Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Joomla site hijacked?

Posted on 2014-03-25
4
Medium Priority
?
406 Views
Last Modified: 2014-03-31
I am logging into a Joomla administrator site.  As soon as I have successfully logged in, and the administration page starts to load, Malwarebytes pops up with a message the 174.137.132.45 is being blocked.  Certain functionality on the administrator home page does not have the functionality it should (i.e. some of the menu buttons do nothing).

Does this mean the Joomla site has been hijack?  If so, what can I do about it?

I have searched the internet for 174.137.132.45, and found many people having similar problems with this I.P. address.
0
Comment
Question by:rrhandle8
4 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 39954956
The IP resolves to a few 'Joomla' based sites that from what I can gather where hosting nulled themes/cracked plugins (they are all gone now)
Are you using any of these?
0
 

Author Comment

by:rrhandle8
ID: 39954959
I have no idea.  This is not my site.  I have been asked to make some changes on it.  How can I find out if I am using any of them?
0
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1000 total points
ID: 39955000
I've seen this before. Using an FTP program, download the entire site, run malwarebytes, superantispyware and an antivirus scan against the folder you download to. Allow the infected pages to be quarantined, repair the site and reload it back to the website overlaying all files.
0
 
LVL 54

Assisted Solution

by:Scott Fell, EE MVE
Scott Fell,  EE MVE earned 1000 total points
ID: 39955718
I wonder if you simply have some infected data.  You can look through your db and look for all script tags <script> and see if something is there that you did not add yourself.  Once you find that, you can do a search and replace.  

Before doing this, make sure you are using a back up of your database.  When you are done, before restoring, make sure you turn off ALL plug ins.  This will get your site back up and running.  Chances are if this is in the admin, it is also on your site.  If google fines links to malware, your site can be blocked until you clean.  You could be dark for a couple of weeks...

Then one by one, google your installed plug ins and see if others are having the same issue.  Make sure plug ins are up to date.  Anything that allows posting, sending notice, updates your db is going to be most suspect.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question