Rakesh, Sandy's reply is supposed to be implemented and checked. Goahead with it. Even dont forget to give the details for the above responses, it will be useful for further investigation and analysis.
Further, these practises and implementations will surely avoid you being a victim. Cheers, 0xN41K On Sat, Jun 12, 2010 at 11:59 PM, Sandeep Thakur <[email protected]>wrote: > More over give yourself a try to recover from this situation using these > steps if not done already: > > [ ] Did you use the forum http://forum.joomla.org/search.php search > box<http://forum.joomla.org/search.php>for a similar error? > > [ ] Run the forum post assistant and security > tool<http://forum.joomla.org/download/file.php?id=70500>Instructions available > here <http://forum.joomla.org/viewtopic.php?f=428&t=272481> > > [ ] Ensure you have the latest version of > Joomla<http://www.joomla.org/download.html>. > *Delete all files in your Joomla installation.* Replace the deleted files > with fresh copies of a current full version of Joomla, and fresh copies of > extensions and templates used.* Only by replacing all files in the > installation (including extensions and templates) can you be sure to remove > the backdoors inserted and hidden in files and directories* > > [ ] Review Vulnerable Extensions > List<http://docs.joomla.org/Vulnerable_Extensions_List> > > [ ] Review and action Security Checklist checklist > 7<http://docs.joomla.org/Security_Checklist_7>to make sure you've gone > through all of the steps. > > [ ] Change all passwords and if possible user names for the website host > control panel and your Joomla site. > > [ ] Use proper permissions on files and directories. They should *never be > 777*, but ideal is 644 and 755 > > [ ] For the malicious code > topic<http://forum.joomla.org/viewtopic.php?f=432&t=411735> > > [ ] *If you are on godaddy - read this topic > viewtopic.php?f=432&t=515398<http://forum.joomla.org/viewtopic.php?f=432&t=515398> > * > > *If you feel none of the above applies to you read *these admin > tips<http://docs.joomla.org/Top_10_Stupidest_Administrator_Tricks>and the what > went wrong <http://forum.joomla.org/viewtopic.php?f=432&t=335090> post > > > Regards > Sandeep Thakur > > On Sat, Jun 12, 2010 at 11:19 AM, Srinivas Naik <[email protected]>wrote: > >> Hi Rakesh, >> >> Check if any other Web Applications also got Corrupted/Infected as your's >> from the Provider (i.e., GoDaddy). >> >> Because it's a network mess, either by you or any other party it got >> uploaded on to the server. >> >> Please confirm the above and let us know. >> >> Regards, >> 0xN41K >> >> On Sat, Jun 12, 2010 at 8:03 PM, [email protected] < >> [email protected]> wrote: >> >>> Hello Friends, >>> >>> Good Evening, >>> >>> i have been facing a problem with a site which i uploaded >>> >>> site was hosted on godaddy and site hacked by casper virus >>> >>> when the site hacked all files were deleted and only unknown files >>> like casper.php gue(executable file) ect are found >>> >>> so after the client has restored the site >>> >>> so the site was coming fine in the morn >>> fter when i checked in the eve it was again hacked by some other virus >>> >>> sercom sitcom somthing virus >>> again when i checked the files all the files again deleted and some >>> extrafiles(unknown files) again gue, virus.txt etc files were found >>> >>> so they have changed the hosting to hostgator >>> and now i have deleted some unwanted folders and files and i added >>> some missing files from joomla >>> and now from yesterday the site is working fine without any hacking >>> so could u tel me wat may be the isssue? >>> >>> can u please provide solutions ASAP >>> >>> -- >>> You received this message because you are subscribed to the Google Groups >>> "nforceit" group. >>> To post to this group, send an email to [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]<nforceit%[email protected]> >>> . >>> For more options, visit this group at >>> http://groups.google.com/group/nforceit?hl=en-GB. >>> >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "nforceit" group. >> To post to this group, send an email to [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<nforceit%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/nforceit?hl=en-GB. >> > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
