Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (reports, blocking, php scanner)
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)? Some
Joomla! version: (1.5.26)
PHP version: (unknown)
MySQL version: (unknown)
Host: (extremeslovenia.com)
Admin Tools version: (2.2.3)
Description of my issue:
My website has been hacked with the following symptoms:
-When I accessed my site I was re-directed to a ???.ru website that tried to install a JS/FakePAV trojan on my pc (MSE detected it and deleted it thankfully)
Steps taken by me so far:
-Take the site offline
-Changed the admin account name and password, also FTP and SQL passwords
-I found that the .htaccess file had been replaced, so I have deleted it and replaced it with one I got from Joomla.com
-I searched the logs for POST commands and found the following "95.163.67.202 - - [04/Apr/2012:07:00:58 +0100] "POST /tmp/jos_ftnq.php HTTP/1.1" 200 162 "
-I secured the tmp folder by moving it out of the htdocs folder and deleted the jos_ftnq.php file in the tmp folder
-Blacklisted the IP address
-I uninstalled the 2 plug-ins that I had installed about a week ago (social networking plug-in and language translator)
-I installed AdminTools PRO and ran Web App Firewall, DB prefix editor, Fix Permissions and Clean Tmp utilities
Following issues remain:
-Runninfg the PHP file change scanner timed out (around 1500 php files)
-.htaccess Maker causes a 500 server error
-site still attempts to redirect me to another site even with no .htaccess file
Any assistance with my next steps would be much appreciated.
Thanks
Bevan
Have I read the related troubleshooter articles above before posting (reports, blocking, php scanner)
Have I searched the tickets before posting? yes
Have I read the documentation before posting (which pages?)? Some
Joomla! version: (1.5.26)
PHP version: (unknown)
MySQL version: (unknown)
Host: (extremeslovenia.com)
Admin Tools version: (2.2.3)
Description of my issue:
My website has been hacked with the following symptoms:
-When I accessed my site I was re-directed to a ???.ru website that tried to install a JS/FakePAV trojan on my pc (MSE detected it and deleted it thankfully)
Steps taken by me so far:
-Take the site offline
-Changed the admin account name and password, also FTP and SQL passwords
-I found that the .htaccess file had been replaced, so I have deleted it and replaced it with one I got from Joomla.com
-I searched the logs for POST commands and found the following "95.163.67.202 - - [04/Apr/2012:07:00:58 +0100] "POST /tmp/jos_ftnq.php HTTP/1.1" 200 162 "
-I secured the tmp folder by moving it out of the htdocs folder and deleted the jos_ftnq.php file in the tmp folder
-Blacklisted the IP address
-I uninstalled the 2 plug-ins that I had installed about a week ago (social networking plug-in and language translator)
-I installed AdminTools PRO and ran Web App Firewall, DB prefix editor, Fix Permissions and Clean Tmp utilities
Following issues remain:
-Runninfg the PHP file change scanner timed out (around 1500 php files)
-.htaccess Maker causes a 500 server error
-site still attempts to redirect me to another site even with no .htaccess file
Any assistance with my next steps would be much appreciated.
Thanks
Bevan
