Malware in the site - Joomla! Forum - community, help and support

-

problem description :: forum post assistant (v1.2.3) : 19th november 2012 wrote:malaware
forum post assistant (v1.2.3) : 19th november 2012 wrote:
basic environment :: wrote:joomla! instance :: joomla! 1.5.20-stable (senu takaa) 18-july-2010
joomla! configured :: yes | read-only (444) | owner: apache (uid: 1/gid: 1) | group: apache (gid: 1) | valid for: 1.5
configuration options :: offline: 0 | sef: 0 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: yes | gzip: 1 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: 0 | site debug: 0 | language debug: 0 | database credentials present: yes

host configuration :: os: linux | os version: 2.6.9-023stab052.4-smp | technology: i686 | web server: apache/2.2.3 (centos) | encoding: gzip,deflate,sdch | doc root: /var/www/vhosts/localiditalia.it/httpdocs | system tmp writable: unknown

php configuration :: version: 5.1.6 | php api: apache2handler | session path writable: unknown | display errors: | error reporting: 2047 | log errors to: | last known error: | register globals: | magic quotes: | safe mode: 0 | open base: /var/www/vhosts/localiditalia.it/httpdocs:/tmp | uploads: 1 | max. upload size: 2m | max. post size: 8m | max. input time: 60 | max. execution time: 30 | memory limit: 64m

mysql configuration :: version: 5.0.22 (client:5.0.22) | host: --protected-- (--protected--) | collation: utf8_general_ci (character set: utf8) | database size: 306.66 mib | #of tables:  308
detailed environment :: wrote:php extensions :: libxml () | xml () | wddx () | tokenizer (0.1) | sysvshm () | sysvsem () | sysvmsg () | standard (5.1.6) | simplexml () | sockets () | spl () | shmop () | session () | reflection () | pspell () | posix () | mime_magic (0.1) | iconv () | hash (1.0) | gmp () | gettext () | ftp () | exif (1.4 $id: exif.c,v 1.173.2.5 2006/04/10 18:23:24 helly exp $) | date (5.1.6) | curl () | ctype () | calendar () | bz2 () | zlib (1.1) | pcre () | openssl () | apache2handler () | dom (20031129) | gd () | imap () | ldap () | mbstring () | mysql (1.0) | mysqli (0.1) | ncurses () | odbc (1.0) | pdo () | pdo_mysql (1.0.2) | pdo_odbc () | pdo_sqlite (1.0.1) | snmp () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | ioncube loader () | zend engine (2.1.0) |
potential missing extensions :: zip | mcrypt | suhosin |

switch user environment (experimental) :: php cgi: no | server su: no | php su: no | custom su (litespeed/cloud/grid): no
potential ownership issues: maybe

apache modules :: core | prefork | http_core | mod_so | mod_auth_basic | mod_auth_digest | mod_authn_file | mod_authn_alias | mod_authn_anon | mod_authn_dbm | mod_authn_default | mod_authz_host | mod_authz_user | mod_authz_owner | mod_authz_groupfile | mod_authz_dbm | mod_authz_default | util_ldap | mod_authnz_ldap | mod_include | mod_log_config | mod_logio | mod_env | mod_ext_filter | mod_mime_magic | mod_expires | mod_deflate | mod_headers | mod_usertrack | mod_setenvif | mod_mime | mod_dav | mod_status | mod_autoindex | mod_info | mod_dav_fs | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_rewrite | mod_proxy | mod_proxy_balancer | mod_proxy_ftp | mod_proxy_http | mod_proxy_connect | mod_cache | mod_suexec | mod_disk_cache | mod_file_cache | mod_mem_cache | mod_cgi | mod_version | mod_perl | mod_php5 | mod_proxy_ajp | mod_python | mod_ssl | apache/2.2.3 (centos) |
potential missing modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
folder permissions :: wrote:core folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

elevated permissions (first 10) :: css/ (777) | img/ (777) | img/common/ (777) | img/glyph/ (777) | img/icons/ (777) | img/icons/tabs/ (777) | test/ (777) | test/apacheasp/ (777) | test/cgi/ (777) | test/coldfusion/ (777) |
extensions discovered :: wrote:components :: site :: comprofiler (1.3.1) | cb mamblog tab (1.2) | cb mambo author tab (1.2) | yanc integration (1.2) | jbolo! (1.1) | cb profilebook (1.2) | ads factory plugin - ads (1.0) | twocheckout (1.2) | cbsubs cb field (1.2.3) | cbsubs email (1.2.3) | cbsubs googleanalytics (1.2.3) | cbsubs content (1.2.3) | cbsubs acymailing (1.2.3) | cb paid subscriptions (1.3) | cbsubs fields tabs protect (1.2.3) | cbsubs folder access (1.2.3) | ads factory plugin - google ma (1.0) | dt delete me 1.2 (1.2) | rating field (1.2) | cb mutual friends (1.1) | cb profile pro (1.0) | cb profile gallery (1.2) | cb videos (1.2.1) | cb captcha (1.3) | luxgmap (1.0) | luxmenu (1.0) | luxserate (1.0) | acymailing cb plugin (1.0) | luxmenu (1.0) | luxcoupons (1.0) | maiale (1.0) | mailto (1.5.0) | ads factory plugin - google ma (1.0) | ads factory plugin - ads (1.0) | ads category module-2 (1.5.0) | ads category module (1.0.0) | ads tag cloud (1.0.0) | ads search module (1.0.0) | ads factory category tree modu (1.5.0) | ads manager module (1.5.0) | search - adsman (1.5) | ads factory plugin (1.0.0) | user (1.5.0) | wrapper (1.5.0) |
components :: admin :: jbolo! (2.9.3) | rsevents! (1.2.0) | banners (1.5.0) | cache manager (1.5.0) | comprofiler (1.7) | comprofiler (1.7) | configuration manager (1.5.0) | contact items (1.0.0) | content page (1.5.0) | control panel (1.5.0) | eventlist (1.0.1) | frontpage (1.5.0) | installation manager (1.5.0) | sh404sef - system plugin (2.2.2.941) | j16 language backport - system (1.0.0.941) | sh404sef - system mobile templ (1.0.0.941) | sh404sef - similar urls plugin (2.2.2.941) | sh404sef - offline code plugin (2.2.2.941) | sh404sef - analytics plugin (2.2.2.941) | sh404sef control panel icon (2.2.2.941) | sh404sef (2.2.2.941) | jce (1.5.7) | ninjaxplorer (1.0.6) | metatemplate (1.12 pro) | joomgallery (1.5.0.3) | miss (4.01) | language manager (1.5.0) | mass mail (1.5.0) | media manager (1.5.0) | menus manager (1.5.0) | messaging (1.5.0) | module manager (1.5.0) | newsfeeds (1.5.0) | plugin manager (1.5.0) | polls (1.5.0) | akeeba (3.2.7) | search (1.5.0) | sobi2 (rc 2.9.2.3) | template manager (1.5.0) | trash (1.0.0) | user manager (1.5.0) | weblinks (1.5.0) | joom!fish (2.0.4) | eventieconcerti (1.01) | adsman (1.8.6) | uddeim (2.4) | richiedicartolina (1.01) | cbcoresearch (1.1) | cb profile pro (2.1.3) | luxmenu (1.01) | rsform (1.3.0 r33) | luxserate (1.01) | awd jomalbum (2.2) | awd wall (2.2) | acymailing module (3.0.0) | acymailing : trigger joomla co (3.0.0) | acymailing manage text (1.0.0) | acymailing tag : website links (3.0.0) | acymailing : share on social n (1.0.0) | acymailing : statistics plugin (3.0.0) | acymailing table of contents g (1.0.0) | acymailing tag : cb user infor (3.0.0) | acymailing tag : content inser (3.0.0) | acymailing tag : subscriber in (3.0.0) | acymailing tag : manage su (3.0.0) | acymailing tag : date / time (3.0.0) | acymailing tag : joomla user (3.0.0) | acymailing template class repl (3.0.0) | acymailing : (auto)subscribe d (3.0.0) | acymailing (3.0.0) | luxcoupons (1.01) | removeme (1.5) | inaugurazioni (1.01) | reservationform (1.01) | luxsearchusers (1.01) | luxrawnewsletter (1.01) |

modules :: site :: archived content (1.5.0) | jbolo! (2.9.3) | banner (1.5.0) | breadcrumbs (1.5.0) | metamod (2.7) | cb login (1.7) | cb userlist (2.8) | cb workflows (1.7) | cb online (1.7) | custom html (1.5.0) | latest events (1.0.1) | latest events wide (1.0.2) | feed display (1.5.0) | footer (1.5.0) | ads manager module (1.5.0) | je rollover tooltip menu (1.1) | joomimages (1.5.2) | jumi (2.0.6) | latest news (1.5.0) | login (1.5.0) | menu (1.5.0) | read content (1.5.0) | newsflash (1.5.0) | poll (1.5.0) | random image (1.5.0) | related items (1.0.0) | rsevents calendar (1.3) | search events (1.1) | upcoming events (1.4) | search (1.0.0) | sections (1.5.0) | statistics (1.5.0) | syndicate (1.5.0) | who\'s online (1.0.0) | wrapper (1.0.0) | joomfish-language selection (2.0.4) | hot image slider (1.0.2) | s5 tell friend (1.0) | show users events (1.0.0) | show users videos (1.0.0) | eventi e concerti (1.0.0) | show registered users reports (1.0.0) | ads category module-2 (1.5.0) | ads factory category tree modu (1.5.0) | ads tag cloud (1.0.0) | ads search module (1.0.0) | ads category module (1.0.0) | ajax search users (1.8) | cb subscriptions (1.1.2) | flexbanner (1.5.45) | imageslideshow (1.0) | custom html jbolo (2.9.3) | cb core search module (1.1) | visualizza annunci (1.0.0) | social media buttons (1.5.5) | coupon (1.0.0) | cb people may know (1.2.5) | cb friends list (1.0) | nice social bookmark (1.4) | [youtube] playlist player (1.5) | cb suggest (1.6.2) | awdwall events (1.5.0) | gtranslate (1.5.x.26) | acymailing module (3.0.0) | show users lists (1.0.0) | sliding coupons (1.0.0) | coupons per provincia (1.0.0) | show coupons report (1.0.0) | show bacheca (1.0.0) | events category (1.0.0) | users category (1.0.0) | luxsearchusers (1.0.0) | cb loginmiss (1.8) |
modules :: admin :: custom html (1.5.0) | feed display (1.5.0) | footer (1.0.0) | latest news (1.0.0) | logged in users (1.0.0) | login form (1.0.0) | admin menu (1.0.0) | online users (1.0.0) | popular items (1.0.0) | quick icons (1.0.0) | items stats (1.0.0) | user status (1.5.0) | admin submenu (1.0.0) | title (1.0.0) | toolbar (1.0.0) | unread items (1.0.0) | direct translation (2.0.4) | community builder admin menu (1.0) | sh404sef control panel icon (2.2.2.941) | akeeba backup notification mod (3.2.7) |

