[TriLUG] joomla semi-expert needed

Thomas thomasvt at gmail.com
Mon Oct 25 19:49:52 EDT 2010


Which version of joomla are you using? Please check
http://docs.joomla.org/Security_Checklist_1_-_Getting_Started which may help
with steps to take if your site has been hacked.

Check the PHP variables and if they are set correctly. Use disable_functions
to disable dangerous PHP functions that are not needed by your site. Usually
that is the how the payload is copied to the server and it leaves a backdoor
open.

If you have access to the server (or through cron jobs), look for files
created/modified in the last 'x' days. eg: "find <dir> -mtime +30 >
output.txt"

Sometimes the rogue files are placed in the template directory as that
provides easy access to the files. Please disable any used templates and
delete from the joomla install.

If possible,
1. delete all files and database on server
2. Set PHP variables correctly (review checklist above)
3. Restore files and database from previous good backup

Thanks,
Thomas

On Mon, Oct 25, 2010 at 4:26 PM, jason tower <jtower at cerient.net> wrote:
> the website of my racing series (http://spece30.com) keeps getting
cracked,
> we'll probably replace it but want to keep a copy of the current site to
> retain five years worth of useful forum info.  i got a dump from the
current
> admin (nice guy but he doesn't know much about joomla) and have imported
> onto my server but not everything is working (http://spece30.cerient.net).
>  if anyone is can point me in the right direction i'd appreciate the help.
>
> jason
> --
> This message was sent to: Thomas V Thomas <thomasvt at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/thomasvt%40gmail.com
> TriLUG FAQ          :
http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list