Solved

Hacked or not

Posted on 2012-03-14
11
526 Views
Last Modified: 2013-11-13
We have a Joomla website and it appears it may have been hacked. The site URL gets rewritten from

https://www.ourdomain.ie/index.php?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

to

https://www.ourdomain.ie/?option=com_enrolcourses&view=enrolcourses&courseid=4&Itemid=18&countrytabs=0

ntice the index.php is removed. This only happens with the https used in teh URL without https the page displays fine.

The rsult of the above is that our site will not take course enrolments. Mission critical.

Thanks for any guidance as to how I can resolve this.

Ciaran
0
Comment
Question by:Needy11
  • 7
  • 4
11 Comments
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722628
This doesn't look hacked. Check your .htaccess file and replace with a clean copy from the original joomla files if neccessary. I suspect something's been messed up there.
0
 

Author Comment

by:Needy11
ID: 37722780
I have replaced the .htaccess file by the previous without any success. Also attached here. its odd hte problem only happens with the HTTPS URL , this URL is needed for the e-commerce bit.

ANy other thoughts as to how I would troubleshoot this? Maybe its not a hack problem but its certainly very odd!

Ciaran
htaccess--2-.txt
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722811
When did it last work properly?

I would get in touch with the developers of the Enrol Course component and see if they are aware of any HTTPS issues...

Other than that I'm not sure, Joomla is full of nasty little surprises...
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:Needy11
ID: 37722874
It was working over the weekend, seems to have just decided to stop. No website changes since. Did you see anything in the .htaccess that would rewrite the index.php part of teh URL or do you think that is a red herring??

Tx
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722876
There are parts in the .htaccess which will re-write the index.php part of the URL.

Can you try renaming .htaccess to htaccess.txt and see what you get?
0
 

Author Comment

by:Needy11
ID: 37722940
I have tried that but with no change.  However t doesn't look like the problem is with the enrolcourses component . Even if I go to the main domain root with https it takes me to an incorrect page.

The domain is https://www.icepe.ie where as drop teh s in teh https s and all seems wekk untill you get to course enrol stuff.

No matter what page I try to hit using https it always displays the same page. The page it displays is the most recent one added to the system i..e has the highest ID???

Odd very odd...

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722953
What WebServer are you using?

I suspect that this may be a server config issue.
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37722967
Are you using the "force SSL" setting?

Check your "configuration.php" file for "var $force_ssl = '1';" If it is set to 1 change to 0
0
 
LVL 3

Accepted Solution

by:
MikeyLLB earned 500 total points
ID: 37722992
It looks like all requests over SSL are being sent to a wordpress installation, not your joomla. Check your bindings in your webserver and confirm that the joomla website is bound on port 443 and (at least for now, ONLY your joomla website is on 443)
0
 

Author Closing Comment

by:Needy11
ID: 37724433
Thankyou yes this fixed it. Our VPS seemed to have reassigned the SSL IP for our domain. When I hard coded it back in to the .conf file all was fine and fixed.

Very responsive help Mike. Thankyou

Ciaran
0
 
LVL 3

Expert Comment

by:MikeyLLB
ID: 37724435
Looking great now :-)

It's nice when webservers take it upon themselves to decide what happens.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Adoption of Microsoft’s Enterprise Mobility and Security solution and Office 365 will re-order the File Sync and Share market Microsoft has stated that its Enterprise Mobility + Security (EMS) is the fastest growing product in the history of the …
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question