Solved

Joomla site hacked. bad link has been added

Posted on 2014-04-16
8
541 Views
Last Modified: 2014-04-23
Hi
www.planetaid-uk.org
If you sroll all the way to to bottom, 3 bad links to porno sites has been added
I am trying to remove them but cant find any place where they have added it
I have tried the index.php of my template but its not there

Please see attached.
Is there a way to find out where this 3 links has been added so i can remove it?
hacking.jpg
0
Comment
Question by:morten444
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 1

Expert Comment

by:ceo_tech
ID: 40004906
Restore your backup and you should be back up and running in know time. Also you should get fail2ban install.
0
 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 40004925
If you have any plug ins for forms, ads, comments etc.  Turn those off.  Then make sure they are all up to date.
0
 

Author Comment

by:morten444
ID: 40009265
Hi
Thanks for advice.
My question was more if there is a way to locate using firebug or any other tool how to find in what PHP file this has been inserted?

we have file2ban installed
Have 15days rolling backup. problem is customer discovered so late that even the first one is infected so restore no option.
I need to find where the text has been inseted

Anyone?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 53

Expert Comment

by:Scott Fell, EE MVE
ID: 40009298
I would just query the db and look for <script>something bad... </script> and remove/find and replace.
0
 

Author Comment

by:morten444
ID: 40009812
Hi
Thanks for your answer.
I have tried to search how i can search any text from any table in my database

I have a database called planetaiduk
I have about 60 tables (joomla and extentions)
I use PhPmyadmin
There is a search field when my database is highligted but i get no maches when i search for example "r43dsworlduk" (one of the hacked links)

I also do not get any match if i search planetaid so i guess i can not search in that way
Can you tell me how i can search any text containing the word
r43dsworlduk
in any table in my database using phpmyadmin?
0
 

Author Comment

by:morten444
ID: 40009817
Hi again
Sorry if i mark all the tables i do get responds but no match on this word
I do get matches on other words i search so i guess the database is not compremised
So it has to be inseted into a php file i guess
any other idears?
0
 

Accepted Solution

by:
morten444 earned 0 total points
ID: 40009829
Issue solved
I downloaded website and did a search on this word without any match
i then updated joomla to latest version and that seem to have removed the script
0
 

Author Closing Comment

by:morten444
ID: 40017025
Updating Joomla must have overwritten the file that was infected.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses four methods for overlaying images in a container on a web page
This article discusses how to create an extensible mechanism for linked drop downs.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question