[joomla] Sucuri.net solved my hacking problem
Dave Burstein
daveb at dslprime.com
Fri Oct 19 13:16:44 EDT 2012
I went through hell for two days as I cleaned up each site, then it
was re-infected. Sucuri charges $89 for one site, $189 (or similar)
for five. My experience was that I needed to clear all sites or I
couldn't prevent being re-infected.
It was definitely worth paying them when I had a multi-site infection.
db
On Fri, Oct 19, 2012 at 12:30 PM, <joomla-request at lists.nyphp.org> wrote:
> Send Joomla mailing list submissions to
> joomla at lists.nyphp.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.nyphp.org/mailman/listinfo/joomla
> or, via email, send a message with subject or body 'help' to
> joomla-request at lists.nyphp.org
>
> You can reach the person managing the list at
> joomla-owner at lists.nyphp.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Joomla digest..."
>
>
> Today's Topics:
>
> 1. having major issues with hacking and restoring (Ellen Rothwax)
> 2. Re: having major issues with hacking and restoring (Unitel)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 19 Oct 2012 12:12:39 -0400
> From: Ellen Rothwax <ellen.rothwax at gmail.com>
> To: joomla at lists.nyphp.org
> Subject: [joomla] having major issues with hacking and restoring
> Message-ID:
> <CALfVZ388aQO=jX+e-3V0mgb2sYkGoYm78Mm=70wqNtEjfAW+XQ at mail.gmail.com>
> Content-Type: text/plain; charset="windows-1252"
>
> Hi folks,
> Not my day!!!!
> I have been hacked on a couple of my Joomla sites in the past few days.
> All are hosted on 1 & 1 , they are 1.5 and 2.5 sites, all the latest
> versions.
> The hacks are different. One was redirecting to msn.com another messed with
> my htaccess file and something in the backend because oddly enough although
> I can see it, the dropdown navigation in the backend doesn't work.The
> navigation icons in the control panel do, but once you get to a different
> page, the save and close buttons don't work. I am having the host roll back
> their backups because mine are not helping.
> Has anyone had this experience?
> Other than using Admin tools and removing references to Joomla, any
> suggestions to securing the sites better?
>
> On a different note, I just tried to restore a backup to a backup site on a
> site that was not hacked to test it(I am paranoid now that my backups won't
> help if they are corrupted). This site has Hikashop and Easyblog on it. The
> restored backup (to a new database) isn't working right. It is fine until
> you try to navigate to one of these extensions and I get an error:
> Multiple Choices
> The document name you requested (/index.php) could not be found on this
> server. However, we found documents with names similar to the one you
> requested.
>
> Available documents:
>
> /index.html (common basename)
>
> Please consider informing the owner of the referring page about the broken
> link.
>
>
> Any ideas why?
>
>
> Please make my day better!
>
> Ellen
>
>
> --
>
> <http://www.ebrwebsitedesigns.com>
> Ellen Rothwax
> Web Design and Development
> *Don?t say you can?t afford a website. . .you can?t afford not to have one.
> *www.ebrwebsitedesigns.com*
> *(P) 203 572-5756*
> *
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/bf92e107/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 19 Oct 2012 12:30:24 -0400
> From: "Unitel" <unitelny at gmail.com>
> To: "'NYPHP SIG: Joomla'" <joomla at lists.nyphp.org>
> Subject: Re: [joomla] having major issues with hacking and restoring
> Message-ID: <18DA8933BD5742F38DD53903B0B58D81 at OwnerPC>
> Content-Type: text/plain; charset="us-ascii"
>
> In case you don't know! I linked to your site by clicking your logo and when
> I clicked your menu I got the following response.
>
>
>
>
> "Internal Server Error
>
>
> The server encountered an internal error or misconfiguration and was unable
> to complete your request.
>
> Please contact the server administrator, webadmin at kundenserver.de and inform
> them of the time the error occurred, and anything you might have done that
> may have caused the error.
>
> More information about this error may be available in the server error log.
>
> Additionally, a 500 Internal Server Error error was encountered while trying
> to use an ErrorDocument to handle the request."
>
>
>
>
>
>
>
>
>
> Best regards,
>
>
>
> Marcos Miranda
>
> ---
>
>
>
> _____
>
> From: joomla-bounces at lists.nyphp.org [mailto:joomla-bounces at lists.nyphp.org]
> On Behalf Of Ellen Rothwax
> Sent: Friday, October 19, 2012 12:13 PM
> To: joomla at lists.nyphp.org
> Subject: [joomla] having major issues with hacking and restoring
>
>
>
> Hi folks,
> Not my day!!!!
> I have been hacked on a couple of my Joomla sites in the past few days. All
> are hosted on 1 & 1 , they are 1.5 and 2.5 sites, all the latest versions.
> The hacks are different. One was redirecting to msn.com another messed with
> my htaccess file and something in the backend because oddly enough although
> I can see it, the dropdown navigation in the backend doesn't work.The
> navigation icons in the control panel do, but once you get to a different
> page, the save and close buttons don't work. I am having the host roll back
> their backups because mine are not helping.
> Has anyone had this experience?
> Other than using Admin tools and removing references to Joomla, any
> suggestions to securing the sites better?
>
> On a different note, I just tried to restore a backup to a backup site on a
> site that was not hacked to test it(I am paranoid now that my backups won't
> help if they are corrupted). This site has Hikashop and Easyblog on it. The
> restored backup (to a new database) isn't working right. It is fine until
> you try to navigate to one of these extensions and I get an error:
> Multiple Choices
> The document name you requested (/index.php) could not be found on this
> server. However, we found documents with names similar to the one you
> requested.
>
> Available documents:
>
> /index.html (common basename)
>
> Please consider informing the owner of the referring page about the broken
> link.
>
>
>
> Any ideas why?
>
>
>
> Please make my day better!
>
> Ellen
>
>
>
> --
>
> <http://www.ebrwebsitedesigns.com>
> Ellen Rothwax
> Web Design and Development
> Don't say you can't afford a website. . .you can't afford not to have one.
> www.ebrwebsitedesigns.com
> (P) 203 572-5756
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/492ff80d/attachment.html>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: image001.gif
> Type: image/gif
> Size: 3357 bytes
> Desc: not available
> URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/492ff80d/attachment.gif>
>
> ------------------------------
>
> _______________________________________________
> Joomla mailing list
> Joomla at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> End of Joomla Digest, Vol 70, Issue 10
> **************************************
--
Editor, DSL Prime, Fast Net News, Net Policy News and A Wireless Cloud
Author with Jennie Bourne DSL (Wiley, 2002) and Web Video: Making It
Great, Getting It Noticed (Peachpit, 2008)
More information about the Joomla
mailing list