PC Security Forum

Full Version: JOOMLA hacked
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
As a non-technical person, I rely on people like you to help me when I'm stuck (which is often). I thank you in advnce for your help.
My main website http://www.lindsayhilton.com has been hacked, as well as a few sub websites.
My hosting company says I must research JOOMLA websites for an answer, but so far I am still stuck.
How does one reclaim their website?
If you know, please try explain in layman's terms.
tks
Hi,

I have visited the site and yes it looks like hackers have gained control over it.
When you say it is hacked, do you mean a hacker has denied access to everything, like backend panel and FTP and email services etc?

Are you able to log on to your websites' backpanel? I will assume that you are able to atleast access your webhosting control panel and can easily delete whatever hackers have done to you and restore the site from a backup..

Please elaborate a little. I can help you restore your website to normalcy..and can strengthen its' security so as to minimize chances of sites further being hacked.

Also, it'd help if you mention your installed joomla version and a list of installed components, modules etc.
I suggest you run a thorough scan on your pc for viruses and rootkits using some good antivirus and anti-malware tool. See if your pc is not infested with trojans or worms. If it is severely infected with viruses, it may give out passwords to hackers easily. Also, I suggest you change your passwords for your important accounts immediately. Call in your hosting company to help bring your website back to normal.
(07-31-2009 03:27 AM)Aakash Wrote: [ -> ]Hi,

I have visited the site and yes it looks like hackers have gained control over it.
When you say it is hacked, do you mean a hacker has denied access to everything, like backend panel and FTP and email services etc?

Are you able to log on to your websites' backpanel? I will assume that you are able to atleast access your webhosting control panel and can easily delete whatever hackers have done to you and restore the site from a backup..

Please elaborate a little. I can help you restore your website to normalcy..and can strengthen its' security so as to minimize chances of sites further being hacked.

Also, it'd help if you mention your installed joomla version and a list of installed components, modules etc.

Hi Aakash -
Thanks for your input.
Well, I cannot get into my backend CONTROL PANEL as the password must have been changed. I can access my files using FTP - but I don't know what to look for.
I can also access my hosting website, but they say they cannot help me.
I think I updated it to JOOMLA 1.5 - but really cannot remember.
I know it makes it difficult for you but I hope we can sort it out one way or another.
Anything else you may need?

regards
C.
ok, Let's work on resetting your admin password first, once you are able to get in backend, you can then change the password to something strong...atleast 10 digits, combination of lowercase, uppercase character etc.

How to reset Joomla administrator password
Go to your hosting control panel and access the MYSQL database joomla is installed on. You should see phpMyAdmin or any other similar utility. phpMyAdmin is the most commonly installed one.

Run the following code in your phpadmin interface.

UPDATE jos_users SET password='5f4dcc3b5aa765d61d8327deb882cf99' WHERE name='Administrator';

It'll set the Administrator password to "password" without the quotes. Once you get in with the password, you can change it to something more secure.

Alternatively, If running a query is difficult.

Log into cPanel
Select MyPHPAdmin
select the database belonging to Joomla
select jos_users
select "browse" in top navigation
click on the pencil icon to edit
copy the hash code: 5f4dcc3b5aa765d61d8327deb882cf99
paste in the password field

Click go in the bottom.

Go to your Joomla Administrator logon....and try inputing "password" in password field and see if you are able to log on.

Joomla basically stores passwords in the mysql database using MD5 Hashes.. You can generate hash for any password using the tools below..

http://www.miraclesalad.com/webtools/md5.php
http://gtools.org/tool/md5-hash-generator/

Let me know if it helps.
Hi -
Thanks for the advice. I tried to run a script and I think it ran - but I'm not sure. Anyway, I still can't access the CPANEL, so I probably messed up. Maybe I should do it manually like you said. Will try to do it.
I appreciate your assistance.

Regards
C.



(07-31-2009 01:20 PM)cpsmit2002 Wrote: [ -> ]
(07-31-2009 03:27 AM)Aakash Wrote: [ -> ]Hi,

I have visited the site and yes it looks like hackers have gained control over it.
When you say it is hacked, do you mean a hacker has denied access to everything, like backend panel and FTP and email services etc?

Are you able to log on to your websites' backpanel? I will assume that you are able to atleast access your webhosting control panel and can easily delete whatever hackers have done to you and restore the site from a backup..

Please elaborate a little. I can help you restore your website to normalcy..and can strengthen its' security so as to minimize chances of sites further being hacked.

Also, it'd help if you mention your installed joomla version and a list of installed components, modules etc.

Hi Aakash -
Thanks for your input.
Well, I cannot get into my backend CONTROL PANEL as the password must have been changed. I can access my files using FTP - but I don't know what to look for.
I can also access my hosting website, but they say they cannot help me.
I think I updated it to JOOMLA 1.5 - but really cannot remember.
I know it makes it difficult for you but I hope we can sort it out one way or another.
Anything else you may need?

regards
C.
Hmm, keep us posted. All you will need access to phpmyadmin and your joomla database to reset the password.
If I send you my access codes to phpmyadmin it might be easier.
My e-mail address is consatsa@hotmail.com
tks
(08-01-2009 08:41 PM)Aakash Wrote: [ -> ]Hmm, keep us posted. All you will need access to phpmyadmin and your joomla database to reset the password.
Reference URL's