1.5.26 website hacked, need help asap - Joomla! Forum - community, help and support
problem description :: forum post assistant (v1.2.3) : 1st november 2012 wrote:.jv , .htaccess injections
last php error(s) reported :: forum post assistant (v1.2.3) : 1st november 2012 wrote:[01-nov-2012 15:56:25 utc] php notice: constant ds defined in /home/mdbarnma/public_html/index.php on line 20
actions taken resolve forum post assistant (v1.2.3) 1st november 2012 wrote:i have removed infected files return each time access stie, think anyway.
forum post assistant (v1.2.3) : 1st november 2012 wrote:basic environment :: wrote:joomla! instance :: joomla! 1.5.26-stable (senu takaa ama busani) 27-march-2012
joomla! configured :: yes | read-only (444) | owner: mdbarnma (uid: 1/gid: 1) | group: mdbarnma (gid: 1) | valid for: 1.5
configuration options :: offline: 1 | sef: 1 | sef suffix: 0 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: 30719 | site debug: 0 | language debug: 0 | database credentials present: yes
host configuration :: os: linux | os version: 2.6.18-194.32.1.el5 | technology: x86_64 | web server: apache | encoding: gzip, deflate | doc root: /home/mdbarnma/public_html | system tmp writable: yes
php configuration :: version: 5.3.10 | php api: cgi-fcgi | session path writable: unknown | display errors: 1 | error reporting: 22519 | log errors to: error_log | last known error: 01st november 2012 15:58:20. | register globals: 1 | magic quotes: 1 | safe mode: 0 | open base: | uploads: 1 | max. upload size: 4m | max. post size: 8m | max. input time: 120 | max. execution time: 120 | memory limit: 500m
mysql configuration :: version: 5.0.96-community-log (client:5.0.96) | host: --protected-- (--protected--) | collation: latin1_swedish_ci (character set: latin1) | database size: 9.20 mib | #of tables: 90detailed environment :: wrote:php extensions :: core (5.3.10) | date (5.3.10) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | hash (1.0) | iconv () | spl (0.2) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | posix () | reflection ($revision: 321634 $) | session () | standard (5.3.10) | simplexml (0.1) | soap () | sockets () | sqlite (2.0-dev) | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | cgi-fcgi () | suhosin (0.9.33) | timezonedb () | ioncube loader () | zend guard loader () | zend engine (2.3.0) |
potential missing extensions ::
switch user environment (experimental) :: php cgi: yes | server su: yes | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: nofolder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
elevated permissions (first 10) ::extensions discovered :: wrote:components :: site :: wrapper (1.5.0) | black (1.0.0) | mailto (1.5.0) | user (1.5.0) | wf_browser_title (2.2.8.4) | wf_textcase_title (2.2.8.4) | wf_searchreplace_title (2.2.8.4) | wf_autosave_title (2.2.8.4) | wf_contextmenu_title (2.2.8.4) | wf_preview_title (2.2.8.4) | [do not buy our kitchens!] (2.2.8.4) | wf_source_title (2.2.8.4) | wf_anchor_title (2.2.8.4) | wf_clipboard_title (2.2.8.4) | wf_visualblocks_title (2.2.8.4) | wf_layer_title (2.2.8.4) | wf_directionality_title (2.2.8.4) | wf_visualchars_title (2.2.8.4) | wf_cleanup_title (2.2.8.4) | wf_nonbreaking_title (2.2.8.4) | wf_table_title (2.2.8.4) | wf_spellchecker_title (2.2.8.4) | wf_style_title (2.2.8.4) | wf_print_title (2.2.8.4) | wf_fullscreen_title (2.2.8.4) | wf_xhtmlxtras_title (2.2.8.4) | wf_link_title (2.2.8.4) | wf_imgmanager_title (2.2.8.4) | wf_media_title (2.2.8.4) | wf_inlinepopups_title (2.2.8.4) | wf_article_title (2.2.8.4) | wf_mediaplayer_jceplayer_title (2.2.8.4) | wf_links_joomlalinks_title (2.2.8.4) | wf_link_search_title (2.2.8.4) | wf_filesystem_joomla_title (2.2.8.4) | wf_popups_jcemediabox_title (2.2.8.4) | wf_popups_window_title (2.2.8.4) | [youtube] (2.2.8.4) | wf_aggregator_vimeo_title (2.2.8.4) |
components :: admin :: billets (1.52) | weblinks (1.5.0) | contact items (1.0.0) | template manager (1.5.0) | language manager (1.5.0) | multi sites (1.2.94) | messaging (1.5.0) | frontpage (1.5.0) | trash (1.0.0) | osefileman (3.0.4) | osefileman (3.0.4) | ose_antivirus (3.0.4) | media manager (1.5.0) | user manager (1.5.0) | installation manager (1.5.0) | newsfeeds (1.5.0) | tienda (0.8.2 communi) | cache manager (1.5.0) | menus manager (1.5.0) | search (1.5.0) | mass mail (1.5.0) | akeeba (3.3.6) | acymailing (3.0.0) | acymailing tag : virtuemart pe (3.0.0) | acymailing tag : website links (3.0.0) | acymailing : trigger joomla co (3.0.0) | acymailing table of contents g (1.0.0) | acymailing module (3.0.0) | acymailing tag : insert virtue (1.2.1) | acymailing : (auto)subscribe d (3.0.0) | acymailing : share on social n (1.0.0) | acymailing tag : manage su (3.0.0) | acymailing manage text (1.0.0) | acymailing tag : subscriber in (3.0.0) | acymailing tag : cb user infor (3.0.0) | acymailing tag : content inser (3.0.0) | acymailing : handle click trac (3.0.0) | acymailing tag : joomla user (3.0.0) | acymailing tag : date / time (3.0.0) | acymailing : statistics plugin (3.0.0) | acymailing tag : insert modu (3.0.0) | acymailing template class repl (3.0.0) | acymailing tag : jomsocial use (3.0.0) | widgetkit (1.0.0 beta 16) | control panel (1.5.0) | configuration manager (1.5.0) | mysite (0.2.0) | unknown (-) | jce (2.2.8.4) | jce file browser (2.0.0) | plg_quickicon_jcefilebrowser (2.5.0) | editor - jce (2.2.8.4) | editor - jce (2.2.8.4) | jce (2.2.8.4) | zoo (2.5.10) | ose_antihacker (3.0.0) | polls (1.5.0) | flippingbook (1.5.13) | banners (1.5.0) | module manager (1.5.0) | plugin manager (1.5.0) | unknown (-) | unknown (-) | breezingforms (1.8 stable (b) | ose_cpu (3.11) | content page (1.5.0) |
modules :: site :: poll (1.5.0) | archived content (1.5.0) | related items (1.0.0) | feed display (1.5.0) | acymailing module (3.0.0) | breadcrumbs (1.5.0) | login (1.5.0) | statistics (1.5.0) | read content (1.5.0) | yoocarousel (1.5.18) | custom html (1.5.0) | latest news (1.5.0) | widgetkit (1.0.0) | search (1.0.0) | newsflash (1.5.0) | footer (1.5.0) | jquery ui popup (1.0) | menu (1.5.0) | banner (1.5.0) | who\'s online (1.0.0) | breezingforms (1.7.2 stable) | sections (1.5.0) | syndicate (1.5.0) | widgetkit twitter (1.0.0) | wrapper (1.0.0) | random image (1.5.0) |
modules :: admin :: tienda admin-side submenu (0.8.2) | unread items (1.0.0) | title (1.0.0) | logged in users (1.0.0) | recent orders (0.8.2) | user addresses (0.8.2) | feed display (1.5.0) | login form (1.0.0) | items stats (1.0.0) | admin menu (1.0.0) | tienda quick icon (0.8.2) | custom html (1.5.0) | tienda - admin search (0.8.2) | footer (1.0.0) | zoo quick icons (2.5.0) | online users (1.0.0) | toolbar (1.0.0) | user status (1.5.0) | akeeba backup notification mod (3.3.6) | admin submenu (1.0.0) | popular items (1.0.0) | sales statistics (0.8.2) | jce file browser (2.0.0) | quick icons (1.0.0) | latest news (1.0.0) |
plugins :: site :: xml-rpc - blogger api (1.0) | xml-rpc - joomla api (1.0) | authentication - gmail (1.5) | authentication - ldap (1.5) | authentication - openid (1.5) | authentication - example (1.5) | authentication - joomla (1.5) | user - example (1.0) | user - joomla! (1.5) | acymailing : statistics plugin (3.0.0) | acymailing tag : insert modu (3.0.0) | acymailing tag : content inser (3.0.0) | acymailing tag : subscriber in (3.0.0) | acymailing manage text (1.0.0) | acymailing template class repl (3.0.0) | acymailing tag : insert virtue (1.2.1) | acymailing tag : website links (3.0.0) | acymailing table of contents g (1.0.0) | acymailing : trigger joomla co (3.0.0) | acymailing tag : date / time (3.0.0) | acymailing : share on social n (1.0.0) | acymailing tag : manage su (3.0.0) | acymailing : handle click trac (3.0.0) | acymailing tag : joomla user (3.0.0) | multisites patches yoo (1.1.7) | search - categories (1.5) | search - sections (1.5) | search - weblinks (1.5) | search - content (1.5) | search - newsfeeds (1.5) | search - contacts (1.5) | content - faq slider plugin (0.9rc5.1) | content - load modules (1.5) | content - example (1.0) | content - pagebreak (1.5) | content - page navigation (1.5) | content - widgetkit (1.0.0) | simple image gallery plugin (1.2.1) | content - vote (1.5) | content - email cloaking (1.5) | content - code highlighter (ge (1.5) | button - readmore (1.5) | button - image (1.0.0) | button - pagebreak (1.5) | editor - jce (2.2.8.4) | editor - tinymce 3 (3.2.6) | editor - xstandard lite jo (1.0) | system - multisites id (1.1.1) | system - ose secure (3.0) | system - debug (1.5) | acymailing : (auto)subscribe d (3.0.0) | system - widgetkit (1.0.0) | system - widgetkit zoo (1.0.0) | system - legacy (1.5) | system - remember me (1.5) | system - widgetkit joomla (1.0.0) | system - mootools upgrade (1.5) | system - set generator tag (2.0) | system - sef (1.5) | system - log (1.5) | system - cache (1.5) | system - backlinks (1.5) | search replace (1.3.0) |templates discovered :: wrote:templates :: site :: rhuk_milkyway (1.0.2) | ja_purity (1.2.0) | beez (1.0.0) | yoo_neo (5.5.12) |
templates :: admin :: khepri (1.0) |
here code injected .js files.
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="12" width="12"></iframe>');
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="12" width="12"></iframe>');
Comments
Post a Comment