Server Hack - IRC Daemon from Joomla

Hi,

We have an older Joomla 2.5.? site on a shared host.

Our host emailed to say that the server was hacked and that our account was directly responsible (ish).

The hacker was attempting to turn the server into an IRC Daemon to join a botnet (as claimed by our hosting company).

This seems odd, as my limited understanding suggests that installing software into a server requires command prompt access.

Just want to see if it is possible / likely that an insecure version of Joomla could allow a hacker to compromise a server to the point where they could setup an IRC Daemon.

Or should I be chasing the hosting company to patch their server directly.

Cheers
stirlingitAsked:
Who is Participating?
 
GaryConnect With a Mentor Commented:
It is very possible.  
You should always make sure your software is upto date (including extensions) - Joomla, WP etc are notorious for being hacked - it's the downfall of open source software

Obviously they have blocked it but you need to clean up your site.
0
 
gheistCommented:
There are about 50 vulnerabilities allowing upload and execution of code in Joomla 2.5.0.
Did they notify you about security issue in advance? Any proof you are at fault? Are thay able to provide you with joomla-as-a-service like they do with PHP?
0
 
serialbandConnect With a Mentor Commented:
There a lot of broken php code out there that allows for access to your disk.  An IRCbot server doesn't to be root to run on linux.  Did they tell you which IRCbot they've discovered?  That should help you narrow down the search.

You should run rootkit hunter.  

http://www.rootkit.nl/projects/rootkit_hunter.html
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
GaryCommented:
He's on shared hosting, he's not going to have root access. Anyway sounds like the host blocked it.
0
 
gheistConnect With a Mentor Commented:
The most logical would be to restore your content from backup on fresh joomla and make sure to update it sometimes (subscribing to Xss or anouncement mailing list is good idea)
0
 
stirlingitAuthor Commented:
Was not a solution, rather was just looking for information :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.