controller.php.suspected

More
8 years 11 months ago #58742 by ggppdk
Replied by ggppdk on topic controller.php.suspected
Hello

is it a shared host ?
what is the folder permissions ?
it should be:
rwx r-x r-x
owner, group, all

temporariy, make the 'plugins' folder have permissions:
r-x r-x r-x


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58746 by fgossart
Replied by fgossart on topic controller.php.suspected
yes it's a share host.
I still can see some POST request to change php file but as these file is useless for the website it is not changed now because of the rights

Hope it will give me some time

I will probably setup a full local computer with distrib and sofrware to restore my backups and scan the files and DB

Have a nice sunday and thanks for being so helpfull :)

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58807 by fgossart
Replied by fgossart on topic controller.php.suspected
I put a htacess/htpasswd to administrator path and most of hacks are gone.

but I can see in apache logs many POST as
POST /templates/atomic/html/mod_menu/alias.php HTTP....

And they create new PHP files. I can't explain how can they POST files and upload (or change) them.
For the moment each time a hacked file is created I empty it chmod and chown to avoid been created again.

IT will give me some times to downlaod backup clean locally as you explain.

But I wonder how POST apache requests can be done

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58808 by ggppdk
Replied by ggppdk on topic controller.php.suspected
Hello

once hacked by any way
- they would have installed php files in various joomla folders

the reason that site was hacked is unknown (e.g. you did not update to J3.4.5 fast enough)
arstechnica.com/security/2015/10/joomla-...mote-takeover-hacks/

and it does not seem to be related to FLEXIcontent


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58819 by micker
Replied by micker on topic controller.php.suspected
je te recommende non => aesecure avec son scan c'est de la bombe niveau sécurisé et scan

FLEXIcontent is Free but involves a very big effort on our part.
Like the our support? (for a bug-free FC, despite being huge extension) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing reviews. Thanks![/size]
The following user(s) said Thank You: fgossart

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58919 by fgossart
Replied by fgossart on topic controller.php.suspected
J'avais essayé mais pas bien compris le principe, trop occupé surement de vouloir faire vite.

La solution préconisée par ggppdk semble fonctionner :
démarrer une instal clean de Joomla, installer les extensions, puis remettre l'ancienne base de donnée apres avoir checké les injections SQL.

Depuis 4 jours c'est stable.

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 1.040 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline