• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 408
  • Last Modified:

Joomla site hijacked?

I am logging into a Joomla administrator site.  As soon as I have successfully logged in, and the administration page starts to load, Malwarebytes pops up with a message the 174.137.132.45 is being blocked.  Certain functionality on the administrator home page does not have the functionality it should (i.e. some of the menu buttons do nothing).

Does this mean the Joomla site has been hijack?  If so, what can I do about it?

I have searched the internet for 174.137.132.45, and found many people having similar problems with this I.P. address.
0
rrhandle8
Asked:
rrhandle8
2 Solutions
 
GaryCommented:
The IP resolves to a few 'Joomla' based sites that from what I can gather where hosting nulled themes/cracked plugins (they are all gone now)
Are you using any of these?
0
 
rrhandle8Author Commented:
I have no idea.  This is not my site.  I have been asked to make some changes on it.  How can I find out if I am using any of them?
0
 
Tony GiangrecoCommented:
I've seen this before. Using an FTP program, download the entire site, run malwarebytes, superantispyware and an antivirus scan against the folder you download to. Allow the infected pages to be quarantined, repair the site and reload it back to the website overlaying all files.
0
 
Scott Fell, EE MVEDeveloperCommented:
I wonder if you simply have some infected data.  You can look through your db and look for all script tags <script> and see if something is there that you did not add yourself.  Once you find that, you can do a search and replace.  

Before doing this, make sure you are using a back up of your database.  When you are done, before restoring, make sure you turn off ALL plug ins.  This will get your site back up and running.  Chances are if this is in the admin, it is also on your site.  If google fines links to malware, your site can be blocked until you clean.  You could be dark for a couple of weeks...

Then one by one, google your installed plug ins and see if others are having the same issue.  Make sure plug ins are up to date.  Anything that allows posting, sending notice, updates your db is going to be most suspect.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now