+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22
EduGeek Joomla 1.5 Package Thread, Our school website (with edugeek joomla package) HACKED in Projects:; Originally Posted by FN-GM Whats wrong with it? there was some code like var $MetaTitle = '1'; var $lifetime = ...
  1. #16

    Join Date
    Jun 2008
    Location
    copenhagen
    Posts
    15
    Thank Post
    16
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by FN-GM View Post
    Whats wrong with it?
    there was some code like

    var $MetaTitle = '1';
    var $lifetime = '15';
    var $session_handler = 'database';
    var .......... Hacked by blabla
    var..............

    I have erased the lines with name of the hacker, but it doesnt help. And I dont remember what the codes was, because I have erased it

  2. #17

    Join Date
    Jun 2008
    Location
    copenhagen
    Posts
    15
    Thank Post
    16
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    it was the index.php in the templates. I get my site back, but its not look like as before, I think its in html. how can I change it?

  3. #18

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,846
    Thank Post
    877
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444
    it looks like it cannot find you style sheet.

  4. Thanks to FN-GM from:

    dhasmet (6th October 2008)

  5. #19
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    No offense to those who've commented before but generally it's not a good idea to assume that it's just a single point of entry and you've fixed it.

    Once someone has got into your site (however they did it), you should assume that attempts have been made to subvert more than just a single page (rootkits, etc) and request your webhost do a thorough security scan of the account (and host environment).

    I'd definitely get your joomla upgraded to the latest version as soon as possible and as suggested get yourself subscribed to the security watch list.

    Also worth asking your host if mod_security is installed and asking them to include rules to cover common joomla and other PHP exploits.

    good luck

  6. 2 Thanks to contink:

    dhasmet (6th October 2008), localzuk (6th October 2008)

  7. #20

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,655
    Thank Post
    516
    Thanked 2,443 Times in 1,891 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by contink View Post
    No offense to those who've commented before but generally it's not a good idea to assume that it's just a single point of entry and you've fixed it.

    Once someone has got into your site (however they did it), you should assume that attempts have been made to subvert more than just a single page (rootkits, etc) and request your webhost do a thorough security scan of the account (and host environment).

    I'd definitely get your joomla upgraded to the latest version as soon as possible and as suggested get yourself subscribed to the security watch list.

    Also worth asking your host if mod_security is installed and asking them to include rules to cover common joomla and other PHP exploits.

    good luck
    Agree entirely. My personal advice for this sort of thing is to start from a clean slate - ie. one.com should do a complete rebuild of the server, and all sites should be re-installed, ensuring the latest patches are used. But then, this depends on how helpful one.com are.

  8. Thanks to localzuk from:

    dhasmet (6th October 2008)

  9. #21
    alonebfg's Avatar
    Join Date
    Aug 2006
    Location
    south west some of the time
    Posts
    834
    Thank Post
    12
    Thanked 34 Times in 21 Posts
    Blog Entries
    5
    Rep Power
    24
    if it is just the config file you can create another one but most of the time it is the index.php if you pm me i will talk to you and i will look at rebuilding it as long as sql is not damaged or template folder i can recover it for you.

    to rebuild config file

    var $sitename = 'your Web site name';
    var $dbtype = 'mysql';
    var $host = 'localhost';
    var $user = 'your database username';
    var $password = 'your database password';
    var $db = 'database name';
    var $dbprefix = 'jos_'; // This is the default database table prefix. Change this to whatever you change
    the MySQL table prefix to in Step 2.
    var $secret = 'FBVtggIk5lAzEU9H'; //Change this to a random mixture of upper and lower
    alphanumeric characters. This is an important security feature and should not be neglected.
    var $ftp_host = '127.0.0.1'; //This is the default localhost address reference. Your Web host may have
    set this differently.
    var $ftp_port = '21'; // Port 21 is the default FTP port on most operating systems, but may have been
    configured differently by your host provider.
    var $ftp_user = 'your ftp username';
    var $ftp_pass = 'your ftp password';
    var $ftp_root = 'the absolute path of the directory that the ftp client should open within';
    $ftp_enable = '1'; Set to '1' to enable the FTP layer facility.
    var $tmp_path = '/tmp'; //The absolute path to the tmp directory within the root directory of your
    Joomla! installation. This should not be confused with the same named directory of your Web server.
    var $log_path = '/var/logs'; //The absolute path to your Web server log directory.
    var $mailfrom = 'your e-mail address';
    var $fromname = 'your Web site name for example';

    If you still have problems pm me.
    Last edited by alonebfg; 6th October 2008 at 10:18 AM.

  10. #22

    SYSMAN_MK's Avatar
    Join Date
    Sep 2005
    Posts
    4,005
    Thank Post
    489
    Thanked 1,340 Times in 728 Posts
    Rep Power
    427
    This is quite worrying. There seems to be a number of J1.5 websites being hacked. You don't say what version of Joomla you were, the current build is 1.5.7.

    Seeing as the J1.5 package was built on an earlier version of the Joomla build, if members haven’t updated their websites Joomla core to the most recent version then they will be vulnerable.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. How are you using edugeek Joomla Package
    By SimpleSi in forum EduGeek Joomla 1.0 Package
    Replies: 12
    Last Post: 7th July 2008, 08:42 PM
  2. Abbrev for Edugeek Joomla Package
    By SimpleSi in forum EduGeek Joomla 1.0 Package
    Replies: 2
    Last Post: 23rd May 2008, 04:08 PM
  3. [CLOSED] Bug/Error: Edugeek Joomla Package Creator Where has he gone?
    By FN-GM in forum EduGeek.net Site Problems
    Replies: 4
    Last Post: 31st January 2008, 12:07 AM
  4. Edugeek Joomla package templates
    By gh256 in forum EduGeek Joomla 1.0 Package
    Replies: 1
    Last Post: 13th November 2007, 04:15 PM
  5. School Joomla Package
    By linkazoid in forum Web Development
    Replies: 1
    Last Post: 29th September 2007, 08:53 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •