there was some code like
Originally Posted by FN-GM
var $MetaTitle = '1';
var $lifetime = '15';
var $session_handler = 'database';
var .......... Hacked by blabla
I have erased the lines with name of the hacker, but it doesnt help. And I dont remember what the codes was, because I have erased it :(
it was the index.php in the templates. I get my site back, but its not look like as before, I think its in html. how can I change it?
it looks like it cannot find you style sheet.
No offense to those who've commented before but generally it's not a good idea to assume that it's just a single point of entry and you've fixed it.
Once someone has got into your site (however they did it), you should assume that attempts have been made to subvert more than just a single page (rootkits, etc) and request your webhost do a thorough security scan of the account (and host environment).
I'd definitely get your joomla upgraded to the latest version as soon as possible and as suggested get yourself subscribed to the security watch list.
Also worth asking your host if mod_security is installed and asking them to include rules to cover common joomla and other PHP exploits.
Agree entirely. My personal advice for this sort of thing is to start from a clean slate - ie. one.com should do a complete rebuild of the server, and all sites should be re-installed, ensuring the latest patches are used. But then, this depends on how helpful one.com are.
Originally Posted by contink
if it is just the config file you can create another one but most of the time it is the index.php if you pm me i will talk to you and i will look at rebuilding it as long as sql is not damaged or template folder i can recover it for you.
to rebuild config file
var $sitename = 'your Web site name';
var $dbtype = 'mysql';
var $host = 'localhost';
var $user = 'your database username';
var $password = 'your database password';
var $db = 'database name';
var $dbprefix = 'jos_'; // This is the default database table prefix. Change this to whatever you change
the MySQL table prefix to in Step 2.
var $secret = 'FBVtggIk5lAzEU9H'; //Change this to a random mixture of upper and lower
alphanumeric characters. This is an important security feature and should not be neglected.
var $ftp_host = '127.0.0.1'; //This is the default localhost address reference. Your Web host may have
set this differently.
var $ftp_port = '21'; // Port 21 is the default FTP port on most operating systems, but may have been
configured differently by your host provider.
var $ftp_user = 'your ftp username';
var $ftp_pass = 'your ftp password';
var $ftp_root = 'the absolute path of the directory that the ftp client should open within';
$ftp_enable = '1'; Set to '1' to enable the FTP layer facility.
var $tmp_path = '/tmp'; //The absolute path to the tmp directory within the root directory of your
Joomla! installation. This should not be confused with the same named directory of your Web server.
var $log_path = '/var/logs'; //The absolute path to your Web server log directory.
var $mailfrom = 'your e-mail address';
var $fromname = 'your Web site name for example';
If you still have problems pm me.
This is quite worrying. There seems to be a number of J1.5 websites being hacked. You don't say what version of Joomla you were, the current build is 1.5.7.
Seeing as the J1.5 package was built on an earlier version of the Joomla build, if members haven’t updated their websites Joomla core to the most recent version then they will be vulnerable.