Mandatory information about my setup:
Have I read the related troubleshooter articles above before posting (which pages?)? Looked at the Troubleshooter
Have I searched the tickets before posting? yes, for remote backup
Have I read the documentation before posting (which pages?)? troubleshooting
Joomla! version: 1.5.26 (upgraded from 1.5.25 after hack)
PHP version: 5.3.10
MySQL version: Server version: 5.1.56
Host: rochen shared server acct
Akeeba Backup version: WAS Akeeba Backup core 3.3.11, now 3.4.3
EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.
Description of my issue:
For certain this site was hacked (scary pic and music on home page) and site owner called and asked me to fix it. Then, I was looking at backend and noticed some odd behaviour, and also the database seemed to revert to any earlier version (I know, because user details I had changed reverted to earlier settings). I changed their passwords, upgraded from j1.5.25 --> 26, updated software, including akeeba. Then, noticed (see attached) log in server tmp folder that appears to show a remote backup (I did not do this! nor did they!) and remote attempts too in the akeeba joomla log. I've attached both files. My question is - does it look to you like this is a remote backup? If so, it is a hacker. Or, am I misunderstanding the log. Since it is in the akeeba log, are they using akeeba backup core for this - I don't think it has this feature? Thanks for your feedback, I just want to understand the log and stop ability to remote backup. I did uninstall lazy scheduling plugin, which was deactivated already. Thank you in advance.
Have I read the related troubleshooter articles above before posting (which pages?)? Looked at the Troubleshooter
Have I searched the tickets before posting? yes, for remote backup
Have I read the documentation before posting (which pages?)? troubleshooting
Joomla! version: 1.5.26 (upgraded from 1.5.25 after hack)
PHP version: 5.3.10
MySQL version: Server version: 5.1.56
Host: rochen shared server acct
Akeeba Backup version: WAS Akeeba Backup core 3.3.11, now 3.4.3
EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.
Description of my issue:
For certain this site was hacked (scary pic and music on home page) and site owner called and asked me to fix it. Then, I was looking at backend and noticed some odd behaviour, and also the database seemed to revert to any earlier version (I know, because user details I had changed reverted to earlier settings). I changed their passwords, upgraded from j1.5.25 --> 26, updated software, including akeeba. Then, noticed (see attached) log in server tmp folder that appears to show a remote backup (I did not do this! nor did they!) and remote attempts too in the akeeba joomla log. I've attached both files. My question is - does it look to you like this is a remote backup? If so, it is a hacker. Or, am I misunderstanding the log. Since it is in the akeeba log, are they using akeeba backup core for this - I don't think it has this feature? Thanks for your feedback, I just want to understand the log and stop ability to remote backup. I did uninstall lazy scheduling plugin, which was deactivated already. Thank you in advance.
Vicky Thomas