plugins :: site :: authentication - example (1.5) | authentication - gmail (1.5) | authentication - joomla (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | content - email cloaking (1.5) | content - example (1.0) | content - code highlighter (ge (1.5) | content - load modules (1.5) | content - pagebreak (1.5) | content - page navigation (1.5) | rd add php (5.0) | content - vote (1.5) | joomfish alternative language (2.0.4) | includephp (1.1) | content - jplayer (1.5.2) | editor - jce 1.5.6 (1.5.6) | editor - tinymce 3 (3.2.6) | editor - xstandard lite jo (1.0) | advanced code editor (1.5.6) | advanced link (1.5.1) | joomla! links advanced lin (1.2.1) | file browser (1.5.0 stable) | paste (1.5.0) | image manager (1.5.2) | object support (1.5.1) | paste (1.5.6) | spellchecker (2.0.0) | button - image (1.0.0) | button - pagebreak (1.5) | button - readmore (1.5) | editor button - magic window f (1.0.4) | search - categories (1.5) | search - contacts (1.5) | search - content (1.5) | search - adsman (1.5) | search - newsfeeds (1.5) | search - sections (1.5) | search - weblinks (1.5) | search - joomfish categories (2.0.4) | search - joomfish contacts (2.0.4) | search - joomfish content (2.0.4) | search - joomfish newsfeeds (2.0.4) | search - joomfish sections (2.0.4) | search - joomfish weblinks (2.0.4) | system - backlinks (1.5) | system - cache (1.5) | system - debug (1.5) | system - metatemplate (1.0) | system - legacy (1.5) | system - log (1.5) | jbolo! - assets loader system (2.9.3) | system - remember me (1.5) | system - regprovcom (1.0) | system - sef (1.5) | system - mootools upgrade (1.5) | joomfish - abstraction layer (2.0.4) | joomfish - basic router (2.0.4) | cbpaidsubsbot (1.1.2) | cbpaidsubsbot (1.1.2) | akeeba backup lazy scheduling (3.2.7) | system - ie8 compatibility (1.2) | j16 language backport - system (1.0.0.941) | sh404sef - system mobile templ (1.0.0.941) | sh404sef - system plugin (2.2.2.941) | acymailing : (auto)subscribe d (3.0.0) | user - example (1.0) | user - joomla! (1.5) | xml-rpc - blogger api (1.0) | xml-rpc - joomla api (1.0) | joomfish - missing translation (2.0.4) | unknown (-) | chat status (2.9.3) | jw flv (version 5) player ([ granity ]) | acymailing : trigger joomla co (3.0.0) | acymailing manage text (1.0.0) | acymailing tag : website links (3.0.0) | acymailing : share on social n (1.0.0) | acymailing : statistics plugin (3.0.0) | acymailing table of contents g (1.0.0) | acymailing tag : cb user infor (3.0.0) | acymailing tag : content inser (3.0.0) | acymailing tag : subscriber in (3.0.0) | acymailing tag : manage su (3.0.0) | acymailing tag : date / time (3.0.0) | acymailing tag : joomla user (3.0.0) | acymailing template class repl (3.0.0) | sh404sef - analytics plugin (2.2.2.941) | sh404sef - offline code plugin (2.2.2.941) | sh404sef - similar urls plugin (2.2.2.941) | metatemplate - extended rules (1.3) | metatemplate - virtuemart rule (1.1) |
templates discovered :: wrote:templates :: site :: localiditalia - registrazione (1.0) | localiditalia - registrazione (1.0) | miss_template (1.5.0) | gusto e sapori (1.0.0) | localiditalia test (1.0) | localiditalia (1.0) |
templates :: admin :: khepri (1.0) |

initial summary,
old out of date vulnerable version of jooml
open folder permissions 777 = bad
numerous out of date extensions

suggestion - follow checklist 7 safe route recovery. see viewtopic.php?f=621&t=582854 more info





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more