Hi,
My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
Here is the info that I have so far.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
Passwords of other administrators were changed but not mine fortunately.
User_notes table deleted, which renders the User Manager in the admin section useless.
According to logs the attack hit the following files in this sequence:
/administrator/index.php
/index.php (Root)
/plugins/authentication/joomla/joomla.php
/plugins/user/joomla/joomla.php
and then the changes to the users and user_notes tables.
There is no junk in either index.php
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
Thanks in advance for any help!
Regards,
Victor Dani.
via Joomla! http://ift.tt/1pNpI9W
My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
Here is the info that I have so far.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
Passwords of other administrators were changed but not mine fortunately.
User_notes table deleted, which renders the User Manager in the admin section useless.
According to logs the attack hit the following files in this sequence:
/administrator/index.php
/index.php (Root)
/plugins/authentication/joomla/joomla.php
/plugins/user/joomla/joomla.php
and then the changes to the users and user_notes tables.
There is no junk in either index.php
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
Thanks in advance for any help!
Regards,
Victor Dani.
Statistics: Posted by Victor Dani — Thu Sep 04, 2014 2:28 pm
via Joomla! http://ift.tt/1pNpI9W
No comments:
Post a Comment