My joomla site 1.5 has been done over as well!

Printable View

6th October 2008, 09:19 AM
reggiep

My joomla site 1.5 has been done over as well!

My school site has been attcked (cannot put certain word beginninng with H as then it gets filtered b y our provider!)

the site by p@3t_b@y runs joomla 1.5.
Someohow somebody has managed to log on as an administrator, add an article and then change the admin passwoird so I can now no longer log on!

HELP!

The site is externally hosted but all other bits'n'pieces seem fine on the server so I guess I had a vunerability with my joomla package that I had not upgraded to.

Bugger.

Does anyone know what this vunerabilty may be so I could use it to get back on and change the password back?

Or does anyone know how I could get round this by maybe installing Joomla again and then linking it back to the original joomla database?

Thanks
6th October 2008, 09:24 AM
matt40k

Hope you have a backup.

Reinstall, restore backup upgrade to latest version (stable).

I assuming your using CPanel, in wish case it could have been a breatch from there too.. Check with your provider.
6th October 2008, 09:50 AM
keithu

You just need to use phpMyAdmin (or whatever) to open the mysql table containing your user passwords. The first user will probably be the admin and will be the one they've messed with. Write a new password to the password field and you'll be able to log in again. The password will probably have to be written in an encrypted form.

ETA: You can use this webpage to make a new encrypted password
http://elmar-eigner.de/md5_encryption.html
6th October 2008, 10:00 AM
alonebfg

just for intrest how many users are admin ie what do your teacher log in as. make sure all your user do not have backend access and only you have this. If you have any more problems pm me and i will talk you through it.
6th October 2008, 10:11 AM
SYSMAN_MK

This is quite worrying. There seems to be a number of J1.5 websites being hacked. You don't say what version of Joomla you were, the current build is 1.5.7.

Seeing as the J1.5 package was built on an earlier version of the Joomla build, if members haven’t updated their websites Joomla core to the most recent version then they will be vulnerable.
6th October 2008, 12:26 PM
reggiep

I managed vto get our hosts to restore from a backup. Thanks dreamhosting.co.uk.

I did have a play with phpmyadmin as suggested by keithu and found that the hacker had changed the log on name and email address to his own!

I changed the email address back to mine and then went through the lost password procedure to change the password back to mine. That way I did not have to bother with password hashes.

i guess I need to upgrade joomla now from 1.5.3 to 1.5.7 to try to protect it from more bored turkish hackers.

Thanks
6th October 2008, 01:42 PM
alonebfg

to update download this http://joomlacode.org/gf/download/fr...ch_Package.zip and then ftp it on top of what you got replacing old files. jobe done.
6th October 2008, 03:02 PM
saundersmatt

Quote:

Originally Posted by alonebfg

to update download this http://joomlacode.org/gf/download/fr...ch_Package.zip and then ftp it on top of what you got replacing old files. jobe done.

Or so you would hope. But i did that this morning after seeing the "my site has been hacked" threads and panicing slightly. Did a backup of current site and ran the upgrade patch. Which failed spectacularly. Tried recovering to the backup, also didn't work (due to me being a complete idiot with the ftp client). So i've spent all day reinstalling joomla, themes and components.
Oh well, needed to bugfix a few bits anyway so got that done at the same time.

Matt
7th October 2008, 10:16 AM
reggiep

I think I was done by the reset password hack.
I upgraded yesterday to 1.5.7 just by ftp-ing over the top and everything seems to be working fine with no problems.

Thanks guys for all the help. ;)
7th October 2008, 10:27 AM
contink

Quote:

Originally Posted by saundersmatt

Or so you would hope. But i did that this morning after seeing the "my site has been hacked" threads and panicing slightly. Did a backup of current site and ran the upgrade patch. Which failed spectacularly. Tried recovering to the backup, also didn't work (due to me being a complete idiot with the ftp client). So i've spent all day reinstalling joomla, themes and components.
Oh well, needed to bugfix a few bits anyway so got that done at the same time.

Matt

The silver lining on stuff like that is that you learn more about the system and are better prep'd when some other issue hits. Still a pain in the **** though.. :o