#39842 Problem with joomla index.php

Posted in ‘Admin Tools for Joomla! 3’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Latest post by nicholas on Friday, 17 November 2023 02:15 CST

Friday, 17 November 2023 01:45 CST

panagiotiss

Hi Dionysis ( Its Panagiotis from centiva - Joomla forum)

I have a very strange problem (hack) in one of my sites. (fotafota.gr)

joomla index.php has been compromised. Some code has been added to the top 

Hack change mod of file to 444.

I change mod to 644 in order to clean the file (with admin tools or terminal). I delete the code and save the file BUT automatically code is added again to the file and mod is 444.

Same when i delete the file and upload a clean index.php. Automatically file change to 444 with hack code inside

Can you please assist

Regards

Friday, 17 November 2023 02:15 CST

nicholas

This means that this is not the only hacked file.

If you had been using the PHP File Change Scanner frequently you'd know which files have been modified or suddenly appeared on your site, making it obvious what is going on. That's why this feature is there. Without running the PHP File Change Scanner frequently you cannot know. The best solution is to delete everything, block access from all IPs except yours (ask your host), restore your site from a backup, update all extensions (so it doesn't get hacked again), run the PHP File Change Scanner, schedule the PHP File Change Scanner to run daily as discussed in the documentation, then re-enable access to the site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!