Joomla been hacked


It looks like my joomla admin account has been hijacked.

I had been developing a site and now I cant log into the admin and the site is completely blank!!!

I'm a bit worried all of my hardwork has gone? How do I retrieve it or at least gain access to the admin again?!?!
LVL 18
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Panagiotis Sweb developer - designer Commented:
do you have a backup?

if not ask your hosting company

clean firstly your pc (especially your ftp programs)
Eternal_StudentAuthor Commented:
I have all the files backed up and the PHP etc but obviously someone has wiped everything inside of joomla.

How would I recover all of those settings?

do you have a database backup? try overwriting your database with a clean install and then upload your backup files
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Eternal_StudentAuthor Commented:
How would I find the database back up?

Do you mean re-install joomla? What about all of the plugins and all of the work I have done thus far?
Eternal_StudentAuthor Commented:
Right ... ive managed to delete some rouge user accounts from myphpadmin and create a fresh super user.

Everything looks like it did when I left it in the admin (now I can log in.)

Although the site is not displaying anything?

Eternal_StudentAuthor Commented:
I just logged into the file system and it looks like all of  the code has been deleted?!?

Which would explain why nothing is loading I guess?
upload a fresh index.php file
Eternal_StudentAuthor Commented:
False alarm code is there and joomla admin looks like I last left it.

Still all I get is a blank page loading with "ee"
can you provide a url?
Eternal_StudentAuthor Commented:
If I upload a fresh file all is OK.

Looks like someone has messed around with the index.php file and the .htaccess file.

How would they have gained access to do such?

And how do I re-install what was once there?
Eternal_StudentAuthor Commented:
What do you need a URL for?

to check to see if the code is being generated but you have already answered it :)
Eternal_StudentAuthor Commented:
I'm using a template and it looks like the code in the index file has been completely wiped?
the upload the index.php file from the template - or uninstall and re-install the template
Eternal_StudentAuthor Commented:
but if I do that I will lose all of my changes?
presumeably you have a local file which you have downloaded and edited? or have you overwritten it with the old blank one?

if so then you have no choice but start again

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Regarding security of your super user account... change the username from 'admin' to something else... if someone is trying to get in this already completes half of the puzzle for them. Additionally  the default userid (62) is always the same. In your database you can change this to a different number.

Should help a little when you get it back up and running. I would think if they have modified the .htaccess file then they got ftp access. i'd be changing this as well as any related passwords you mgiht have.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.