-
AuthorPosts
-
andreipopel Friend
andreipopel
- Join date:
- May 2008
- Posts:
- 70
- Downloads:
- 59
- Uploads:
- 6
- Thanks:
- 6
- Thanked:
- 1 times in 1 posts
February 1, 2009 at 11:29 am #137699Hello,
I just looked at my server stats(AWStats) an here what I found: http://medicalstudent.ro/cache/mod_mainmenu/naGodO!/.onlineeast3.bankofamerica.com/cgi-bin/sitekeys-challenge.html/update.html
These 2 pages are one of my visited pages of my student, medical scientific non profit website(medicalstudent.ro)., see that url in the address bar. How this happened? I will trash my cache folder, but could someone explain me why this pages are here with my url on it and with hundreds of visits?
Thanks!
andreipopel Friendandreipopel
- Join date:
- May 2008
- Posts:
- 70
- Downloads:
- 59
- Uploads:
- 6
- Thanks:
- 6
- Thanked:
- 1 times in 1 posts
February 1, 2009 at 11:39 am #289093O, and there are more pages with bank of america in the cache folder, but what about this one?
Another personal banking service in my site. Is joomla full of spam? How on earth my plugins folder or that css files are infected with this? Cache,,,don;t know, is more vulnerable, but in the plugins folder? grrrrrrrrrrrrrrrrrrrrrrrrrrrr
mj1256 Friendmj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
February 1, 2009 at 6:43 pm #289124you’ve been hacked and someone is bouncing email off of your server. Its an old trick to cloak the originators of the spam and use someone elses server resources to do it. These people are usually in the middle east.
REPORT THIS TO YOUR HOSTING COMPANY IMMEDIATELY
let them deal with it, you will have to restore your site from a backup prior to the hacking.
1 user says Thank You to mj1256 for this useful post
andreipopel Friendandreipopel
- Join date:
- May 2008
- Posts:
- 70
- Downloads:
- 59
- Uploads:
- 6
- Thanks:
- 6
- Thanked:
- 1 times in 1 posts
February 1, 2009 at 7:35 pm #289127Thank you! There were phishing files on my server account. Told the hosting company, deleted them…I will upgrade to joomla 1.5.9 soon , I have right now 1.5.7. How this happened? Is there a way for better protection? They told me there were wrong folder permissions, but you know well that joomla has some errors with that.
mj1256 Friendmj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
February 1, 2009 at 11:38 pm #289146where are you hosted, your server should have PHPsuexec installed on the server. This will set the permissions for maximum security. No file should ever have a permission of 777
andreipopel Friendandreipopel
- Join date:
- May 2008
- Posts:
- 70
- Downloads:
- 59
- Uploads:
- 6
- Thanks:
- 6
- Thanked:
- 1 times in 1 posts
February 2, 2009 at 11:29 am #289225well..you know that joomla cache needs the cache folder set to 777 ant that is my only folder hacked, after I deleted several time the cache..it seems that new spam pages appear…I wil do a fresh install..
andreipopel Friendandreipopel
- Join date:
- May 2008
- Posts:
- 70
- Downloads:
- 59
- Uploads:
- 6
- Thanks:
- 6
- Thanked:
- 1 times in 1 posts
February 10, 2009 at 1:24 pm #290457Help please!
I’ve done an upgrade to 1.5.9 , removed all that shells and set the permisions to all folders at 755, my hosting company said to me it’s ok, and in 6 hours they suspended my site again, a brand new phishing folder/file appeared in the images/resized folder. What should I do? Do not have any idea, brand new install?
mj1256 Friendmj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
February 10, 2009 at 5:09 pm #290479did you change all of your passwords for everything that accesses your server and online accounts. The admin, the cpanel, your hosting account, etc.
I would also completely delete the site and install from a backup, prior to the phishing folders and change all passwords again.
make sure you rename you db and chnage the paswords for that
-
AuthorPosts
This topic contains 8 replies, has 2 voices, and was last updated by mj1256 15 years, 10 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum