[FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x

More
8 years 4 months ago - 8 years 4 months ago #59020 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Thanks! I renamed the file and the extension of the file. I did some audits with watchful.li and there is one left for flexicontent, but I don't that that can hurt. The others are Joomla's own once. RSfirewall not watchul.li's compare function does respond to these files. So it's apt to be good now.

/components/com_flexicontent/TODO.php system (vistamedia) Possible PHP Injection (Unix command)

/libraries/vendor/joomla/application/src/AbstractDaemonApplication.php system('export HOME="' . $info . '"'), passthru('kill -9 ' . $pid), system (mostly BSD-style systems) Possible PHP Injection (Unix command)

/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php popen($sendmail, 'w')), popen($sendmail, 'w')) Possible PHP Injection (Unix command)

/libraries/joomla/application/daemon.php system('export HOME="' . $info . '"'), passthru('kill -9 ' . $pid), system (mostly BSD-style systems) Possible PHP Injection (Unix command)
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59023 by ggppdk
Replied by ggppdk on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Hello

did you upgrade FLEXIcontent and Joomla ?
all these files are not the original FLEXIcontent / Joomla files
- they have been modified / hacked

- once a web-site is hacked, it will install backdoors in several places,
and it will reapply / re-hack various files

- thus upgrading Joomla and FLEXIcontent is not enough, you will need to remove all backdoors, if 1 hacked file remains it will re-apply hacks in other files

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59024 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
how would I be able to do that? How to know which of those files are backdoors? Is there a tool that removes them? Or am I free to remove them manually? Including the core joomla files like the deamon.php file?
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59025 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
O, btw, to answer your question. Yes I updated every component. Apperently and logically it will leave the non core files which are hacked files. I thought an audit and rsfirewall would fix the hacks.
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59026 by ggppdk
Replied by ggppdk on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Hello

this might work:
- take website down
- make a backup of the joomla folder
- delete all files reported as suspicious, including core files
- extract Joomla package into the folder and then delete /installation/ folder
thus to get files that you deleted
- go to Joomla installer and re-upload FLEXIcontent and other components

-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
More
8 years 4 months ago - 8 years 4 months ago #59027 by acceptgiro
Replied by acceptgiro on topic [FLEXIcontent v2.0.0] Hacked website @ J2.5.28 needs to be migrated to 3.4.x and FLEXIcontent v3.0.x
Doesn't flexicontent installation override the current database content of the flexicontent tables? Or any other plugin for that matter? Never knew that could work! Cool! gonna do that right away!
Last edit: 8 years 4 months ago by ggppdk.
The topic has been locked.
Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.311 seconds

Last FLEXI-site

Last Faq articles

Newsletter

Last Tutos about FLEXIcontent

Login

Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline