Joomla hack redirects article saves to malware
Posted on 2011-03-01
I have a 2 y/o Joomla site. Using Joomla 1.5.2. Has worked fine until today. Attempted to edit the article home page. Made the change and clicked on Save. Was immediately redirected to a site declaring i was infected ... great fireworks showing phony scans indicating many infections. X'd out of all and end processed the offending tab .. went to site to see if my change had taken. It hadn't. Went back to admin and it appears that once in an article if I attempt to save or close or apply I am immediately redirected to an unbranded Search site with Facebook themed hits. This happens on any computer. Verio is my host and it happened to my tech support rep.
There has been no impact on the site itself ... it's just admin so far that is affected/infected. THere is only an htaccess.txt file in the site root. The files licenses.php, license.php, install.php,index.php credits.php, configuration.php and changelog.php all have dates of 2/23/2011 .. I made no changes on that day.
Welcome suggestions ..