SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Location
    Hillsborough NH
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help my Joomla 1.5.26 site has been hacked.....

    We just went through a whole lockdown and restore process for our Joomla process and I just scanned our code with a google fetch through webmaster tools and here is what I am seeing in the head of my homepage:

    HTTP/1.1 200 OK
    Date: Thu, 20 Jun 2013 18:00:32 GMT
    Server: Apache
    X-Powered-By: PHP/5.3.22
    Content-Length: 32948
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
    <head>
    <script src="http://www.massalfa.org/Assets/JS/JQuery/JQuery.js" type="text/javascript"></script>
    <base href="http://www.massalfa.org/" />
    <meta http-equiv="content-type" content="text/html; charset=utf-8" />
    <meta name="robots" content="index, follow" />
    <meta name="keywords" content="Viagra, Assisted Living, Viagra Massachusetts Assisted Living, MA Assisted Living, Elder Care, Elderly Living Space, Assisted Living Facility" />
    <meta name="googlebot" content="NOODP">
    <meta name="robots" content="NOODP">
    <meta name="robots" content="noydir">


    <meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
    <title>Buy Viagra (Sildenafil) Online >> Lowest Prices Guaranteed</title>
    <meta name="description" content="Buy Viagra online from an official certified pharmacy, OVERNIGHT Shipping, Exclusive & competitive discount prices, express shipping & discrete packaging." />

    <link href="/index.php?format=feed&type=rss" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
    <link href="/index.php?format=feed&type=atom" rel="alternate" type="application/atom+xml" title="Atom 1.0" />

    <script src="/js/OrganizationTabbedPanels.js" type="text/javascript"></script>
    <link href="/css/HomeTabbedPanels.css" rel="stylesheet" type="text/css" />
    <link href="http://www.massalfa.org/css/MA-Global.css" rel="stylesheet" type="text/css" />
    <link href="http://www.massalfa.org/css/MA-Home.css" rel="stylesheet" type="text/css" />
    <link href="http://www.massalfa.org/Assets/JS/JQuery/ToolTip/ToolTip.css" rel="stylesheet" type="text/css" />
    <script src="http://www.massalfa.org/Assets/JS/JQuery/ToolTip/ToolTip.js" type="text/javascript"></script>
    <script src="http://www.massalfa.org/Assets/JS/JQuery/Dimensions.js" type="text/javascript"></script>
    <!--[if !IE]><!-->
    <link href="http://www.massalfa.org/css/IE.css" rel="stylesheet" type="text/css" />
    <!--<![endif]-->
    <meta name="google-site-verification" content="5WL6fE3YT8bIgX0df-pHuCErWVZCwCT42Rud7DbwWDQ" />
    <meta name="msvalidate.01" content="F44FFAFB7669C57DD48ABA7337805334" />
    <script type="text/javascript">
    function ClearFields(Item) {
    Parent = $(Item).parent().parent().parent().parent().parent();
    Checkboxes = $(Parent).find('input:checkbox');
    $(Checkboxes).each(function() {
    $(this).removeAttr('checked');
    });
    Text = $(Parent).find('input:text');
    $(Text).each(function() {
    $(this).val('');
    });
    Select = $(Parent).find('select');
    $(Select).each(function() {
    //console.log($(this));
    $(this).val('');
    });
    }
    </script>
    </head>

    Has anyone ever dealt with anything like this on their joomla sites and how did you fix it?
    Matt Nelson
    Nelson Design Studios
    www.nelsondesignstudios.com

  2. #2
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,046
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    You may not like the short answer.

    Upgrade

    From Joomla 1.5.26
    Quote Originally Posted by Force Flow View Post
    What forum module are you using? It's possible that another module might accept an export from the older forum module you're using in Joomla 1.5.

    You're SOL when it comes to Joomla 1.5 and security. Support for it was dropped at the end of 2012. Meaning, any new bugs or security flaws that have been discovered since then will remain unpatched. It's a risky move to continue running an unsupported CMS version.

    Joomla, and especially the 1.5 branch, has been infamous for its security issues.

  3. #3
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    You'll have to restore the files and database from a backup to a point before when the hack occurred.

    Typically, there's been some code injected into various PHP files. It's difficult to check all the PHP files by hand for the code that's been injected, especially if it's something you're unfamiliar with. There's also the possibility that your database was messed with as well. Hence, my recommendation to restore from a backup.

    As for preventing this from happening again...change your control panel password, your user/FTP passwords, your database passwords, make sure your web files are set to 644 permissions, and don't use Joomla 1.5.x.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  4. #4
    SitePoint Enthusiast
    Join Date
    Oct 2007
    Location
    Hillsborough NH
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We did do a complete restore on the web files but not the database can meta data overrides like this be coming from the actual database?
    Matt Nelson
    Nelson Design Studios
    www.nelsondesignstudios.com

  5. #5
    SitePoint Member
    Join Date
    Oct 2012
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess it comes from template file with security issue. You should check with your hosting provider about it.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •