| Question: |
Hello, I apologize for tolmud. The problem I have is breaking my site Joomla. On the website the current version of the engine and components, third-party modules and plugins no, the template slopes. The first time it happened was before the new year, then everything seems to be cleared, but a day ago I received a letter from Google that my website hacked. I then cleaned it up - removed all extraneous files from the root of the site (their was a huge amount), checked the I-bolita and deleted all that it found, then manually a few files found. Downloaded a backup of the site, checked on computer, antivirus program and XSS and SQL Injection scanner - nothing found. I`ve calmed down but this morning I saw in the logs the errors became suspicious and created a thread in joomlaforumu. There are knowledgeable people told him, how else to check, compare with the old backups and clean Joomla. I compared (programmatically), I found 5 files left. For all other files the full line with clean. Thought that already all. Just in case, looked in cpanel \"latest visitors\" - and there is a cracker apparently. With one IP, the systematic treatment of each other to the files that I deleted and tried to climb in the folder cache. I freaked out, wrote about it on joomlaforumu, I was advised in the folder /cache, /tmp, /images , administrator/susidovychi .htaccess disallow execution of scripts. I did it, but cracker and and pokes me terribly nervous. On joomlaforumu recommended that \"Recommend bans vystovlyat from the root .htaccess`a on each folder in a different form, then all the htaccess and index.* replace with the right 0444 unless you need to edit the templates there, too, all files to 0444, in case you will have access to the admin panel are unable to Perepelitsa, then in the root folder to set rights on 0555, open_base_dir to set up to public_html, go search mtime and ctime, for example over the past two months, you can also make Hesi amount of the version (with off spring) and your and compare, Doolittle need to scan in paranoidalnami mode for all files, or you can go through the database, for third party scripts.\" half these items I don`t even know how to do (except right).Can do to help implement the recommendation? Thank you. |
| Answer: |
Hello. we scan You. |
| Question: |
Thank you very much. |
| Answer: |
http://zz-project.ru/AI-BOLIT-REPORT-_reneus_public_html-659040-10-01-2016_09-50.html |
| Question: |
Thank you, but he found nothing - the enemy has marked the files that I myself created - htaccess current and old language files of the gallery (they are just normal) |
| Answer: |
the question referred to administrator, wait for amp. |
| Question: |
Thank you |
| Answer: |
change the passwords and set the security modules. follow the developer guide, get rid of unnecessary modules through which may be - |
| Question: |
I don`t have any third-party module on the website, passwords, one and all (including the password from the host) changed yesterday... |
| Answer: |
Doolittle we scanned, the script nothing found |
| Answer: |
might help at http://service-joomla.ru/forum/upgrading/331-uvedomlenie-ob-uyazvimosti-sajtov-na-cms-joomla.html |
| Question: |
Thanks, the engine I have upgraded to a version without the vulnerability of this back in December. The website, unfortunately, was hacked before the patch came out - that`s still struggling with the consequences. This vrazhina and climbs. in the logs it is visible that tried to get to my files that I deleted \"61.100.180.31 - - [10/Jan/2016:09:38:11 +0300] \"POST /libraries/joomla/observer/alias.php HTTP/1.0\" 404 1594 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0\"61.100.180.31 - - [10/Jan/2016:09:38:13 +0300] \"POST /components/com_content/dump.php HTTP/1.0\" 404 1594 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0\"61.100.180.31 - - [10/Jan/2016:09:38:14 +0300] \"POST /libraries/fof/controller/functions.php HTTP/1.0\" 404 1594 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0\"61.100.180.31 - - [10/Jan/2016:09:38:16 +0300] \"POST /plugins/content/pagebreak/javascript.php HTTP/1.0\" 404 1594 \"-\" \"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0\"\" - they were all infected. |
| Answer: |
the pam that your website database hacking, and bot trying to hack it |
| Question: |
Thank you. Then it only remains to see. |
| Answer: |
read more recommendations https://revisium.com/kb |
| Question: |
Thank you |
| Answer: |
ok
|
| Question: |
I installed the component that needs to check if there are any changes in the files and folders of the website (except for cache, logs) and when you change to send the data by email. I tried to test. He gave me \"Vimanapura can not be set, because the PHP function mail() is blocked on this server.\"This is something you can enable? |
| Answer: |
not yet .t.to. your account on carattini. you can Ispoljzovanie only smtp create a mailbox in the panel and configure the site to send emails through it. |
| Question: |
Wow, really blocked - I tried out the feedback form to send a letter regular. And I wondered why for several months the visitors stopped writing. Wrote earlier. |
| Question: |
I don`t know how. I have the mail of Yandex as it was attached to a website. |
| Answer: |
to the site or domain name? |
| Question: |
To the domain it seems. Well, it works. |
| Answer: |
ok |
