The username & password is getting compromised - Joomla! Forum - community, help and support
hi,
i running website in joomla 2.5.8 , somehow 1 particular hacker hacking website again , again. hacked website , identified username , password of joomla user table. run fpa , given below
i run jamss.php in website , given output below.
could please me whats wrong in current settings.
i running website in joomla 2.5.8 , somehow 1 particular hacker hacking website again , again. hacked website , identified username , password of joomla user table. run fpa , given below
problem description :: forum post assistant (v1.2.3) : 27th december 2012 wrote:my website hacked 1 particular person. hacking username , password , login websiet , nasty things.
last php error(s) reported :: forum post assistant (v1.2.3) : 27th december 2012 wrote:[27-dec-2012 07:01:51 utc] php parse error: syntax error, unexpected $end in /home2/jeeema/public_html/fpa-en.php on line 110
forum post assistant (v1.2.3) : 27th december 2012 wrote:basic environment :: wrote:joomla! instance :: joomla! 2.5.8-stable (ember) 8-november-2012
joomla! platform :: joomla platform 11.4.0-stable (brian kernighan) 03-jan-2012
joomla! configured :: yes | read-only (444) | owner: jeeema (uid: 1/gid: 1) | group: jeeema (gid: 1) | valid for: 2.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 1 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: 1 | unicode slugs: 0 | database credentials present: yes
host configuration :: os: linux | os version: 2.6.32-220.4.2.el6.x86_64 | technology: x86_64 | web server: apache | encoding: gzip, deflate | doc root: /home2/jeeema/public_html | system tmp writable: yes
php configuration :: version: 5.3.10 | php api: cgi-fcgi | session path writable: yes | display errors: | error reporting: 6135 | log errors to: error_log | last known error: 27th december 2012 01:01:51. | register globals: 0 | magic quotes: 1 | safe mode: 0 | open base: | uploads: 1 | max. upload size: 100m | max. post size: 100m | max. input time: 60 | max. execution time: 30 | memory limit: 32m
mysql configuration :: version: 5.1.66-cll (client:5.1.66) | host: --protected-- (--protected--) | collation: utf8_general_ci (character set: utf8) | database size: 2.13 mib | #of tables: 139detailed environment :: wrote:php extensions :: core (5.3.10) | date (5.3.10) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | filter (0.11.0) | ftp () | gd () | hash (1.0) | iconv () | spl (0.2) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | pgsql () | session () | standard (5.3.10) | posix () | reflection ($revision: 321634 $) | phar (2.0.1) | simplexml (0.1) | soap () | sockets () | imap () | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | cgi-fcgi () | eaccelerator (0.9.6.1) | suhosin (0.9.33) | timezonedb () | pdo (1.0.4dev) | pdo_sqlite (1.0.1) | sqlite (2.0-dev) | pdo_mysql (1.0.2) | ioncube loader () | zend guard loader () | zend engine (2.3.0) |
potential missing extensions ::
switch user environment (experimental) :: php cgi: yes | server su: no | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: nofolder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
elevated permissions (first 10) ::extensions discovered :: wrote:components :: site :: com_mailto (2.5.0) | com_wrapper (2.5.0) | cb mambo author tab (1.2) | cb mamblog tab (1.2) | cb privacy (1.3) | yanc integration (1.2) | cb captcha (1.3) |
components :: admin :: com_checkin (2.5.0) | jeema article access (1.0) | com_installer (2.5.0) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | joomlack pugin manager control (1.0.0 develop) | com_jckman (4.8.3) | com_search (2.5.0) | com_dolshimageslider (1.0.0.stable) | com_admin (2.5.0) | com_config (2.5.0) | com_joomlaupdate (2.5.0) | com_menus (2.5.0) | com_login (2.5.0) | akeeba (3.6.10) | com_modules (2.5.0) | com_banners (2.5.0) | com_content (2.5.0) | com_redirect (2.5.0) | com_messages (2.5.0) | com_users (2.5.0) | com_phocadownload (2.1.| com_templates (2.5.0) | com_cpanel (2.5.0) | com_cache (2.5.0) | com_newsfeeds (2.5.0) | com_plugins (2.5.0) | com_languages (2.5.0) | zj_fileseller (1.7.3) | com_categories (2.5.0) | comprofiler (1.8.1) | com_finder (2.5.0) | com_weblinks (2.5.0) | jeematicket (1.1) | com_media (2.5.0) |
modules :: site :: mod_articles_popular (2.5.0) | mod_whosonline (2.5.0) | phoca download section menu mo (1.3.5) | mod_related_items (2.5.0) | fileseller products (1.5.3) | mod_languages (2.5.0) | mod_footer (2.5.0) | mod_feed (2.5.0) | mod_search (2.5.0) | mod_syndicate (2.5.0) | mod_articles_categories (2.5.0) | zj fileseller ajax search (1.0.0) | mod_articles_news (2.5.0) | mod_wrapper (2.5.0) | mod_articles_category (2.5.0) | cb login (1.
