Joomla! 2.5.4 Hacked: Having trouble with diagnosis -

-

my joomla 2.5.4 site cracked last night. moreover, joomla forum down, , can't run joomla's diagnostic utility. (fpa-en.php)

i have followed joomla's instructions diagnosis no success. (see below) have emailed webhost (i on shared server, use host recommended joomla specialist in joomla sites). so, question do next?

here info have far.

using joomla 2.54 (the latest). extension updated recent release, , none on joomla vulnerable extensions list.

passwords of other administrators changed not mine fortunately.

user_notes table deleted, renders user manager in admin section useless.

according logs attack hit following files in sequence:

  1. /administrator/index.php
  2. /index.php (root)
  3. /plugins/authentication/joomla/joomla.php
  4. /plugins/user/joomla/joomla.php

and changes users , user_notes tables.

there no junk in either index.php

attack ip 199.15.234.216, fort worth server of supremetelecom.com

fortunately, have backups , there no defacement, until can't fpa-en.php work , access joomla forums, not sure d0 other change passwords , block ip.

thanks in advance help!

firstly, reset passwords of administrators, including yours, change them , ensure include letters , numbers. change password host control panel using password generator if provide one. if not, use password generator online. once done change password database username , don't forget update configuration.php new password.

secondly, download , install admin tools add more security site future. admin tools comes emergency offline button useful.

then download , install saxum ip logger trace registered users, giving ip address, country , on , can block ip addresses using plugin comes it.

next, go host control panel , @ logs see ip addresses have entered website , while files have accessed. ip address coresponds files edited, can block using plugin mentioned before. joomla 2.5 hard hack rather have extension badly developed , allows sql injection. therefore should choose popular extensions install on website when database related.

hope helps in future. regards

edit : can password protect folders in ftp additional security.

you may find this extension quite useful


Comments

Post a Comment

Popular posts from this blog

django - How can I change user group without delete record -

-
on website user have 1 group. , user can change group. it's made user.groups.clear() and user.groups.add(new_group) but it's not efficient, because there 2 sql query: delete, insert. how can change group update query? user , group related each other using manytomanyfield . means intersection table exists relating both entities, , if don't specify model map (using through attribute) django creates 1 you. looking @ sources django.contrib.auth.models see that's case. fortunatly, can access intermediary model using through attribute of manager (in case, user.groups.through ). can use regular model. example: >>> alice = user.objects.create_user('alice', 'alice@example.com', 'alicepw') >>> employee = group.objects.create(name='employee') >>> manager = group.objects.create(name='manager') >>> alice.groups.add(employee) >>> alice.groups.all() [<group: employee...
Read more

java - Need to add SOAP security token -

-
i need set custom soap header attribute on jax-ws generated webservice client. case webservice calls must go through proxy server requiring specific token (recieved web request header) present in soap request header. e.g.: 1 carserviceservice service = null; 2 service = new carserviceservice(new url(url), new qname(qname); 3 carserviceendpoint port = service.getcarserviceport(); it seems in line 3 wsdl retrieved , call fails due missing security token. 1 point direction on how done? a detailed example has been mentioned here: creating , deploying jax-ws web service on tomcat 6 this article shows how create , use security token .
Read more

java - EclipseLink JPA Object is not a known entity type -

-
i have strange problem eclipselink , object want persist. have 1 object (keypointlistimpl) stores object keypointimpl in list. persisting keypointimpl objects works great if try persist keypointlistimpl object java.lang.illegalargumentexception says object keypointimpl isn't known entity type. here keypointimpl code: @entity @table(name="keypoints") public class keypointimpl implements keypoint { @id @generatedvalue(strategy = generationtype.identity) private int id; @enumerated(enumtype.string) private detectortype keypointtype; private float x; private float y; private float size; private float angle; private float response; private int octave; private int classid; ... } here keypointlistimpl code: @entity @table(name="keypointlists") public class keypointlistimpl implements keypointlist { @id @generatedvalue(strategy = generationtype.identity) private int id; @onetoone(cascade={ca...
Read more