> On Tue, Sep 4, 2012 at 5:49 PM, Scott Wolpow <sc...@wolpow.com
> <mailto:sc...@wolpow.com>> wrote:
>
> Each time I have found that hack it was on a shared hosting platform.
> Though Blue Host and their sister companies have stepped up
> security on this.
Yes, but shared hosting is a necessary evil.
> SW
> On 9/4/2012 5:18 PM, David Roth wrote:
>> Hi Mark.
>>
>> I'm so sorry to hear about someone doing this to your website.
>>
Damage was small. I've known the owner for years. I was the one that discovered the problem, and I'm fixing it n/c. I've viewed this as a bit of a puzzle. This last part has me stumped. I don't want to leave it like this, though.
I'm wondering if one of the extensions I added was compromised in some way. My access logs don't go back far enough to see when this all started. The furthest back they go is to the beginning of July, and there are POST requests to those funky php files in the tmp directory at the beginning of the logs. Those files are from April. The .htaccess hack started July 7.
>> I think you have done a noble job of damage control on this. You
>> mentioned it was on Joomla 1.5. If possible, I would create a new
>> installation of Joomla with 2.5 and do a migration
>> if feasible.
Nope. Client aint paying for it. I did a manual update to the latest 1.5 version
The concern to go to Joomla 2.5 is because of
>> security. I don't know how your website was hacked, but there
>> have been security updates since 1.5.
I have a backup of this one, but I am not certain that the latest changes are in it. I was hoping to discover the exact vulnerability by rooting around in it. Next time I have to remember to download the ftp log before anything else. That log got stepped on when I downloaded the whole site.
>>
>> You mentioned the .htaccess, the problem could be a re-write
>> issue.
It was. I cleaned all those up. Now I only have the redirect when I don't append index.php to site.com/administrator. I thought it might be in the router.php. Didn't see the problem there. Perhaps in one of the includes. Problem is, they encode these redirect urls, and I haven't figured out what to grep for.
Also, check to see if the SEO stuff is on or off. I don't
>> recall how 1.5 did this or if you needed an extension to do it.
It's built in, and it is on. It is staying on.
Note: in the time this was affected, Google de-indexed the site. I've used Webmaster tools and resubmitted the site map.
_______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla
NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
