Unfortunately, the username and password you have entered do not match!
Not a member? Register | Lost your password?
Forgot your username? | Login with order number
Close Panel

Registration

Unfortunately, this username is already taken!

Unfortunately, this e-mail address is already used!

Please retype the verification code.

All fields are required

Close Panel

hack - template stuffed with seo ad links

Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username? Create an account
RSJoomla! Forum
Joomla! Security
Help! My site has been hacked

hack - template stuffed with seo ad links
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: hack - template stuffed with seo ad links

hack - template stuffed with seo ad links 2 years, 5 months ago #8434

  • bertm
  • OFFLINE
  • Fresh Boarder
  • Posts: 5
FYI. Hack info in case it may be useful to others. I am still chasing this down.

I have found the attached PHP files in my Joomla site that will stuff my template's index.php with hundreds of ad links wrapped in a div with display:none. My robots.txt had been modified, deleting the line "Disallow: /includes/" and a new IMG folder was created under "incluldes" with tons of PHP files that generated these ads. I have attached a RAR file of the offending PHP files that I found in the system (folder structure intact).

When the exploit hit, I was running J 1.5.12 and had not upgraded to 1.5.14 yet.

Interesting, I have observed that the free/demo version of Firewall will run on my localhost, but not on my livesite. "Perform System Check" shows activity bars, but returns to the same screen without any results. Any thoughts?

Attachment exploit.zip not found

Attachments:
Last Edit: 2 years, 5 months ago by bertm.
Reply Quote

Re:hack - template stuffed with seo ad links 2 years, 5 months ago #8437

  • alexp
  • OFFLINE
  • Moderator
  • Posts: 1047
Hello,

This is a pretty common exploit method...and it is detected by RSFirewall without too much effort.

Upon running the system check does it through some error...? Please make sure that your server meet the product minimum requirements stated in the documentation.

The demo version was only designed to demonstrate and present what the full product can do.
Please note: my help is not official customer support. To receive your support, submit a ticket by clicking here
Regards,
RSJoomla! Development Team
Reply Quote

Re:hack - template stuffed with seo ad links 2 years, 3 months ago #8880

I had my site hacked....Sounds similar

I had the following hit.

Configuration.php
index.php
Template index.php

Plus a few others....A total of 33 sites...So, I instantly purchased RSFirewall and started removing all the junk they put in my sites. I think I had about 100 hours fixing everything that includes running RSFirewall and fixing all vulnerabilities.

I finally feel safe and will continue to put RSFirewall on all my sites…I also used this extension as well and found it helpful. Be sure to donate your 2Euros to keep them working on it.

James
James Wright
Reply Quote

Re:hack - template stuffed with seo ad links 6 hours, 1 minute ago #0

Hello,
This is an automatically generated message.
We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you wish to receive our support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here: http://www.rsjoomla.com/support-policy.html.

Thank You!
PLEASE NOTE: This topic is NOT locked and you can add replies to it. Other users are free to reply as well. This message has been generated by a bot and has no effect on the topic whatsoever.
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
RSJoomla! Forum
Joomla! Security
Help! My site has been hacked
Moderators: alex, alexp, octavian, bogdanc, andreic
Powered by Kunena
Time to create page: 0.48 seconds
Feedback