-
AuthorPosts
-
iguinee Friend
iguinee
- Join date:
- December 2009
- Posts:
- 453
- Downloads:
- 10
- Uploads:
- 39
- Thanks:
- 58
- Thanked:
- 32 times in 1 posts
May 3, 2016 at 11:51 pm #926224Hello,
I am running Teline V on the latest Joomla! (I hope I managed to keep up!)
My website has been working fine until towards the end of April when my hosting account was suspended by the provider – due to the account being infested with malware (including Ebola, Malaria, HIV, etc. etc.). The hosting provider cleaned it all up today, for a fee.
Now, I am seen an error (HTTP ERROR 500) when I try accessing the website.
The hosting company tried to fix but they said that some vital files have been badly corrupted. They mentioned something like Moses code (please don’t ask me as I don’t have a clue what that means).
I seriously need some urgent assistance in this matter as the website has now been offline for 5 days.
These are the different errors coming up:
PHP Notice: Undefined index: HTTP_REFERER in /home5/xxx/public_html/comet/images.php on line 20 PHP Warning: require_once(/home5/xxx/public_html/includes/defines.php): failed to open stream: No such file or directory in /home5/xxx/public_html/index.php on line 49 PHP Fatal error: require_once(): Failed opening required '/home5/xxx/public_html/includes/defines.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home5/xxx/public_html/index.php on line 49 PHP Notice: Undefined index: HTTP_REFERER in /home5/xxx/public_html/comet/images.php on line 20 PHP Warning: require_once(/home5/xxx/public_html/includes/defines.php): failed to open stream: No such file or directory in /home5/ufdgtwoz/public_html/index.php on line 49 PHP Fatal error: require_once(): Failed opening required '/home5/xxx/public_html/includes/defines.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home5/xxx/public_html/index.php on line 49 PHP Notice: Undefined index: HTTP_REFERER in /home5/xxx/public_html/comet/images.php on line 20 PHP Warning: require_once(/home5/xxx/public_html/includes/defines.php): failed to open stream: No such file or directory in /home5/xxx/public_html/index.php on line 49 PHP Fatal error: require_once(): Failed opening required '/home5/xxx/public_html/includes/defines.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home5/xxx/public_html/index.php on line 49 PHP Notice: Undefined index: HTTP_REFERER in /home5/xxx/public_html/comet/images.php on line 20 PHP Warning: require_once(/home5/xxx/public_html/includes/defines.php): failed to open stream: No such file or directory in /home5/xxx/public_html/index.php on line 49 PHP Fatal error: require_once(): Failed opening required '/home5/xxx/public_html/includes/defines.php' (include_path='.:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear') in /home5/xxx/public_html/index.php on line 49
Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
May 4, 2016 at 4:21 am #926317Hi
Sad to hear that your site is attacked.
As I can see that most errors in above message come from core file of Joomla, do you have any backup version before the attack? If not, you can ask your host whether they have automatic backup for your site or not so they can help to restore for you.
iguinee Friendiguinee
- Join date:
- December 2009
- Posts:
- 453
- Downloads:
- 10
- Uploads:
- 39
- Thanks:
- 58
- Thanked:
- 32 times in 1 posts
May 4, 2016 at 9:43 pm #926826Thank you @saguaros for your reply.
Unfortunately they do not have a useful backup. Personally, I do not have a backup that is not compromised either.
Apparently the damage was progressive. That means the backup I have was also compromised as I tried to use it but it could not make it better.
Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
May 5, 2016 at 2:45 am #926861It’s hard in this case, please contact your host to find out which files are affected by the malware.
Backup should be a must when running a site, you can consider to use a better security host.
iguinee Friendiguinee
- Join date:
- December 2009
- Posts:
- 453
- Downloads:
- 10
- Uploads:
- 39
- Thanks:
- 58
- Thanked:
- 32 times in 1 posts
May 6, 2016 at 11:23 pm #927748I have done some cleanup and site is live. Now the primary issue is that whenever I click on an article, I am redirected to another suspicious website: (firsthoteshop.com)
Where can I go to clean this up and get the site back to normal?
timtecsa Friendtimtecsa
- Join date:
- October 2009
- Posts:
- 1382
- Downloads:
- 86
- Uploads:
- 327
- Thanks:
- 197
- Thanked:
- 132 times in 34 posts
May 7, 2016 at 11:36 am #927854When your site is clean you might look at at http://extensions.joomla.org/extension/jhackguard
We also use Admin Tools Pro on our sites. e.g.here: http://mt5j345.mwinda.org/
For easy backup take a look at Akeeba Backup Pro too.
