Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.25)
PHP version: (5.2.6)
MySQL version: (5.0.51b)
Host: (self hosting Windows IIs 6.0 server)
Admin Tools version: (2.1.14)
Description of my issue:
Nick, thank you for providing your outstanding AdminTools and Akeeba Backup extensions to the Joomla community. Both have been a major life & time saver for many of us.
I manage a private school's website (Joomla 1.5.25) that resides on their Windows IIs server. With the assistance of AdminTools, I have blocked just about every country outside of North America due to some really harsh activity coming mostly from China and the Russian Federation IPs. The problem we are having is the site is crashing at least once a week due to 'eval(base64_decode' scripts being added to all index.php files within the Joomla installation. I have a copy of one of the index.php files as well as the last admintools_breaches.log file before taking the site down and re-installing from a recent backup. I'm not 100% sure what direction to take in preventing this from happening in the future thus I am turning to you for assistance.
If this matter would best be handled via a support ticket subscription, please let me know and I'll make the necessary purchase. If you wish to receive the infected index.php file to review along with the admintools_breaches.log file, let me know how to best get these files to you.
Finally, since I have GEOblocking active and if you wish to view the Joomla site in question (both public/admin), I'll need your IP address so I can add it to the white list. I understand that this may be outside the scope of AdminTools but wanted to seek your expert advise and assistance on prevention measures moving forward.
In regards,
Ed
Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: (1.5.25)
PHP version: (5.2.6)
MySQL version: (5.0.51b)
Host: (self hosting Windows IIs 6.0 server)
Admin Tools version: (2.1.14)
Description of my issue:
Nick, thank you for providing your outstanding AdminTools and Akeeba Backup extensions to the Joomla community. Both have been a major life & time saver for many of us.
I manage a private school's website (Joomla 1.5.25) that resides on their Windows IIs server. With the assistance of AdminTools, I have blocked just about every country outside of North America due to some really harsh activity coming mostly from China and the Russian Federation IPs. The problem we are having is the site is crashing at least once a week due to 'eval(base64_decode' scripts being added to all index.php files within the Joomla installation. I have a copy of one of the index.php files as well as the last admintools_breaches.log file before taking the site down and re-installing from a recent backup. I'm not 100% sure what direction to take in preventing this from happening in the future thus I am turning to you for assistance.
If this matter would best be handled via a support ticket subscription, please let me know and I'll make the necessary purchase. If you wish to receive the infected index.php file to review along with the admintools_breaches.log file, let me know how to best get these files to you.
Finally, since I have GEOblocking active and if you wish to view the Joomla site in question (both public/admin), I'll need your IP address so I can add it to the white list. I understand that this may be outside the scope of AdminTools but wanted to seek your expert advise and assistance on prevention measures moving forward.
In regards,
Ed
