-
AuthorPosts
-
June 30, 2010 at 3:46 pm #152180
Help my administrator log in for my Zeolite II site will not pull up. It shows as a broken link when I try to get to http://www.greenmyfleet.com/administrator…
1and1.com informed me of a hack attack last week but I did not realize it may have broken this link. ANy assistance would be appreciated. Here is what 1and1 had to say. Can anyone tell if the issues can be related..?
Your 1&1 hosting account has been attacked via an insecure PHP script you
installed on your webspace. You will find an analysis of the attack and
instructions on how to secure your webspace against future attacks in this e-mail.******************************************************************************
1. Analysis of the attack
******************************************************************************
1.1 The hackers processed the attack through a security leak in your script/s./public_html/administrator/index.php
./public_html/administrator/components/com_virtuemart/export.php1.2 Via this security leak the hackers have uploaded the following malicious
files to your webspace:./public_html/administrator/components/com_virtuemart/psy.tar
./public_html/administrator/components/com_virtuemart/.psy/*
./public_html/administrator/components/com_virtuemart/edu.php
./public_html/greenmyfleet/errors.php
./public_html/greenmyfleet/dest.php
./public_html/media/system/css/var.php
./public_html/test.php
./public_html/errors.php1.3 In order to impede further attacks, we have disabled these files. Please
note that part of your websites may be impaired.******************************************************************************
2. Required measures
******************************************************************************
In order to reactivate your websites and re-establish the security of your 1&1
account, observe the following instructions.2.1 Delete all aforementioned files. Note that hackers usually come back to a
webspace they exploited successfully.2.2 Upload a more secure version of the following modules of your software:
greenmyfleet.com
~/public_html/administrator/components/com_virtuemart/export.php
greenmyfleet.com ~/public_html/administrator/index.phpYou will further information on
CVELINK: http://virtuemart.net/downloads?task=view
CVELINK:
http://developer.joomla.org/security/news/241-20080801-core-password-remind-functionality.html#also_urgently_change_administrator_password2.3 Check whether other malicious content was uploaded onto your webspace
during the attack. Delete all unknown, suspicious files immediately.IMPORTANT: In the future, please check the security of the software you install
on a regular basis. We will assist and help you with any specific problem, but
please be aware that the security of the software you install is your sole
responsibility.For information on the technique the hackers used, see
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/Code_injection#Include File Injection****************************************************************************
If you should require further information, please reply to this e-mail, leaving
our reference in your message.Thank you in advance for your efforts. We appreciate your cooperation and look
forward continuing to provide you with safe and secure hosting.Kind regards,
Abuse Team
Sorry for the nube question, I just have not delt with this before…:((:confused:
Kind Regards,
MichaelSaguaros Moderator
Saguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
July 2, 2010 at 2:11 am #348731Dear Michael!
i’m sorry i have not any solution on this issue . pls kindly post this issue on the JOomla forum to get many answers about this one
Thanks
-
AuthorPosts
This topic contains 2 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum