: How could this site have been infected? I run a small website on some Joomla 1.5 version. It appears that today it was hacked: The index.php and index2.php files were overwritten, the administrator

Posted in: #Hacking #Joomla #Malware #Php

I run a small website on some Joomla 1.5 version. It appears that today it was hacked: The index.php and index2.php files were overwritten, the administrator account had its password changed, and the images folder contained a probably malicious executable file.

I was able to restore the index pages with a backup and reset the admin user with another privileged user account.

As I'm not that much of an expert in these things, my question is: How could this site have been infected? Like in: How was it possible to actually delete and replace certain files and store an executable in a folder. How could someone change the admin password, but leave the rest untouched?

(I am very aware of the importance of installing core version updates - I am more interested in how such an attack could have been executed.)

Thank you for any insightful answer.

10.03% popularity Vote Up Vote Down

: Unfortunately, it doesn't look like Google Analytics will allow you to drill down beyond a particular day, though it will let you expand to weekly or monthly views. To get that kind of data,

@Steve110

0 Comments

: Lifehacker's Texter is the only standalone one I know of. It's free, open source, and easy to use. Also, if you have a background in programming, AutoHotkey might be a viable option. Texter

@Steve110

0 Comments

: Yahoo sitemap validation I am trying to submit sitemap.xml (Index) to Yahoo Site Explorer but with no luck. I tried using website feed option in the site explorer to submit the sitemap, but

@Steve110

Posted in: #Sitemap #Validation #Yahoo

2 Comments

: How secure is using .htpasswd to secure a directory? I'm basically creating something off of my main domain www.mywebsite.com/intranet. I've created .htpasswd protection for that intranet directory.

@Steve110

Posted in: #Directory #Htaccess #Htpasswd

1 Comments

Login to post a comment!

3 Comments

Sorted by latest first Latest Oldest Best

@Murphy175

I've seen this a couple of times. It's not always possible to work out what has happened, but in several cases, a machine with the FTP details has been infected with some kind of malware/virus, that uses the FTP details to connect to the server and infect the machine.

10% popularity Vote Up Vote Down

@Nimeshi995

There are several ways that an attacker could have gained access to the site. Here are some common possibilities:

The attacker gained access to the server via FTP or some other availabe publication/admin channel. Perhaps there is a weak password and access was gained through a brute force attack, or maybe through social engineering, the password was obtained. Check the server's security log (though the attacker may have had access to delete the log).
The web site may have XSS vulnerabilities or other code defects. For example, the code could be vulerable to SQL injection or PHP may be performing system calls formed with user data.
Joomla may have known vulnerabilities. Make sure any security updates are applied.

Good luck!

10% popularity Vote Up Vote Down

@Carla537

You need to see your webserver logs. There you can find enough information about intrusion. It was hacked via web, and therefore all in apache (or another server which you use) logs

10% popularity Vote Up Vote Down

Feed

: How could this site have been infected? I run a small website on some Joomla 1.5 version. It appears that today it was hacked: The index.php and index2.php files were overwritten, the administrator

More posts by @Steve110

: Unfortunately, it doesn't look like Google Analytics will allow you to drill down beyond a particular day, though it will let you expand to weekly or monthly views. To get that kind of data,

: Lifehacker's Texter is the only standalone one I know of. It's free, open source, and easy to use. Also, if you have a background in programming, AutoHotkey might be a viable option. Texter

: Yahoo sitemap validation I am trying to submit sitemap.xml (Index) to Yahoo Site Explorer but with no luck. I tried using website feed option in the site explorer to submit the sitemap, but

: How secure is using .htpasswd to secure a directory? I'm basically creating something off of my main domain www.mywebsite.com/intranet. I've created .htpasswd protection for that intranet directory.

Login to post a comment!

3 Comments

Back to top | Use Dark Theme