Solved

Hacked or not

Posted on 2012-03-14
11
529 Views
Last Modified: 2013-11-13
We have a Joomla website and it appears it may have been hacked. The site URL gets rewritten from

https://www.ourdomain.ie/index.php?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

to

https://www.ourdomain.ie/?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

ntice the index.php is removed. This only happens with the https used in teh URL without https the page displays fine.

The rsult of the above is that our site will not take course enrolments. Mission critical.

Thanks for any guidance as to how I can resolve this.

Ciaran
0
Comment
Question by:Needy11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
11 Comments
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722628
This doesn't look hacked. Check your .htaccess file and replace with a clean copy from the original joomla files if neccessary. I suspect something's been messed up there.
0
 

Author Comment

by:Needy11
ID: 37722780
I have replaced the .htaccess file by the previous without any success. Also attached here. its odd hte problem only happens with the HTTPS URL , this URL is needed for the e-commerce bit.

ANy other thoughts as to how I would troubleshoot this? Maybe its not a hack problem but its certainly very odd!

Ciaran
htaccess--2-.txt
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722811
When did it last work properly?

I would get in touch with the developers of the Enrol Course component and see if they are aware of any HTTPS issues...

Other than that I'm not sure, Joomla is full of nasty little surprises...
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:Needy11
ID: 37722874
It was working over the weekend, seems to have just decided to stop. No website changes since. Did you see anything in the .htaccess that would rewrite the index.php part of teh URL or do you think that is a red herring??

Tx
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722876
There are parts in the .htaccess which will re-write the index.php part of the URL.

Can you try renaming .htaccess to htaccess.txt and see what you get?
0
 

Author Comment

by:Needy11
ID: 37722940
I have tried that but with no change.  However t doesn't look like the problem is with the enrolcourses component . Even if I go to the main domain root with https it takes me to an incorrect page.

The domain is https://www.icepe.ie where as drop teh s in teh https s and all seems wekk untill you get to course enrol stuff.

No matter what page I try to hit using https it always displays the same page. The page it displays is the most recent one added to the system i..e has the highest ID???

Odd very odd...

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722953
What WebServer are you using?

I suspect that this may be a server config issue.
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722967
Are you using the "force SSL" setting?

Check your "configuration.php" file for "var $force_ssl = '1';" If it is set to 1 change to 0
0
 
LVL 3

Accepted Solution

by:
MikeyLLB earned 500 total points
ID: 37722992
It looks like all requests over SSL are being sent to a wordpress installation, not your joomla. Check your bindings in your webserver and confirm that the joomla website is bound on port 443 and (at least for now, ONLY your joomla website is on 443)
0
 

Author Closing Comment

by:Needy11
ID: 37724433
Thankyou yes this fixed it. Our VPS seemed to have reassigned the SSL IP for our domain. When I hard coded it back in to the .conf file all was fine and fixed.

Very responsive help Mike. Thankyou

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37724435
Looking great now :-)

It's nice when webservers take it upon themselves to decide what happens.
0

Featured Post

Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question