I think my site has been hacked again - FPA used - Joomla! Forum - community, help and support

-

my site hacked yesterday. when accessed via mobile redirected porn site. site rolled host , fine.

tonight, first cannot edit categories, can't access breezing forms throwing form contacts via mail daemon. have deleted breezing forms. super user group has gone , have no global configuration.

forum post assistant (v1.2.3) : 12th january 2013 wrote:
basic environment :: wrote:joomla! instance :: joomla! 2.5.8-stable (ember) 8-november-2012
joomla! platform :: joomla platform 11.4.0-stable (brian kernighan) 03-jan-2012
joomla! configured :: yes | read-only (444) | owner: homeless1 (uid: 1/gid: 1) | group: homeless (gid: 1) | valid for: 1.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: n/a | unicode slugs: n/a | database credentials present: yes

host configuration :: os: linux | os version: 2.6.32.21-grsec | technology: x86_64 | web server: apache | encoding: gzip, deflate | doc root: /var/sites/w/www.homelesshounds.org.uk/public_html | system tmp writable: yes

php configuration :: version: 5.3.10 | php api: cgi-fcgi | session path writable: no | display errors: 1 | error reporting: 30711 | log errors to: | last known error: | register globals: | magic quotes: 1 | safe mode: | open base: | uploads: 1 | max. upload size: 100m | max. post size: 100m | max. input time: 6000 | max. execution time: 60 | memory limit: 128m

mysql configuration :: version: 5.5.28-29.1 (client:5.0.77) | host: --protected-- (--protected--) | collation: utf8_general_ci (character set: utf8) | database size: 10.42 mib | #of tables: 159
detailed environment :: wrote:php extensions :: core (5.3.10) | date (5.3.10) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | spl (0.2) | iconv () | session () | json (1.2.1) | ldap () | mbstring () | mcrypt () | mssql () | mysql (1.0) | mysqli (0.1) | standard (5.3.10) | pdo (1.0.4dev) | pdo_mysql (1.0.2) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | phar (2.0.1) | posix () | reflection ($revision: 321634 $) | imap () | simplexml (0.1) | soap () | sockets () | sqlite (2.0-dev) | exif (1.4 $id: exif.c 321634 2012-01-01 13:15:04z felipe $) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | memcache (3.0.6) | geoip (1.0.8) | mhash () | ioncube loader () | zend guard loader () | zend engine (2.3.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: yes | server su: yes | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: no
folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::
extensions discovered :: wrote:components :: site :: com_wrapper (2.5.0) | com_mailto (2.5.0) |
components :: admin :: com_cpanel (2.5.0) | com_admin (2.5.0) | com_search (2.5.0) | com_redirect (2.5.0) | com_login (2.5.0) | com_media (2.5.0) | com_config (2.5.0) | com_templates (2.5.0) | com_menus (2.5.0) | com_content (2.5.0) | com_newsfeeds (2.5.0) | com_weblinks (2.5.0) | com_modules (2.5.0) | com_contenttemplater (4.0.1free) | com_finder (2.5.0) | com_messages (2.5.0) | acymailing tag : cb user infor (3.7.0) | acymailing tag : content inser (3.7.0) | acymailing : share on social n (1.0.0) | acymailing tag : date / time (3.7.0) | acymailing : (auto)subscribe d (3.7.0) | acymailing : trigger joomla co (3.7.0) | acymailing : statistics plugin (3.7.0) | acymailing tag : subscriber in (3.7.0) | acymailing tag : manage su (3.7.0) | acymailing tag : website links (3.7.0) | acymailing table of contents g (1.0.0) | acymailing tag : joomla user (3.7.0) | acymailing manage text (1.0.0) | acymailing template class repl (3.7.0) | acymailing module (3.7.0) | acymailing (4.0.1) | com_users (2.5.0) | com_languages (2.5.0) | com_joomlaupdate (2.5.0) | com_cache (2.5.0) | com_banners (2.5.0) | com_plugins (2.5.0) | ic agenda (1.2.9) | com_checkin (2.5.0) | art [removed] (1.4.0) | com_installer (2.5.0) | com_categories (2.5.0) |

modules :: site :: mod_weblinks (2.5.0) | mod_banners (2.5.0) | mod_articles_categories (2.5.0) | mod_qlform (4.2) | mod_syndicate (2.5.0) | ari yui menu (2.1.0) | mod_finder (2.5.0) | mod_whosonline (2.5.0) | mod_languages (2.5.0) | mod_related_items (2.5.0) | mod_articles_latest (2.5.0) | mod_breadcrumbs (2.5.0) | mod_search (2.5.0) | mod_random_image (2.5.0) | mod_articles_news (2.5.0) | mod_custom (2.5.0) | ic calendar (1.2.8) | mod_feed (2.5.0) | mod_articles_archive (2.5.0) | mod_menu (2.5.0) | [spam] joomla! (1.0.0) | mod_users_latest (2.5.0) | mod_login (2.5.0) | acymailing module (3.7.0) | mod_footer (2.5.0) | mod_stats (2.5.0) | mod_wrapper (2.5.0) | mod_articles_popular (2.5.0) | mod_articles_category (2.5.0) |
modules :: admin :: mod_menu (2.5.0) | mod_status (2.5.0) | mod_version (2.5.0) | mod_latest (2.5.0) | mod_multilangstatus (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_title (2.5.0) | mod_quickicon (2.5.0) | mod_popular (2.5.0) | mod_feed (2.5.0) | mod_submenu (2.5.0) | mod_custom (2.5.0) | mod_toolbar (2.5.0) |

plugins :: site :: plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_contenttemplat (4.0.1free) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | plg_search_categories (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_content (2.5.0) | plg_search_contacts (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_system_p3p (2.5.0) | plg_system_contenttemplater (4.0.1free) | plg_system_languagefilter (2.5.0) | plg_system_nnframework (12.12.7) | plg_system_languagecode (2.5.0) | acymailing : (auto)subscribe d (3.7.0) | plg_system_sef (2.5.0) | plg_system_log (2.5.0) | plg_system_remember (2.5.0) | plg_system_redirect (2.5.0) | plg_system_logout (2.5.0) | plg_system_highlight (2.5.0) | plg_system_debug (2.5.0) | plg_system_cache (2.5.0) | plg_content_accordionfaq (2.5.5) | plg_captcha_recaptcha (2.5.0) | acymailing tag : cb user infor (3.7.0) | acymailing table of contents g (1.0.0) | acymailing manage text (1.0.0) | acymailing tag : date / time (3.7.0) | acymailing tag : website links (3.7.0) | acymailing template class repl (3.7.0) | acymailing tag : joomla user (3.7.0) | acymailing : statistics plugin (3.7.0) | acymailing tag : manage su (3.7.0) | acymailing : trigger joomla co (3.7.0) | acymailing tag : content inser (3.7.0) | acymailing : share on social n (1.0.0) | acymailing tag : subscriber in (3.7.0) | plg_extension_joomla (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) |
templates discovered :: wrote:templates :: site :: beez_20 (2.5.0) | beez5 (2.5.0) | atomic (2.5.0) |
templates :: admin :: bluestork (2.5.0) | hathor (2.5.0) |

the site rolled host , fine.

likely insecurity exists in files backed , hack files backed , contained within backups. why don't use backups restore site hacked. use backups restore lost data only.

these settings excessive. need these set high are? these being set high indication of hack.
max. upload size: 100m | max. post size: 100m | max. input time: 6000 seconds
normal settings 48m both , 60 seconds.

the current version of breezing forms 1.8.1 (build 809). earlier versions may insecure. there google reports of issues extension did not check validity of them.

your joomla installation configured there wrong it.
joomla! instance :: joomla! 2.5.8-stable
joomla! configured :: yes | read-only (444) | owner: homeless1 (uid: 1/gid: 1) | group: homeless (gid: 1) | valid for: 1.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: n/a | unicode slugs: n/a | database credentials present: yes
joomla! configured :: yes means there valid configuration file.
database credentials present: yes means there valid connection database.

valid for: 1.5 means there wrong files installed fpa indicating 2.5 installed.
this due host restoring old version of site, improper/incomplete migration 1.5 (the move 1.5 2.5 migration not update) resulting in incompatibilities or hacker replaced number of files pre-hacked 1.5 versions. 1.5 files/database not work 2.5 , 2.5 files/database not work 1.5.

you should follow information here viewtopic.php?f=621&t=582854 in order clean , restore site.

i check domain/account added sites or sub-domains should not there.





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

PProHeadless.exe has stopped working error when opening projects in Adobe Media Encoder CS6

-
hi, upgraded adobe cloud cs6 , having problems adobe media encoder cs 6 (version 6.0.1.31 64-bit).   when try add adobe premiere projects in ame, gives me following error:   pproheadless.exe has stopped working   i tried rebooting, , still gives me same error.  project load, won't.   the premiere projects contain h.264 .mov file coming canon t2i.  added overlay logo bottom right of video created in adobe after effects, contains text, no effects, no motion, etc.  have .wav file recorded zoom h4n, not always.  edit in adobe audition remove noise feature.   i running on windows 7 ultimate 64-bit.  i'm using i7 16gb ram , ati 6870 video card.   i have lut buddy plugin installed.   it give me error first time try load project, , connection dynamic link server fail.  afterwards, if try load project again, if restart ame, stays stuck in connecting dynamic link server...   any provide appreciated. what happens when drag , a...
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more