Support

Admin Tools

#11211 Hackers logged in right now

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 24 February 2012 07:14 CST

user41952
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Admin Tools version: (unknown)

Description of my issue: h

I have hackers logged into the backend of two sites, i can't get in as they must have changed the passwords - is there anything i can do at this point?

Thanks

user41952
Update to this ticket - it appears the hackers have exploited a weakness in my whmcs install which has made my whole re-seller account vulnerable. I have suspended the main site for now. I dont know if this ticket is relevant for this forum now but if anyone has any suggestions on what to do ....

Thanks

nicholas
Akeeba Staff
Manager
Hm, your ticket is not very relevant to this forum. If it was only your site affected, I would recommend following my Unhacking Your Site walkthrough. If it's your entire re-seller account compromised there is only one option: the nuclear option. You have to wipe out all your accounts, create them afresh (with new usernames and passwords), then restore backups of those sites. If you don't have backups, you're practically screwed. An attacker compromising an entire reseller account has most likely installed several backdoors on all sites. By the time you clean one site, he will be exploiting the backdoor on another and re-hacking the site you just unhacked.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user41952
Hi Nicholas thanks for your replies

The hackers have deleted many of my backups which i stupidly only had stored in the public_html folder on the server. I ahve got back into main account just need some help changing the user names or super admins which I cant find any where how to do. Do you think it's ever worth the risk not doing the nuclear - I located some dodgy php scripts with my hosts scanner and deleted them - is this enough?

Thanks for your help - looks like I'll be buying Akeeba Backup for the future!

nicholas
Akeeba Staff
Manager
Hi Jonny,

You can change the password using just a database editing tool, like your host's copy of phpMyAdmin. The exact instructions vary by Joomla! version, but it's easy to find this information by searching for, let's say, "Joomla! 1.5 password reset" in your favourite search engine. The top results will do the trick ;)

Since there seem to be a lot of hacking scripts in your sites, the best option is the nuclear. I know, it sucks (and ever that is the understatement of the year). Look on the positive side. Now that this happened to you, you will never leave a site without an off-site backup and you will be tightening your security even more.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

user41952
That's a good way of looking at it! It's cool, its all a learning process and I welcome all life experiences, I'm surpringly calm about this.

I am considering not using whmcs again, would you consider this wise or is it not a problem so long as it is updated? How does your subscription component compare to this security wise - all I need is to be able to send monthly bills to customers and log their details etc. I find whmcs way over complicated for what i need.

Would you also mind quickly pointing me to the article on over riding ip ban if its your own ip (hacker has geo blocked my country I think)

Thank you very much




nicholas
Akeeba Staff
Manager
Any software, unless regularly updated, can be used to compromise your site. Since WHMCS provides regular updates, I'd say that this would be adequate.

Akeeba Subscriptions is designed so that you can sell subscriptions on your site. Using it as a CRM / billing manager is not an intended feature, therefore not supported. I mean, yeah, you can use a knife as a makeshift screwdriver, but it's not a use that the knife's manufacturer will approve or support :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!