Solved

Hacked or not

Posted on 2012-03-14
11
527 Views
Last Modified: 2013-11-13
We have a Joomla website and it appears it may have been hacked. The site URL gets rewritten from

https://www.ourdomain.ie/index.php?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

to

https://www.ourdomain.ie/?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

ntice the index.php is removed. This only happens with the https used in teh URL without https the page displays fine.

The rsult of the above is that our site will not take course enrolments. Mission critical.

Thanks for any guidance as to how I can resolve this.

Ciaran
0
Comment
Question by:Needy11
  • 7
  • 4
11 Comments
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722628
This doesn't look hacked. Check your .htaccess file and replace with a clean copy from the original joomla files if neccessary. I suspect something's been messed up there.
0
 

Author Comment

by:Needy11
ID: 37722780
I have replaced the .htaccess file by the previous without any success. Also attached here. its odd hte problem only happens with the HTTPS URL , this URL is needed for the e-commerce bit.

ANy other thoughts as to how I would troubleshoot this? Maybe its not a hack problem but its certainly very odd!

Ciaran
htaccess--2-.txt
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722811
When did it last work properly?

I would get in touch with the developers of the Enrol Course component and see if they are aware of any HTTPS issues...

Other than that I'm not sure, Joomla is full of nasty little surprises...
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Needy11
ID: 37722874
It was working over the weekend, seems to have just decided to stop. No website changes since. Did you see anything in the .htaccess that would rewrite the index.php part of teh URL or do you think that is a red herring??

Tx
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722876
There are parts in the .htaccess which will re-write the index.php part of the URL.

Can you try renaming .htaccess to htaccess.txt and see what you get?
0
 

Author Comment

by:Needy11
ID: 37722940
I have tried that but with no change.  However t doesn't look like the problem is with the enrolcourses component . Even if I go to the main domain root with https it takes me to an incorrect page.

The domain is https://www.icepe.ie where as drop teh s in teh https s and all seems wekk untill you get to course enrol stuff.

No matter what page I try to hit using https it always displays the same page. The page it displays is the most recent one added to the system i..e has the highest ID???

Odd very odd...

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722953
What WebServer are you using?

I suspect that this may be a server config issue.
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722967
Are you using the "force SSL" setting?

Check your "configuration.php" file for "var $force_ssl = '1';" If it is set to 1 change to 0
0
 
LVL 3

Accepted Solution

by:
MikeyLLB earned 500 total points
ID: 37722992
It looks like all requests over SSL are being sent to a wordpress installation, not your joomla. Check your bindings in your webserver and confirm that the joomla website is bound on port 443 and (at least for now, ONLY your joomla website is on 443)
0
 

Author Closing Comment

by:Needy11
ID: 37724433
Thankyou yes this fixed it. Our VPS seemed to have reassigned the SSL IP for our domain. When I hard coded it back in to the .conf file all was fine and fixed.

Very responsive help Mike. Thankyou

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37724435
Looking great now :-)

It's nice when webservers take it upon themselves to decide what happens.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question