modules :: admin :: mod_toolbar (2.5.0) | mod_feed (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_online (1.6.0) | mod_multilangstatus (2.5.0) | mod_logged (2.5.0) | mod_quickicon (2.5.0) | mod_login (2.5.0) | mod_custom (2.5.0) | mod_popular (2.5.0) | joomlack pugin manager control (1.0.0 develop) | mod_latest (2.5.0) | mod_menu (2.5.0) | mod_unread (1.6.0) | mod_status (2.5.0) | mod_version (2.5.0) |
plugins :: site :: plg_captcha_recaptcha (2.5.0) | plg_search_categories (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_content (2.5.0) | plg_search_contacts (2.5.0) | plg_loginprotector (2.5.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_extension_joomla (2.5.0) | plg_system_log (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_p3p (2.5.0) | plg_system_remember (2.5.0) | plg_system_jlsecuremysite (1.0.1) | system - jck modal (1.0) | plg_system_highlight (2.5.0) | plg_system_cache (2.5.0) | system - marco's sql injection (1.1.0) | plg_system_logout (2.5.0) | plg_system_languagecode (2.5.0) | plg_system_sef (2.5.0) | plg_system_debug (2.5.0) | plg_system_securityimages (6.0.2) | plg_system_redirect (2.5.0) | content - jeema article access (1.0) | plg_content_emailcloak (2.5.0) | plg_content_vote (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_finder (2.5.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | unknown (0.1) | jtreelink (1.0) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | system - jck typography (3.4.templates discovered :: wrote:templates :: site :: atomic (2.5.0) | beez_20 (2.5.0) | beez5 (2.5.0) | jt001_j16 (1.6.0) |
templates :: admin :: bluestork (2.5.0) | hathor (2.5.0) |
i run jamss.php in website , given output below.
could please me whats wrong in current settings.
hello,
i didn't found suspicious in jamss results, there strange components "unknown" present :
i'd suggest go through viewtopic.php?f=621&t=582854, clean install, remove unnecessary extensions, verify extensions against vel list ...
i didn't found suspicious in jamss results, there strange components "unknown" present :
extensions discovered :: wrote:components :: site :: com_mailto (2.5.0) | com_wrapper (2.5.0) | cb mambo author tab (1.2) | cb mamblog tab (1.2) | cb privacy (1.3) | yanc integration (1.2) | cb captcha (1.3) |
components :: admin :: com_checkin (2.5.0) | jeema article access (1.0) | com_installer (2.5.0) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | unknown (0.1) | joomlack pugin manager control (1.0.0 develop) | com_jckman (4.8.3) | com_search (2.5.0) | com_dolshimageslider (1.0.0.stable) | com_admin (2.5.0) | com_config (2.5.0) | com_joomlaupdate (2.5.0) | com_menus (2.5.0) | com_login (2.5.0) | akeeba (3.6.10) | com_modules (2.5.0) | com_banners (2.5.0) | com_content (2.5.0) | com_redirect (2.5.0) | com_messages (2.5.0) | com_users (2.5.0) | com_phocadownload (2.1.
i'd suggest go through viewtopic.php?f=621&t=582854, clean install, remove unnecessary extensions, verify extensions against vel list ...
Comments
Post a Comment