test
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • aluna Friend
    #183739

    Hi everyone,

    I have had someone hack our site and needed to know how I can remove an unwanted URL from my site. I cant seem to find the where on the backend it appears.

    <div id=”ja-wrapper”>
    <div id=”ja-top-panel” class=”wrap “>
    <div class=”main”>
    <div class=”main-inner1″>
    <div class=”main-inner2 clearfix”> </div>
    </div></div>
    </div>
    <div id=”ja-header” class=”wrap “>
    <div class=”main”>
    <div class=”main-inner1″>
    <div class=”main-inner2 clearfix”>
    <h2><div id=”ja-rol”><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/lo-vi-song/97-sua-lo-vi-song.html” target=”_blank” title=”sua lo vi song, sua chua lo vi song, sua lo vi song tai nha”>sửa lò vi sóng</a><br><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/may-lanh/103-ve-sinh-may-lanh.html” target=”_blank” title=”ve sinh may lanh, bao tri may lanh, rua may lanh, bao duong may lanh”>vệ sinh máy lạnh</a><br><a href=”http://dienlanhsodo.com/dich-vu-sua-chua/tu-lanh/96-sua-tu-lanh.html” target=”_blank” title=”sua tu lanh, sua chua tu lanh, sua tu lanh tai nha”>Sửa tủ lạnh</a></div></h2><h1 class=”logo”>
    <a href=”/index.php” title=”San Antonio Scorpions”><span>San Antonio Scorpions</span></a>[/B]
    </h1>

    pavit Moderator
    #478819

    Hi

    Since you don’t know which file exactly was hacked

    I can suggest to do in this way

    take a backup of your website with akeeba backup then install it on your localhost

    after you installed it with a texteditor like e-text editor or someone similar and search for the occurrency
    a href="http://dienlanhsodo.com

    so you can delete all the infected files after you have found all the files takes a new backup and reinstall it on your website

    aluna Friend
    #478953

    I found what the hacked template was
    location: /templates/ja_tiris/blocks/header.php

    in red is the junk code that was added to my site,

    <?php
    $view=’PGgyPjxkaXYgaWQ9ImphLXJvbCI+PGEgaHJlZj0iaHR0cDovL2RpZW5sYW5oc29kby5jb20vZGljaC12dS1zdWEtY2h1YS9sby12aS1zb25nLzk3LXN1YS1sby12aS1zb25nLmh0bWwiIHRhcmdldD0iX2JsYW5rIiB0aXRsZT0ic3VhIGxvIHZpIHNvbmcsIHN1YSBjaHVhIGxvIHZpIHNvbmcsIHN1YSBsbyB2aSBzb25nIHRhaSBuaGEiPnPhu61hIGzDsiB2aSBzw7NuZzwvYT48YnI+PGEgaHJlZj0iaHR0cDovL2RpZW5sYW5oc29kby5jb20vZGljaC12dS1zdWEtY2h1YS9tYXktbGFuaC8xMDMtdmUtc2luaC1tYXktbGFuaC5odG1sIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9InZlIHNpbmggbWF5IGxhbmgsIGJhbyB0cmkgbWF5IGxhbmgsIHJ1YSBtYXkgbGFuaCwgYmFvIGR1b25nIG1heSBsYW5oIj524buHIHNpbmggbcOheSBs4bqhbmg8L2E+PGJyPjxhIGhyZWY9Imh0dHA6Ly9kaWVubGFuaHNvZG8uY29tL2RpY2gtdnUtc3VhLWNodWEvdHUtbGFuaC85Ni1zdWEtdHUtbGFuaC5odG1sIiB0YXJnZXQ9Il9ibGFuayIgdGl0bGU9InN1YSB0dSBsYW5oLCBzdWEgY2h1YSB0dSBsYW5oLCBzdWEgdHUgbGFuaCB0YWkgbmhhIj5T4butYSB04bunIGzhuqFuaDwvYT48L2Rpdj48L2gyPg==’;
    echo base64_decode($view);?>
    <?php
    $app = & JFactory::getApplication();
    $siteName = $app->getCfg(‘sitename’);
    if ($this->getParam(‘logoType’, ‘image’)==’image’): ?>
    <h1 class=”logo”>
    <a href=”index.php” title=”<?php echo $siteName; ?>”><span><?php echo $siteName; ?></span></a>
    </h1>

    code was replaced with the following

    <?php
    $app = & JFactory::getApplication();
    $siteName = $app->getCfg(‘sitename’);
    if ($this->getParam(‘logoType’, ‘image’)==’image’): ?>
    <h1 class=”logo”>
    <a href=”index.php” title=”<?php echo $siteName; ?>”><span><?php echo $siteName; ?></span></a>
    </h1>

    pavit Moderator
    #478955

    So replacing the code you solved ?

Viewing 4 posts - 1 through 4 (of 4 total)

This topic contains 4 replies, has 2 voices, and was last updated by  pavit 11 years, 11 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum