Joomla Site Hacked

Printable View

1st December 2008, 12:01 PM
drewinc

Joomla Site Hacked

Our Joomla site was hacked last night --- The admin password, and the index.php were altered.

I have reset the admin password and restored the index.php so the site is now working.

I am running on J1.5.5 (I know my own fault) but now when I try and update to J1.5.8 i get the following error..

Warning: require_once(/var/www/administrator/includes/framework.php) [function.require-once]: failed to open stream: Permission denied in /var/www/administrator/index.php on line 22

Fatal error: require_once() [function.require]: Failed opening required '/var/www/administrator/includes/framework.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/administrator/index.php on line 22

Any Ideas what is causing this ? I have now put it back to J1.5.5 and left the site offline.

thanks in advance

Drew
1st December 2008, 12:03 PM
powdarrmonkey

Can you paste a chunk from the top of your index.php? It is is including a file that's not in the right place.
1st December 2008, 12:06 PM
Geoff

The permissions on '/var/www/administrator/includes/framework.php' are incorrect, make sure your webserver can read/execute the file. Or the file is misisng/corrupt.
1st December 2008, 12:11 PM
drewinc

Its definately permissions,,,, Im not FTPing the files , It is running on a Ubuntu server and the files Im copying accross do not have the correct permissions set.

Ill have a go at changing the permissions and get back ,

thanks for the prompt replies.
1st December 2008, 12:30 PM
drewinc

Ok changing some permissions now allows me in the backend ,,, the front is giving other permission problems.

Is there a way I can set all the permissions correctly via terminal on the Ubuntu server so I dont have to change these files individually ( Im a total Linux newbie ).
1st December 2008, 12:35 PM
wesleyw

Quick way would be at www go up a level and type chmod -R 755 <foldername> you could then change permissions for files and folders that need other permissions individually.

Wes
1st December 2008, 02:12 PM
Edu-IT

Slightly related, I'm running version 1.5.3 of the package. I take it that I am fine to upgrade to the latest version from the Joomla site?
1st December 2008, 02:16 PM
SYSMAN_MK

Yes and I would update ASAP!
1st December 2008, 02:21 PM
drewinc

Everything is working fine now -- thanks for the replies. The site is now running 1.5.8 -- just need to check all the file permissions but all seems good.
1st December 2008, 02:24 PM
Edu-IT

Quote:

Originally Posted by SYSMAN_MK

Yes and I would update ASAP!

I will do it tonight when I get home. It's on a private development server which nobody knows the address of so I think I'm alright to wait until this evening.