• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: Modified hash?

Modified hash? 12 years 8 months ago #14110

Hi, I've had a problem with sites being hacked, so installed RSFirewall thinking that it would solve the problem.

It didn't. I think the Joomla installation is quite secure, so they must be getting in another way.

I had a site hacked this morning, they changed the index.php file to something else.

When I visited the administrator page, before logging in, I got an email from the site telling me that the administrator page had changed!

When I logged in to see, RSFirewall said that the hash had been modified.

What does this mean? Is this bad? Have the hackers changed the admin page to record passwords?

It's really doing my head in at the moment. Everytime I think I have the hackers beaten they still manage to get in.
The administrator has disabled public write access.

Re:Modified hash? 12 years 8 months ago #14127

  • bogdanc
  • bogdanc's Avatar
  • OFFLINE
  • Moderator
  • Posts: 669
  • Thank you received: 11
Hello,

This is most likely caused by either a virus on a computer which you used to log in on your site's FTP or by an infected file on your site.

Please try scanning your computer and all other computers which you used to log in on your site's FTP for viruses and also change the FTP password of your account.

Also you can replace the modified files with new ones from the default Joomla! installation package. You can also use the System Check from RSFirewall! in order to see if any other core Joomla! files where modified and in this case you can replace them too.

Regarding:

"When I logged in to see, RSFirewall said that the hash had been modified. "

If a Joomla! file has been modified in comparison to the one from the default Joomla! package then RSFirewall! will show that the file has been modified. In this case the steps that I described above should be taken.
The administrator has disabled public write access.

Re: Modified hash? 11 years 8 months ago #18198

I think a possible virus issue too. But how were you able to fix this James?
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!