I went through hell for two days as I cleaned up each site, then it was re-infected. Sucuri charges $89 for one site, $189 (or similar) for five. My experience was that I needed to clear all sites or I couldn't prevent being re-infected.
It was definitely worth paying them when I had a multi-site infection. db On Fri, Oct 19, 2012 at 12:30 PM, <joomla-requ...@lists.nyphp.org> wrote: > Send Joomla mailing list submissions to > joomla@lists.nyphp.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.nyphp.org/mailman/listinfo/joomla > or, via email, send a message with subject or body 'help' to > joomla-requ...@lists.nyphp.org > > You can reach the person managing the list at > joomla-ow...@lists.nyphp.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Joomla digest..." > > > Today's Topics: > > 1. having major issues with hacking and restoring (Ellen Rothwax) > 2. Re: having major issues with hacking and restoring (Unitel) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 19 Oct 2012 12:12:39 -0400 > From: Ellen Rothwax <ellen.roth...@gmail.com> > To: joomla@lists.nyphp.org > Subject: [joomla] having major issues with hacking and restoring > Message-ID: > <CALfVZ388aQO=jX+e-3V0mgb2sYkGoYm78Mm=70wqntejfaw...@mail.gmail.com> > Content-Type: text/plain; charset="windows-1252" > > Hi folks, > Not my day!!!! > I have been hacked on a couple of my Joomla sites in the past few days. > All are hosted on 1 & 1 , they are 1.5 and 2.5 sites, all the latest > versions. > The hacks are different. One was redirecting to msn.com another messed with > my htaccess file and something in the backend because oddly enough although > I can see it, the dropdown navigation in the backend doesn't work.The > navigation icons in the control panel do, but once you get to a different > page, the save and close buttons don't work. I am having the host roll back > their backups because mine are not helping. > Has anyone had this experience? > Other than using Admin tools and removing references to Joomla, any > suggestions to securing the sites better? > > On a different note, I just tried to restore a backup to a backup site on a > site that was not hacked to test it(I am paranoid now that my backups won't > help if they are corrupted). This site has Hikashop and Easyblog on it. The > restored backup (to a new database) isn't working right. It is fine until > you try to navigate to one of these extensions and I get an error: > Multiple Choices > The document name you requested (/index.php) could not be found on this > server. However, we found documents with names similar to the one you > requested. > > Available documents: > > /index.html (common basename) > > Please consider informing the owner of the referring page about the broken > link. > > > Any ideas why? > > > Please make my day better! > > Ellen > > > -- > > <http://www.ebrwebsitedesigns.com> > Ellen Rothwax > Web Design and Development > *Don?t say you can?t afford a website. . .you can?t afford not to have one. > *www.ebrwebsitedesigns.com* > *(P) 203 572-5756* > * > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/bf92e107/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Fri, 19 Oct 2012 12:30:24 -0400 > From: "Unitel" <unite...@gmail.com> > To: "'NYPHP SIG: Joomla'" <joomla@lists.nyphp.org> > Subject: Re: [joomla] having major issues with hacking and restoring > Message-ID: <18DA8933BD5742F38DD53903B0B58D81@OwnerPC> > Content-Type: text/plain; charset="us-ascii" > > In case you don't know! I linked to your site by clicking your logo and when > I clicked your menu I got the following response. > > > > > "Internal Server Error > > > The server encountered an internal error or misconfiguration and was unable > to complete your request. > > Please contact the server administrator, webad...@kundenserver.de and inform > them of the time the error occurred, and anything you might have done that > may have caused the error. > > More information about this error may be available in the server error log. > > Additionally, a 500 Internal Server Error error was encountered while trying > to use an ErrorDocument to handle the request." > > > > > > > > > > Best regards, > > > > Marcos Miranda > > --- > > > > _____ > > From: joomla-boun...@lists.nyphp.org [mailto:joomla-boun...@lists.nyphp.org] > On Behalf Of Ellen Rothwax > Sent: Friday, October 19, 2012 12:13 PM > To: joomla@lists.nyphp.org > Subject: [joomla] having major issues with hacking and restoring > > > > Hi folks, > Not my day!!!! > I have been hacked on a couple of my Joomla sites in the past few days. All > are hosted on 1 & 1 , they are 1.5 and 2.5 sites, all the latest versions. > The hacks are different. One was redirecting to msn.com another messed with > my htaccess file and something in the backend because oddly enough although > I can see it, the dropdown navigation in the backend doesn't work.The > navigation icons in the control panel do, but once you get to a different > page, the save and close buttons don't work. I am having the host roll back > their backups because mine are not helping. > Has anyone had this experience? > Other than using Admin tools and removing references to Joomla, any > suggestions to securing the sites better? > > On a different note, I just tried to restore a backup to a backup site on a > site that was not hacked to test it(I am paranoid now that my backups won't > help if they are corrupted). This site has Hikashop and Easyblog on it. The > restored backup (to a new database) isn't working right. It is fine until > you try to navigate to one of these extensions and I get an error: > Multiple Choices > The document name you requested (/index.php) could not be found on this > server. However, we found documents with names similar to the one you > requested. > > Available documents: > > /index.html (common basename) > > Please consider informing the owner of the referring page about the broken > link. > > > > Any ideas why? > > > > Please make my day better! > > Ellen > > > > -- > > <http://www.ebrwebsitedesigns.com> > Ellen Rothwax > Web Design and Development > Don't say you can't afford a website. . .you can't afford not to have one. > www.ebrwebsitedesigns.com > (P) 203 572-5756 > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/492ff80d/attachment.html> > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: image001.gif > Type: image/gif > Size: 3357 bytes > Desc: not available > URL: > <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/492ff80d/attachment.gif> > > ------------------------------ > > _______________________________________________ > Joomla mailing list > Joomla@lists.nyphp.org > http://lists.nyphp.org/mailman/listinfo/joomla > > End of Joomla Digest, Vol 70, Issue 10 > ************************************** -- Editor, DSL Prime, Fast Net News, Net Policy News and A Wireless Cloud Author with Jennie Bourne DSL (Wiley, 2002) and Web Video: Making It Great, Getting It Noticed (Peachpit, 2008) _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
