Malware in a site made using Joomla 1.5 - Joomla! Forum - community, help and support
my sites, using joomla 1.5 , other thirdy part components:
http://www.condominiosoft .altervista.org
http://www.affittisoft .altervista.org
http://www.fiorellabijoux .altervista.org
when open 1 of them using iexplorer (not using mozilla) receive message submitted: is
bibitrender.info?
is code inserted in site hacker? have do?
i have deleted files in site, deleted database , uploaded backup version controlled malwarebytes anti malware program , using microsoft essentials security. problem persists. need solve possible.
thank
martino
http://www.condominiosoft .altervista.org
http://www.affittisoft .altervista.org
http://www.fiorellabijoux .altervista.org
when open 1 of them using iexplorer (not using mozilla) receive message submitted: is
bibitrender.info?
is code inserted in site hacker? have do?
i have deleted files in site, deleted database , uploaded backup version controlled malwarebytes anti malware program , using microsoft essentials security. problem persists. need solve possible.
thank
martino
is backup infected?
[ ] download , run forum post assistant / fpa instructions available here , included in download package. post generated results in security/been hacked topic. note: not download fpa other website or links found on internet.
[ ] ensure have latest version of joomla 1.5 or 2.5 version of joomla. delete files in joomla installation, saving copy of configuration.php file.
[ ] review vulnerable extensions list make sure 3rd party extensions versions used appear on vulnerable list.
[ ] review , action security checklist 7 make sure you've gone through of steps.
[ ] scan machines ftp, joomla super admin, , joomla admin access malware, virus, trojans, spyware, etc. checklist 7 contains list or recommended scanners.
[ ] change passwords , if possible user names website host control panel. change joomla database user name , password.
[ ] use proper permissions on files , directories. should never 777, ideal 644 files , 755 directories. configuration file can set 444 read only.
[ ] check htaccess for odd code (i.e. code not in standard htaccess supplied part of joomla installation).
[ ] check crontab or task scheduler unexpected jobs/tasks.
[ ] ensure not have anonymous ftp enabled.
[ ] verify individually non-joomla file such not limited placed on website such images, pdf files, files download, , other documents , files valid , supposed part of website.
[ ] replace deleted files fresh copies of current full version of joomla (minus installation directory) downloaded earlier. install freshly downloaded copies of extensions , templates used on site. if joomla database user name , password changed earlier, make necessary changes configuration.php file , upload copy website. upload non-joomla files necessary website. replacing files in installation (including extensions , templates) can sure remove backdoors inserted , hidden in various files , directories more detailed information can found in security checklist 7
[ ] download , run forum post assistant / fpa instructions available here , included in download package. post generated results in security/been hacked topic. note: not download fpa other website or links found on internet.
[ ] ensure have latest version of joomla 1.5 or 2.5 version of joomla. delete files in joomla installation, saving copy of configuration.php file.
[ ] review vulnerable extensions list make sure 3rd party extensions versions used appear on vulnerable list.
[ ] review , action security checklist 7 make sure you've gone through of steps.
[ ] scan machines ftp, joomla super admin, , joomla admin access malware, virus, trojans, spyware, etc. checklist 7 contains list or recommended scanners.
[ ] change passwords , if possible user names website host control panel. change joomla database user name , password.
[ ] use proper permissions on files , directories. should never 777, ideal 644 files , 755 directories. configuration file can set 444 read only.
[ ] check htaccess for odd code (i.e. code not in standard htaccess supplied part of joomla installation).
[ ] check crontab or task scheduler unexpected jobs/tasks.
[ ] ensure not have anonymous ftp enabled.
[ ] verify individually non-joomla file such not limited placed on website such images, pdf files, files download, , other documents , files valid , supposed part of website.
[ ] replace deleted files fresh copies of current full version of joomla (minus installation directory) downloaded earlier. install freshly downloaded copies of extensions , templates used on site. if joomla database user name , password changed earlier, make necessary changes configuration.php file , upload copy website. upload non-joomla files necessary website. replacing files in installation (including extensions , templates) can sure remove backdoors inserted , hidden in various files , directories more detailed information can found in security checklist 7
Comments
Post a Comment