JohnHale JohnHale • about 8 years ago
Hacked. Updated, restored PW change, hacked again.
Hi,
I have thee sites that were hacked. I changed all passwords and restored from backup and all was well. A few days later the hack returned to two of those.I don't think it is back end because I keep an .htaccess file in /administrator that refuses access to all but specific IP addresses. The admin PW was changed both for FTP and Joomla in all cases prior to restoring site. There were traces remaining after scan quarantined the index files which I cannot access as of this time due to host restrictions on the location.In some but not all cases some new files appeared.
o.htm
un.php
.htacce9ss
Because of their nature I would not put their contents in here but could provide them in zipped format perhaps, with extensions changed.I am wondering if anyone here has seen this particular hack and found how they are entering the server?It has not been particularly destructive other than when the malware software quarantines the index file then, of course, the site is down until I replace it.If this is a known hacker does anyone have more info? Entry point (component or plugin?) are there other locations where they hide files to be able to return that is known?
Any help will be apprecited.
I didn't find the right solution from the Internet.
References:
https://forum.joomla.org/viewtopic.php?t=954418
Advids Overview
Thank you.
Comments are closed.
0 comments