Hi,I have a site created in Joomla 1.5, my site has been hacked, I would like the site to be restored as was before and the Joomla updated to the latest. I can't log in from the front-end, but have all relevant passwords for ftp and cpanel. Can anyone help with this? If the cost is more please let me know.site is: www.axioshealth.comCheers Peter
Programming Language: joomla
nothing tried so far
Chat Conversation Started
Hi. You can reset your admin password XX cpanel (in phpmyadmin) by direct update of joomla MySQL table.
Do you have phpmyadmin access?
yes I have all the passwords for this
wait a little, I should start my Joomla site and generate password XXX you
you may open Joomla table
go to jos_users
locate 'admin', I'll tell you what to update a bit later
sorry Arty, but not sure what I really need to do
login to cpanel
depending on cpanel config there may be many icons
yes Im cpanel now
but MySQL admin is pretty standard
are you there?
there is a
yes im at jos_users
you can browse
then find admin
I have located username admin
wait a little, I'm generating password
Arty would it be quicker If i give you login details? if this is safe of course
this board is open
maybe if i send you an email with login info it will be quicker for you
are you here
and we are not allowed to contact directly, sorry. Almost ready
that's not difficult, wait a bit
is it working?
I will try now
you may get 'Invalid token', just refresh page then
I just tested in my test lab
how many non-standard Joomla extensions are you using there?
i min Arty
if it was not password XXXXX force guess, there might be PHP security bug exploit
where is sql query tab
Im in jos_users
I'll make a screenshot
do you see menu items like 'Browse' 'Structure' 'SQL'?
at the top
you need SQL
I have done this I'm logging in now
I get incorrect username password
let me try
it seems I should fix it manually
you can put some file to your site
with login details
then remove it
after I get it
what do you want me to do, sorry I don't understand
so it will not be visible here
create a text file
with ftp and cpanel login details
with what information
then upload it
ok where do I put the text file
then tell me what is a filename on your site
ok got it
then you will remove it
ok I will give you all information 1 minute so I can fix texst file
how did you restore backup and from what source?
how old is the backup
I wonder why the site keeps saying hacked after restored...
I'll also perform security audit and check how it has happend
the back up is new, someone else created the site
to your site, anywere where it is accessible from web
did you get my response, it seems I have 2 chat windows open
you should put it somewhere to your site by FTP
yes i got it
ok, sorry then
> I would like the site to be restored as was before and the Joomla updated to the latest
do you remember when you did the update?
and from which version to which
yes, it was last week
I also have a back-up on my computer
there are complex Joomla steppings procedures to update
so you cant update from 1.5.14 to 1.5.20
but you should follow intermediate updates...
what to make it more secure
sure it should be updated, but more secure is not to be used at all..
above is where the word file is
I will delete once you get it
Arty if it costs more to update etc. let me know
I can't negotiate price here, so I'd agreed on initial amount, but you may always add bonus after the job is done :-)
it seems your admin backend is not standard
I guess not, I didn't create the site someone else has, I just got passed the site from someone to update the look, but since transferring host I have this problem
I'm started, that may take a while. I'll let you know.
ok Ill check back later
I should also know cpanel URL
it's safe to post it here
one more question
did you update it from 1.0 to 1.5?
no I didn't update when I received the job it was already in 1.5
can't login to cpanel
could you check that login/pass is OK
but connected to FTP
are they really the same
yes should be the same Ill check
it has different URL
ok good man
I see there are no backups there
where did you get your files from?
I uploaded from my computer
I'm creating full backup now, before any changes has made
Ill check back later
I've fixed admin login
password XXX to 'password', login is 'admin'
you should reset it asap
I have check the site, problems I have noticed is the Join us doesn't work and also parable says you have to be logged in to view
sorry about the wrong information on Joomla version, will you be able to update to more secure version?
I didn't know how this worked before
so parable should be visible for all?
that's all can be done through Joomla admin page
yes that is correct, if you view it logged in you will see how it looks
I have noticed when you click on join us button the page is not visible you get an error
parable is now published
ok we are getting there
when did you add 'join us'?
and who has add it
that's incorrect URL used
it was added last week
I had this problem when I moved the site but someone on here fixed the problem
but the url should be axioshealth.com/join_us
there is nothing there
probably there should be another URL
or link to existing article
currently it is defined as an 'URL' menu item, not as an article link
should it point to 'Join The Global Strategy'?
it was there before but not sure what the url was
it just had a login for email and name
I see this item was in process of editing
it is 'checked out' by Anne
at the moment of the backup
when you did it
I think this was the link URL /option,com_letterman/task,subscribe/Itemid,1/
so, it might look like now, not fully edited
i had this problem when I transfered the site, but someone on here fixed for me
I think the link is the one above
Also the home page is wrong, if you go to the bottom of the page and click welcome, this is how the page should appear, not the stuff above it.
ok, I'll try to fix it
are you logged in?
I should unpublish unneseccary items
but I see them locked
ill check for you
Im out now
just ubpublished them
should 'prephecy' be visible for registred only?
prophecy I mean
If you click on top navigation there should be a page for each
this only happened since the hack
video should be also open?
I've fixed menu up to the 'video'
ever since the hack everything got messed up
still not sure what to do with Join us
it should be on the ftp
did you look at the old link i gave you
didn't work with com_letterman befor
and your URL is not clickable
got it, fixing :-)
gee don't know what to say
I'm logging out
you should change admin password
Ok I will
will you be able to update to a more secure version of Joomla?
the last released Joomla 1.0 is 1.0.15
you are on 1.0.13
but 1.0.15 still not secure
ok, is there anything you can do to make more secure?
the problem is not in Joomla itself, but in components, probably you have been hacked through one of them
that reqiures more investigation
I can update to 1.0.15 for now
should I change all passwords including cpanel and ftp?
because major updates from 1.0 to 1.5 are non-predictable
yes, that's preferrably to change everything
ok then, can you update to 1.0.15?
ok, I will
that may require day or do to perform 1.0 -> 1.5 migration with all bug fixing ..
Arty, the only thing I noticed is that the urls are very long and messy is this an easy fix, if not don't worry about it
I mean migration bugs
yes, that's intentionally
that's are native Joomla URLS
some links were broken because on SEF URLS
so I turned it of
ok I understand
are you finished then arty?
after updating to 1.0.15 - yes
I'll create a working backup now
that will be full backup, easily restorable
with MySQL data
ok, should I change my passwords once you have finished?
so even in case of hack, that's easy to rollback
I guess that will take 20 minutes
may be less
OK, once you have finished let me know so I can accept answer
and change passwords
I will be on and off this afternoon
so don't worry I will pay you
I will also head out soon, but you can write here, I'll see emails
after I finish and close this chat
OK thanks for your help Arty, I will be back later
let me know when I can change passwords
now you are on Joomla! 1.0.15 Stable [ Daytime ] 22 February 2008 23:00 UTC
it is much more secure, there was a major security bug in 1.0.13 that allowed to get access to content of any file on your web
you can change passwords
thank you for your help, I looked on my cpanel and my disk space is almost all used up, can I delete any files to make more space?
I can delete backup
is better if you download it
ok I will do thank you for your help
where is the back up stored?
15+ years of programming, C, C++, Java, PHP, awk, ruby, shell, ASM, Forth, Raptor, M.A.R.I.E, Excel