Solved

Joomla site hijacked?

Posted on 2014-03-25
4
379 Views
Last Modified: 2014-03-31
I am logging into a Joomla administrator site.  As soon as I have successfully logged in, and the administration page starts to load, Malwarebytes pops up with a message the 174.137.132.45 is being blocked.  Certain functionality on the administrator home page does not have the functionality it should (i.e. some of the menu buttons do nothing).

Does this mean the Joomla site has been hijack?  If so, what can I do about it?

I have searched the internet for 174.137.132.45, and found many people having similar problems with this I.P. address.
0
Comment
Question by:rrhandle8
4 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 39954956
The IP resolves to a few 'Joomla' based sites that from what I can gather where hosting nulled themes/cracked plugins (they are all gone now)
Are you using any of these?
0
 

Author Comment

by:rrhandle8
ID: 39954959
I have no idea.  This is not my site.  I have been asked to make some changes on it.  How can I find out if I am using any of them?
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 250 total points
ID: 39955000
I've seen this before. Using an FTP program, download the entire site, run malwarebytes, superantispyware and an antivirus scan against the folder you download to. Allow the infected pages to be quarantined, repair the site and reload it back to the website overlaying all files.
0
 
LVL 52

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 250 total points
ID: 39955718
I wonder if you simply have some infected data.  You can look through your db and look for all script tags <script> and see if something is there that you did not add yourself.  Once you find that, you can do a search and replace.  

Before doing this, make sure you are using a back up of your database.  When you are done, before restoring, make sure you turn off ALL plug ins.  This will get your site back up and running.  Chances are if this is in the admin, it is also on your site.  If google fines links to malware, your site can be blocked until you clean.  You could be dark for a couple of weeks...

Then one by one, google your installed plug ins and see if others are having the same issue.  Make sure plug ins are up to date.  Anything that allows posting, sending notice, updates your db is going to be most suspect.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foolproof security solutions has become one of the key necessities of every e-commerce or Internet banking website. If you too own an online shopping site then its vital for you to equip your web portal with customer security features that can allow…
Thoughout my experience working on eCommerce web applications I have seen applications succumbing to increased user demand and throughput. With increased loads the response times started to spike, which leads to user frustration and lost sales. I ha…
The viewer will learn how to dynamically set the form action using jQuery.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now