| Question: |
Good afternoon. Recently noticed left files on sites, cleaned what I found. Changed the passwords, but to no avail, now in every folder on the account filled in the file *.html and podobrali code ugly to Pesnica, and generally a bunch of nonsense appeared. Is it possible to automatically remove all files *.html ? And is it possible to make the ability to log on FTP with only one IP, because changing the password, as I understand it, it doesn`t help. |
| Answer: |
Hello. please Wait, the request is sent to the administrator. |
| Answer: |
Hello. ftp You was not hacked. ftp was working only with ip ***.**.**.**, this is Your ip . we will check Your account for viruses |
| Answer: |
the reason http://pravlib.ru/AI-BOLIT-REPORT-__-******-**-**-****_**-**.html criticisms
a Vulnerability in the scripts (**)
/home/galany*/public_html/wmd-services/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/wmd-services/administrator/components/com_k*/lib/elfinder/elFinder.class.php - NI : elFinder
/home/galany*/public_html/gdw/administrator/components/com_k*/lib/elfinder/elFinder.class.php - NI : elFinder
/home/galany*/public_html/gdw/components/com_adsmanager/controller.php - NI : https://revisium.com/ru/blog/adsmanager_afu.html
/home/galany*/public_html/sunriseband.net/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/sunriseband.net/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/sunriseband.net/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/mopilka/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/mopilka/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/mopilka/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/mopilka/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/galany*/public_html/elit.com/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/elit.com/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/elit.com/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/galany*/public_html/elit.com/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/ |
| Answer: |
description of the problem and its reshenie http://www.securitylab.ru/vulnerability/******.php https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html |
| Question: |
Yes, thank you, I already knew. I bought a website and he was completely in the viruses. Here and there went a problem. Doolittle now also checked the sites - found a bunch of viruses... Correct. |
| Answer: |
ok
|
| Question: |
You can run the script again for the entire account? I have for big sites gives a *** mistake. I cleaned, I would like to check that I missed. |
| Answer: |
use amps. section in Your personal office \"to Check the site for viruses\". |