Tim
Waleed Sharo FriendWaleed Sharo
- Join date:
- December 2010
- Posts:
- 14
- Downloads:
- 129
- Uploads:
- 0
- Thanks:
- 2
- Thanked:
- 5 times in 5 posts
May 7, 2016 at 12:12 pm #927875It seems there is a hard redirect rule hidden somewhere in .htaccess or index.php or other php file, can you post the content of your .htaccess file so we can see?
iguinee Friendiguinee
- Join date:
- December 2009
- Posts:
- 453
- Downloads:
- 10
- Uploads:
- 39
- Thanks:
- 58
- Thanked:
- 32 times in 1 posts
May 7, 2016 at 2:36 pm #927930` text/plain htaccess.txt ASCII English text
@package Joomla
@copyright Copyright (C) 2005 – 2016 Open Source Matters. All rights reserved.
@license GNU General Public License version 2 or later; see LICENSE.txt
READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
The line just below this section: ‘Options +FollowSymLinks’ may cause problems
with some server configurations. It is required for use of mod_rewrite, but may already
be set by your server administrator in a way that disallows changing it in
your .htaccess file. If using it causes your server to error out, comment it out (add # to
beginning of line), reload your site in your browser and test your sef url’s. If they work,
it has been set by your server administrator and you do not need it set here.
No directory listings
IndexIgnore *
Can be commented out if causes errors, see notes above.
Options +FollowSymlinks Options -Indexes
Mod_rewrite in use.
RewriteEngine On
Begin – Rewrite rules to block out some common exploits.
If you experience problems on your site block out the operations listed below
This attempts to block the most common type of exploit
attempts
to Joomla!#
Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64encode[^(]([^)]_) [OR]
Block out any script that includes a tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]s)+cript.(>|%3E) [NC,OR]
Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F] #
End – Rewrite rules to block out some common exploits.
Begin – Custom redirects
#
If you need to redirect some pages, or set a canonical non-www to
www redirect (or vice versa), place that code here. Ensure those
redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
End – Custom redirects
Uncomment following line if your webserver’s URL
is not directly related to physical file paths.
Update Your Joomla! Directory (just / for root).
RewriteBase /
Begin – Joomla! core SEF Section.
RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
If the requested path and file is not /index.php and the request
has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index.php
and the requested path and file doesn’t directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
and the requested path and file doesn’t directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
internally rewrite the request to the index.php script
RewriteRule .* index.php [L] #
End – Joomla! core SEF Section.
`
iguinee Friendiguinee
- Join date:
- December 2009
- Posts:
- 453
- Downloads:
- 10
- Uploads:
- 39
- Thanks:
- 58
- Thanked:
- 32 times in 1 posts
May 7, 2016 at 2:38 pm #927931This is the index.php
text/x-generic index.php PHP script text <?php /** * @package Joomla.Site * * @copyright Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved. * @license GNU General Public License version 2 or later; see LICENSE.txt */ /** * Define the application's minimum supported PHP version as a constant so it can be referenced within the application. */ define('JOOMLA_MINIMUM_PHP', '5.3.10'); if (version_compare(PHP_VERSION, JOOMLA_MINIMUM_PHP, '<')) { die('Your host needs to use PHP ' . JOOMLA_MINIMUM_PHP . ' or higher to run this version of Joomla!'); } // Saves the start time and memory usage. $startTime = microtime(1); $startMem = memory_get_usage(); /** * Constant that is checked in included files to prevent direct access. * define() is used in the installation folder rather than "const" to not error for PHP 5.2 and lower */ define('_JEXEC', 1); if (file_exists(__DIR__ . '/defines.php')) { include_once __DIR__ . '/defines.php'; } if (!defined('_JDEFINES')) { define('JPATH_BASE', __DIR__); require_once JPATH_BASE . '/includes/defines.php'; } require_once JPATH_BASE . '/includes/framework.php'; // Set profiler start time and memory usage and mark afterLoad in the profiler. JDEBUG ? $_PROFILER->setStart($startTime, $startMem)->mark('afterLoad') : null; // Instantiate the application. $app = JFactory::getApplication('site'); // Execute the application. $app->execute();
Waleed Sharo FriendWaleed Sharo
- Join date:
- December 2010
- Posts:
- 14
- Downloads:
- 129
- Uploads:
- 0
- Thanks:
- 2
- Thanked:
- 5 times in 5 posts
May 7, 2016 at 2:58 pm #927934Your .htaccess and index.php seems normal, I suspect there is a routing redirect somewhere in the php files, it maybe hard coded using base64 encode, you can contact me on my Skype (can be found on my profile page).
-
AuthorPosts
This topic contains 9 replies, has 4 voices, and was last updated by Waleed Sharo 8 years, 6 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum