word.com/index.php?option=com_zknmgfwmgkrscfrj','','http://[url banned].com/','',1,0,'2012-11-24 12:51:16','0000-00-00 00:00:00'),(14,'http://www.craft-word.com/index.php?option=com_jce','','http://[url banned].com/','',1,0,'2012-11-24 12:51:17','0000-00-00 00:00:00'),(15,'http://www.craft-word.com/index.php?option=com_virtuemart&vmcchk=1','','http://[url banned].com/','',1,0,'2012-11-24 12:51:17','0000-00-00 00:00:00'),(16,'http://www.craft-word.com/index.php?option=com_xmap','','http://[url banned].com/','',1,0,'2012-11-24 12:51:18','0000-00-00 00:00:00'),(17,'http://www.craft-word.com/index.php?option=com_sh404sef','','http://[url banned].com/','',1,0,'2012-11-24 12:51:19','0000-00-00 00:00:00'),(18,'http://www.craft-word.com/index.php?option=com_tienda','','http://[url banned].com/','',1,0,'2012-11-24 12:51:20','0000-00-00 00:00:00'),(19,'http://www.craft-word.com/index.php?option=com_gantry','','http://[url banned].com/','',1,0,'2012-11-24 12:51:20','0000-00-00 00:00:00'),(20,'http://www.craft-word.com/index.php?option=com_joomfish','','http://[url banned].com/','',1,0,'2012-11-24 12:51:21','0000-00-00 00:00:00'),(21,'http://www.craft-word.com/index.php?option=com_fabrik','','http://[url banned].com/','',1,0,'2012-11-24 12:51:22','0000-00-00 00:00:00'),(22,'http://www.craft-word.com/index.php?option=com_forme','','http://[url banned].com/','',1,0,'2012-11-24 12:51:23','0000-00-00 00:00:00'),(23,'http://www.craft-word.com/index.php?option=com_akeeba','','http://[url banned].com/','',1,0,'2012-11-24 12:51:23','0000-00-00 00:00:00'), .....many more;


does have experience or have seen before? still confused whether error hosting provider, or if website has been breached.

any advice highly appreciated please.

have looked in source code of e-mail originating ip-address sender of e-mail? joking , sending such fake email.





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more