Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
A friend and I developed a page using Joomla 2.5.8 and set it up on a Linux webserver with Plesk.
Somehow someone injected a script which seems to be malware into the first line of the code.
And what’s even more strange is that if I delete this script, it will be inserted somehow at the same place.
Does anyone have an idea how to fix this now?
To fix this:
Make sure your installation of joomla hasn’t been compromised. Download the whole source code and compare it against a clean copy on a different computer to check this. There might be several files changed. One contains the code above, another reinstalls the code every time you delete it and a third one checks for updates of the other two and installs them.
Make sure the web server process cannot write any of the files of your joomla installation.
Make sure you deleted the install scripts.
Make sure you changed the default password.
Some attackers run a script which checks that your site is still cracked and crack it again every time you fix the problem. Upgrade to the latest version of joomla to fix this. If that doesn’t help, you might have to take down your site for some time until the security hole is fixed.
If you have any plugins installed, upgrade or disable them.
Check for viruses/trojans on your server. If this is Linux, look for odd login attempts, processes that shouldn’t be there, etc.
Always install all the security patches for your OS