controller.php.suspected

More
8 years 11 months ago #58734 by fgossart
Replied by fgossart on topic controller.php.suspected
Yes I saw it and not a flexicontent file, so deleted
Release is 3.4.5 for joomla and FC latest build.
I can still access backend / fronted

When hacked again there is a new file.php in Joomla root and controller becomes suspected.

I still have not changed passwords, I will do it while and after.

Thanks

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58735 by ggppdk
Replied by ggppdk on topic controller.php.suspected
Hello

maybe better is (provide that your server software is good, and no other server issue)
- restore last clean backup to a temp folder (e.g. to your localhost)
- upgrade extensions and change passwords of admins
- then use temp installation as live site


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58736 by fgossart
Replied by fgossart on topic controller.php.suspected
unfortunately it's difficult to know which backup was clean and safe

hackling has begin since weeks though we didn't suspect id.(ie before controller was renamed)


Create a new clean web site/database is a solution.
but it's not possible te create all FC data.
Perhaps just keep FC tables ?

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58737 by ggppdk
Replied by ggppdk on topic controller.php.suspected
Hello

you can try
- but you will loose ACL permissions
- and component configuration
- other problems ?


better do this
in localhost
- back / download old DB
- keep ALL current database (just double check users table for admin accounts before you make it live again later)
- make a new install and install all extensions you had
- only copy *.png, *.jpeg etc from the old installation folder, any hacks inside such image files, etc should be unusuable if your server software is good
but scan with any tools you have
- then set the new installation to use the old database, and change passwords


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago - 8 years 11 months ago #58738 by ggppdk
Replied by ggppdk on topic controller.php.suspected
Hello

please note that using the OLD db, besides cleaning admin accounts,
may still be (potentially) a security problem

e.g. with malicious JS inside content, that can steal your password during frontend login
...

in FLEXIcontent fields:
- textaread, description, text
there are parameters to strip output or encode it (HTML / JS will be come visible)


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...
Last edit: 8 years 11 months ago by ggppdk.

Please Log in or Create an account to join the conversation.

More
8 years 11 months ago #58741 by fgossart
Replied by fgossart on topic controller.php.suspected
I just have in my apache logs
POST /plugins/flexicontent_fields/core/menu64.php

I wonder if I could empty this file change owner and put readonly
even if I have to clean every web site, I cannot let them offline for many days.

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.391 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline