test
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • andreipopel Friend
    #137699

    Hello,

    I just looked at my server stats(AWStats) an here what I found: http://medicalstudent.ro/cache/mod_mainmenu/naGodO!/.onlineeast3.bankofamerica.com/cgi-bin/sitekeys-challenge.html/update.html

    http://medicalstudent.ro/cache/mod_mainmenu/naGodO!/.onlineeast3.bankofamerica.com/cgi-bin/sitekeys-challenge.html/index2.htm

    These 2 pages are one of my visited pages of my student, medical scientific non profit website(medicalstudent.ro)., see that url in the address bar. How this happened? I will trash my cache folder, but could someone explain me why this pages are here with my url on it and with hundreds of visits?

    Thanks!

    andreipopel Friend
    #289093

    O, and there are more pages with bank of america in the cache folder, but what about this one?

    http://medicalstudent.ro/andrei/plugins/editors/tinymce/jscripts/tiny_mce/plugins/searchreplace/css/.barclays/barclays.co.uk/

    Another personal banking service in my site. Is joomla full of spam? How on earth my plugins folder or that css files are infected with this? Cache,,,don;t know, is more vulnerable, but in the plugins folder? grrrrrrrrrrrrrrrrrrrrrrrrrrrr

    mj1256 Friend
    #289124

    you’ve been hacked and someone is bouncing email off of your server. Its an old trick to cloak the originators of the spam and use someone elses server resources to do it. These people are usually in the middle east.

    REPORT THIS TO YOUR HOSTING COMPANY IMMEDIATELY

    let them deal with it, you will have to restore your site from a backup prior to the hacking.

    andreipopel Friend
    #289127

    Thank you! There were phishing files on my server account. Told the hosting company, deleted them…I will upgrade to joomla 1.5.9 soon , I have right now 1.5.7. How this happened? Is there a way for better protection? They told me there were wrong folder permissions, but you know well that joomla has some errors with that.

    mj1256 Friend
    #289146

    where are you hosted, your server should have PHPsuexec installed on the server. This will set the permissions for maximum security. No file should ever have a permission of 777

    Joomla Security Center

    andreipopel Friend
    #289225

    well..you know that joomla cache needs the cache folder set to 777 ant that is my only folder hacked, after I deleted several time the cache..it seems that new spam pages appear…I wil do a fresh install..

    andreipopel Friend
    #290457

    Help please!

    I’ve done an upgrade to 1.5.9 , removed all that shells and set the permisions to all folders at 755, my hosting company said to me it’s ok, and in 6 hours they suspended my site again, a brand new phishing folder/file appeared in the images/resized folder. What should I do? Do not have any idea, brand new install?

    mj1256 Friend
    #290479

    did you change all of your passwords for everything that accesses your server and online accounts. The admin, the cpanel, your hosting account, etc.

    I would also completely delete the site and install from a backup, prior to the phishing folders and change all passwords again.

    make sure you rename you db and chnage the paswords for that

Viewing 8 posts - 1 through 8 (of 8 total)

This topic contains 8 replies, has 2 voices, and was last updated by  mj1256 15 years, 10 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum