New users added to Joomla site -- apparent hack - Joomla! Forum - community, help and support

i'm stepping through security steps (yes, know fault not having done). update extensions suggested in security checklist. (thank you, btw, took time post these security measures , processes; appreciative).

my question:
anyone know if upgrading 1.5.26 prevent sql injection (assumed) of new users db? know cause or vulnerability? unfortunately don't have logs available during time frame users added. i'm trying arrive @ level of confidence i've done necessary prevent further attack.

thanks!

problem description :: forum post assistant (v1.2.3) : 10th november 2012 wrote:users added joomla without doing

last php error(s) reported :: forum post assistant (v1.2.3) : 10th november 2012 wrote:[04-aug-2012 10:17:22] php fatal error: class 'jtoolbarhelper' not found in /home/shawnmwi/public_html/stjosephstoledo.com/administrator/components/com_jce/controller.php on line 83

actions taken resolve forum post assistant (v1.2.3) 10th november 2012 wrote:joomla users added site without doing so. guess done sort of sql injection, not sure. running fpa part of diagnostic , process secure site. though no defacing has been done, have site offline until upgraded recent version.

forum post assistant (v1.2.3) : 10th november 2012 wrote:

basic environment :: wrote:joomla! instance :: joomla! 1.5.8-production/stable (wohnaiki) 10-november-2008
joomla! configured :: yes | writable (644) | owner: shawnmwi (uid: 1/gid: 1) | group: shawnmwi (gid: 1) | valid for: 1.5
configuration options :: offline: 0 | sef: 0 | sef suffix: 0 | sef rewrite: 0 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: n/a | error reporting: -1 | site debug: 0 | language debug: 0 | database credentials present: yes

host configuration :: os: linux | os version: 2.6.18-408.el5.lve0.8.58 | technology: x86_64 | web server: litespeed | encoding: gzip, deflate | doc root: /home/shawnmwi/public_html/stjosephstoledo.com | system tmp writable: yes

php configuration :: version: 5.2.17 | php api: litespeed | session path writable: unknown | display errors: 1 | error reporting: 6135 | log errors to: error_log | last known error: 04th august 2012 10:17:22. | register globals: 0 | magic quotes: | safe mode: 0 | open base: /home/shawnmwi:/usr/lib/php:/usr/php4/lib/php:/usr/local/lib/php:/usr/local/php4/lib/php:/tmp | uploads: 1 | max. upload size: 250m | max. post size: 250m | max. input time: 60 | max. execution time: 30 | memory limit: 128m

mysql configuration :: version: 5.1.52-cll (client:5.1.52) | host: --protected-- (--protected--) | collation: utf8_unicode_ci (character set: utf8) | database size: 4.58 mib | #of tables: 49

detailed environment :: wrote:php extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | mysql (1.0) | simplexml (0.1) | posix () | pspell () | reflection (0.1) | imap () | spl (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $id: exif.c 293036 2010-01-03 09:23:27z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | litespeed () | imagick (3.0.1) | timezonedb () | pdo (1.0.4dev) | pdo_sqlite (1.0.1) | sqlite (2.0-dev) | pdo_mysql (1.0.2) | mailparse (2.1.5) | ioncube loader () | zend optimizer () | zend engine (2.2.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: no | server su: no | php su: no | custom su (litespeed/cloud/grid): yes
potential ownership issues: no

folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::

extensions discovered :: wrote:components :: site :: wrapper (1.5.0) | mailto (1.5.0) | user (1.5.0) | wf_contextmenu_title (2.0.1) | wf_nonbreaking_title (2.0.1) | wf_source_title (2.0.1) | wf_textcase_title (2.0.1) | wf_browser_title (2.0.1) | wf_autosave_title (2.0.1) | wf_spellchecker_title (2.0.1) | wf_print_title (2.0.1) | wf_table_title (2.0.1) | wf_link_title (2.0.1) | wf_preview_title (2.0.1) | wf_visualchars_title (2.0.1) | wf_imgmanager_title (2.0.1) | wf_media_title (2.0.1) | wf_directionality_title (2.0.1) | wf_article_title (2.0.1) | wf_paste_title (2.0.1) | wf_cleanup_title (2.0.1) | wf_inlinepopups_title (2.0.1) | wf_xhtmlxtras_title (2.0.1) | wf_style_title (2.0.1) | wf_searchreplace_title (2.0.1) | wf_layer_title (2.0.1) | wf_fullscreen_title (2.0.1) | wf_filesystem_joomla_title (2.0.1) | wf_popups_window_title (2.0.1) | wf_popups_jcemediabox_title (2.0.1) | wf_links_joomlalinks_title (2.0.1) | wf_mediaplayer_jceplayer_title (2.0.1) | wf_aggregator_vimeo_title (2.0.1) | [youtube] (2.0.1) | default (1.0.0) |
components :: admin :: configuration manager (1.5.0) | search (1.5.0) | template manager (1.5.0) | installation manager (1.5.0) | module manager (1.5.0) | messaging (1.5.0) | polls (1.5.0) | trash (1.0.0) | morfeoshow (1.2.0) | content page (1.5.0) | weblinks (1.5.0) | media manager (1.5.0) | user manager (1.5.0) | frontpage (1.5.0) | newsfeeds (1.5.0) | plugin manager (1.5.0) | mass mail (1.5.0) | editor - jce (2.0.1) | unknown (-) | jce (2.0.1) | cache manager (1.5.0) | phocagallery (2.8.1) | banners (1.5.0) | menus manager (1.5.0) | contact items (1.0.0) | control panel (1.5.0) | language manager (1.5.0) |

modules :: site :: wrapper (1.0.0) | poll (1.5.0) | read content (1.5.0) | syndicate (1.5.0) | search (1.0.0) | related items (1.0.0) | latest news (1.5.0) | login (1.5.0) | custom html (1.5.0) | footer (1.5.0) | archived content (1.5.0) | statistics (1.5.0) | banner (1.5.0) | menu (1.5.0) | newsflash (1.5.0) | breadcrumbs (1.5.0) | feed display (1.5.0) | random image (1.5.0) | sections (1.5.0) | who\'s online (1.0.0) |
modules :: admin :: latest news (1.0.0) | unread items (1.0.0) | user status (1.5.0) | logged in users (1.0.0) | toolbar (1.0.0) | admin menu (1.0.0) | title (1.0.0) | admin submenu (1.0.0) | login form (1.0.0) | custom html (1.5.0) | quick icons (1.0.0) | footer (1.0.0) | items stats (1.0.0) | popular items (1.0.0) | feed display (1.5.0) | online users (1.0.0) |

plugins :: site :: editor - tinymce 2.1 (2.1.2) | editor - jce (2.0.1) | editor - xstandard lite jo (1.0) | system - debug (1.5) | system - backlinks (1.5) | system - log (1.5) | system - sef (1.5) | system - cache (1.5) | system - ie8 compatibility (1.1) | system - remember me (1.5) | system - legacy (1.5) | user - joomla! (1.5) | user - example (1.0) | content - vote (1.5) | content - morfeoshow (1.2.0) | content - pb:mediael (0.4) | content - code highlighter (ge (1.5) | content - page navigation (1.5) | content - load modules (1.5) | content - example (1.0) | content - email cloaking (1.5) | content - pagebreak (1.5) | xml-rpc - joomla api (1.0) | xml-rpc - blogger api (1.0) | button - readmore (1.5) | button - image (1.0.0) | button - pagebreak (1.5) | authentication - joomla (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | authentication - example (1.5) | authentication - gmail (1.5) | search - newsfeeds (1.5) | search - contacts (1.5) | search - weblinks (1.5) | search - content (1.5) | search - categories (1.5) | search - sections (1.5) |

templates discovered :: wrote:templates :: site :: rhuk_milkyway (1.0.2) | ja_purity (1.2.0) | csstemplatetutorialstep4 (1.0) | beez (1.0.0) | skeleton-template-tableless (1.3) | ja_purity_sjmod01 (1.0.0) |
templates :: admin :: khepri (1.0) |