On the 00:20 of 17th December 2009 my website (not this, but another one) has been hacked:
- Admin user password was modified together with the email address. In fact the DB was changed as follows:
- the file index.php of the standard Joomla template rhuk_milkyway was changed with a code like this:
INSERT INTO `jos_users` VALUES(62, 'Administrator', 'admin',
' This e-mail address is being protected from spambots. You need JavaScript enabled to view it ', '5e8e19409f56ef31da7cb2f0fb362b52', 'Super
Administrator', 1, 1, 25, '2009-12-01 23:35:14', '2009-12-17 00:20:16',
'', '');
<? eval(base64_decode('.....')); ?>
I reverted all the modifications quickly and did some changes in order to hopefully avoid the problem for the future.
I was wondering what could be the cause since I had:
- joomla updated to the last version 1.5.15;
- no added components;
- file permissions where OK;
My host provider told me that "this is happened probably because of the ftp password sniff, and conseguently modified site. Unfortunately this is a very common method this days. The code is also used to infect the site visitors as well."
After doing some search on the web, I found this interesting post reporting exactly my problem:
Revenge of Gumblar Zombies | Unmask Parasites. Blog.
Very interesting and instructive to understand what happened and how to fix the problem!
| < Prev | Next > |
|---|
