Solved

Joomla site hijacked?

Posted on 2014-03-25
4
378 Views
Last Modified: 2014-03-31
I am logging into a Joomla administrator site.  As soon as I have successfully logged in, and the administration page starts to load, Malwarebytes pops up with a message the 174.137.132.45 is being blocked.  Certain functionality on the administrator home page does not have the functionality it should (i.e. some of the menu buttons do nothing).

Does this mean the Joomla site has been hijack?  If so, what can I do about it?

I have searched the internet for 174.137.132.45, and found many people having similar problems with this I.P. address.
0
Comment
Question by:rrhandle8
4 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 39954956
The IP resolves to a few 'Joomla' based sites that from what I can gather where hosting nulled themes/cracked plugins (they are all gone now)
Are you using any of these?
0
 

Author Comment

by:rrhandle8
ID: 39954959
I have no idea.  This is not my site.  I have been asked to make some changes on it.  How can I find out if I am using any of them?
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 39955000
I've seen this before. Using an FTP program, download the entire site, run malwarebytes, superantispyware and an antivirus scan against the folder you download to. Allow the infected pages to be quarantined, repair the site and reload it back to the website overlaying all files.
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 250 total points
ID: 39955718
I wonder if you simply have some infected data.  You can look through your db and look for all script tags <script> and see if something is there that you did not add yourself.  Once you find that, you can do a search and replace.  

Before doing this, make sure you are using a back up of your database.  When you are done, before restoring, make sure you turn off ALL plug ins.  This will get your site back up and running.  Chances are if this is in the admin, it is also on your site.  If google fines links to malware, your site can be blocked until you clean.  You could be dark for a couple of weeks...

Then one by one, google your installed plug ins and see if others are having the same issue.  Make sure plug ins are up to date.  Anything that allows posting, sending notice, updates your db is going to be most suspect.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Developer tools in browsers have been around for a while, yet they are still heavily underused by developers. Developers still fix html or CSS then refresh page to see effect, or they put alert or debugger in JavaScript and then try again and again …
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now