-
AuthorPosts
-
January 7, 2013 at 7:21 pm #183739
Hi everyone,
I have had someone hack our site and needed to know how I can remove an unwanted URL from my site. I cant seem to find the where on the backend it appears.
<div id=”ja-wrapper”>
<div id=”ja-top-panel” class=”wrap “>
<div class=”main”>
<div class=”main-inner1″>
<div class=”main-inner2 clearfix”> </div>
</div></div>
</div>
<div id=”ja-header” class=”wrap “>
<div class=”main”>
<div class=”main-inner1″>
<div class=”main-inner2 clearfix”>
<h2><div id=”ja-rol”><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/lo-vi-song/97-sua-lo-vi-song.html” target=”_blank” title=”sua lo vi song, sua chua lo vi song, sua lo vi song tai nha”>sửa lò vi sóng</a><br><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/may-lanh/103-ve-sinh-may-lanh.html” target=”_blank” title=”ve sinh may lanh, bao tri may lanh, rua may lanh, bao duong may lanh”>vệ sinh máy lạnh</a><br><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/tu-lanh/96-sua-tu-lanh.html” target=”_blank” title=”sua tu lanh, sua chua tu lanh, sua tu lanh tai nha”>Sửa tủ lạnh</a></div></h2><h1 class=”logo”>
<a href=”/index.php” title=”San Antonio Scorpions”><span>San Antonio Scorpions</span></a>[/B]
</h1>pavit Moderator
pavit
- Join date:
- September 2007
- Posts:
- 15749
- Downloads:
- 199
- Uploads:
- 2274
- Thanks:
- 417
- Thanked:
- 4028 times in 3778 posts
January 7, 2013 at 9:43 pm #478819Hi
Since you don’t know which file exactly was hacked
I can suggest to do in this way
take a backup of your website with akeeba backup then install it on your localhost
after you installed it with a texteditor like e-text editor or someone similar and search for the occurrency
a href="http://dienlanhsodo.comso you can delete all the infected files after you have found all the files takes a new backup and reinstall it on your website
January 8, 2013 at 6:28 pm #478953I found what the hacked template was
location: /templates/ja_tiris/blocks/header.phpin red is the junk code that was added to my site,
<?php
$view=’PGgyPjxkaXYgaWQ9ImphLXJvbCI+PGEgaHJlZj0iaHR0cDovL2RpZW5sYW5oc29kby5jb20vZGljaC12dS1zdWEtY2h1YS9sby12aS1zb25nLzk3LXN1YS1sby12aS1zb25nLmh0bWwiIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0ic3VhIGxvIHZpIHNvbmcsIHN1YSBjaHVhIGxvIHZpIHNvbmcsIHN1YSBsbyB2aSBzb25nIHRhaSBuaGEiPnPhu61hIGzDsiB2aSBzw7NuZzwvYT48YnI+PGEgaHJlZj0iaHR0cDovL2RpZW5sYW5oc29kby5jb20vZGljaC12dS1zdWEtY2h1YS9tYXktbGFuaC8xMDMtdmUtc2luaC1tYXktbGFuaC5odG1sIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9InZlIHNpbmggbWF5IGxhbmgsIGJhbyB0cmkgbWF5IGxhbmgsIHJ1YSBtYXkgbGFuaCwgYmFvIGR1b25nIG1heSBsYW5oIj524buHIHNpbmggbcOheSBs4bqhbmg8L2E+PGJyPjxhIGhyZWY9Imh0dHA6Ly9kaWVubGFuaHNvZG8uY29tL2RpY2gtdnUtc3VhLWNodWEvdHUtbGFuaC85Ni1zdWEtdHUtbGFuaC5odG1sIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9InN1YSB0dSBsYW5oLCBzdWEgY2h1YSB0dSBsYW5oLCBzdWEgdHUgbGFuaCB0YWkgbmhhIj5T4butYSB04bunIGzhuqFuaDwvYT48L2Rpdj48L2gyPg==’;
echo base64_decode($view);?>
<?php
$app = & JFactory::getApplication();
$siteName = $app->getCfg(‘sitename’);
if ($this->getParam(‘logoType’, ‘image’)==’image’): ?>
<h1 class=”logo”>
<a href=”index.php” title=”<?php echo $siteName; ?>”><span><?php echo $siteName; ?></span></a>
</h1>code was replaced with the following
<?php
$app = & JFactory::getApplication();
$siteName = $app->getCfg(‘sitename’);
if ($this->getParam(‘logoType’, ‘image’)==’image’): ?>
<h1 class=”logo”>
<a href=”index.php” title=”<?php echo $siteName; ?>”><span><?php echo $siteName; ?></span></a>
</h1> -
AuthorPosts
This topic contains 4 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum