We have a problem with our Joomla 3.6.5 webpage. Someone inserts scripts into our files (most often in index.php) and then site visitors are redirected to some other sites. We restore the backup, but the attacks are periodically repeated. We have changed the FTP passwords but the problem is not solved. Today we were deleting some of the .bt files that shouldn't be there and that have a lot of IP addresses in them, but one of them keeps coming back after 30 seconds. We read that those .bt files are some malware that appears in WordPress, so they probably have that effect here as well. And we delete all redundant files when they occasionally appear. In some of the files, we find scripts that shouldn't exist there, so when we notice them, we restore the old correct ones in their place.Joomla! Instance :: Joomla! 3.6.5-Stable (Noether) 1-December-2016
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: N/A | SSL: 0 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: Public | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.6.5: Yes | Database Supports J! 3.6.5: No | Database Credentials Present: Yes |
Host Configuration :: OS: Linux | OS Version: 5.4.0-163-generic | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate, br | System TMP Writable: Yes | Free Disk Space : 562.77 GiB |
PHP Configuration :: Version: 5.6.40-68+ubuntu20.04.1+deb.sury.org+1 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M
Database Configuration :: Version: 8.0.36-0ubuntu0.20.04.1 (Client:mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | Database Size: 18.92 MiB | #of Tables with config prefix: 90 | #of other Tables: 0 | User Privileges : GRANT ALLPHP Extensions :: Core (5.6.40-68+ubuntu20.04.1+deb.sury.org+1) | date (5.6.40-68+ubuntu20.04.1+deb.sury.org+1) | ereg () | libxml () | openssl () | pcre () | zlib (2.0) | filter (0.11.0) | hash (1.0) | pcntl () | Reflection ($Id: 5f15287237d5f78d75b19c26915aa7bd83dee8b8 $) | SPL (0.2) | session () | standard (5.6.40-68+ubuntu20.04.1+deb.sury.org+1) | cgi-fcgi () | mysqlnd (mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $) | PDO (1.0.4dev) | xml () | calendar () | ctype () | dom (20031129) | mbstring () | fileinfo (1.0.5) | ftp () | gd () | gettext () | iconv () | intl (1.1.0) | json (1.2.1) | exif (1.4 $Id: cad29b729548e4206f0697710cc9e177f26fdff3 $) | mcrypt () | mysql (1.0) | mysqli (0.1) | pdo_mysql (1.0.2) | Phar (2.0.2) | posix () | pspell () | readline (5.6.40-68+ubuntu20.04.1+deb.sury.org+1) | shmop () | SimpleXML (0.1) | sockets () | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.12.5) | mhash () | Zend OPcache (7.0.6-devFE) | Zend Engine (2.6.0) |
Potential Missing Extensions :: curl |
Switch User Environment :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Potential Ownership Issues: NoCore Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |
Elevated Permissions (First 10) ::Database statistics :: Uptime: 2216112 | Threads: 4 | Questions: 551564417 | Slow queries: 7957 | Opens: 21222110 | Flush tables: 3 | Open tables: 512 | Queries per second avg: 248.888 |Components :: Site ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party:: WF_VISUALCHARS_TITLE (2.4.5) ? | WF_FONTCOLOR_TITLE (2.4.5) ? | WF_BROWSER_TITLE (2.4.5) ? | WF_NONBREAKING_TITLE (2.4.5) ? | WF_STYLESELECT_TITLE (2.4.5) ? | WF_SEARCHREPLACE_TITLE (2.4.5) ? | WF_AUTOSAVE_TITLE (2.4.5) ? | WF_FORMATSELECT_TITLE (2.4.5) ? | WF_CONTEXTMENU_TITLE (2.4.5) ? | WF_FULLSCREEN_TITLE (2.4.5) ? | WF_XHTMLXTRAS_TITLE (2.4.5) ? | WF_SPELLCHECKER_TITLE (2.4.5) ? | WF_TABLE_TITLE (2.4.5) ? | WF_IMGMANAGER_TITLE (2.4.5) ? | WF_LINK_TITLE (2.4.5) ? | WF_PRINT_TITLE (2.4.5) ? | WF_CLEANUP_TITLE (2.4.5) ? | WF_PREVIEW_TITLE (2.4.5) ? | WF_FONTSELECT_TITLE (2.4.5) ? | WF_TEXTCASE_TITLE (2.4.5) ? | WF_DIRECTIONALITY_TITLE (2.4.5) ? | WF_INLINEPOPUPS_TITLE (2.4.5) ? | WF_ANCHOR_TITLE (2.4.5) ? | WF_ARTICLE_TITLE (2.4.5) ? | WF_FONTSIZESELECT_TITLE (2.4.5) ? | WF_MEDIA_TITLE (2.4.5) ? | WF_VISUALBLOCKS_TITLE (2.4.5) ? | WF_STYLE_TITLE (2.4.5) ? | WF_SOURCE_TITLE (2.4.5) ? | WF_CHARMAP_TITLE (2.4.5) ? | WF_LAYER_TITLE (2.4.5) ? | WF_KITCHENSINK_TITLE (2.4.5) ? | WF_LISTS_TITLE (2.4.5) ? | WF_CLIPBOARD_TITLE (2.4.5) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.4.5) ? | WF_AGGREGATOR_VIMEO_TITLE (2.4.5) ? | WF_AGGREGATOR_VINE_TITLE (2.4.5) ? | WF_AGGREGATOR_[[youtube]]_TITLE (2.4.5) ? | WF_POPUPS_WINDOW_TITLE (2.4.5) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.4.5) ? | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.4.5) ? | WF_LINK_SEARCH_TITLE (2.4.5) ? | WF_LINKS_JOOMLALINKS_TITLE (2.4.5) ? |
Components :: Admin ::
Core :: com_menus (3.0.0) 1 | com_content (3.0.0) 1 | com_weblinks (3.0.0) 1 | com_ajax (3.2.0) 1 | com_plugins (3.0.0) 1 | com_banners (3.0.0) 1 | com_config (3.0.0) 1 | com_redirect (3.0.0) 1 | com_messages (3.0.0) 1 | com_categories (3.0.0) 1 | com_search (3.0.0) 1 | com_admin (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_modules (3.0.0) 1 | com_tags (3.1.0) 1 | com_media (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_cache (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_templates (3.0.0) 1 | com_login (3.0.0) 1 | com_users (3.0.0) 1 | com_checkin (3.0.0) 1 | com_languages (3.0.0) 1 |
3rd Party:: JCE (2.4.5) ? | com_proforms (1.5.5) 1 | COM_REDMIGRATOR (1.0.0) ? | COM_CONTENTMAP (1.3.5) 1 | COM_REDCORE (1.0.0) ? |
Modules :: Site ::
Core :: mod_search (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_stats (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_login (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_users_latest (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_articles_latest (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_weblinks (3.0.0) 1 |
3rd Party:: Hot Image Slider (3.1.1) 1 | mod_contentmap (1.3.5) 1 | MOD_SIMPLEBOX (0.1) 1 | RokAjaxSearch (2.0.3) 1 | Simple File Upload v1.3 (for Joomla (1.3) ? |
Modules :: Admin ::
Core :: mod_multilangstatus (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_title (3.0.0) 1 | mod_login (3.0.0) 1 | mod_status (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_version (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_latest (3.0.0) 1 |
3rd Party::
Libraries ::
Core ::
3rd Party:: redCORE - Libraries (1.0.0) 1 |
Plugins ::
Core :: plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 0 | plg_user_profile (3.0.0) 0 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_webinstaller (1.0.5) 1 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_captcha_recaptcha (3.4.0) 0 | plg_extension_joomla (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_log (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | Settings (1.0.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_redirect (3.0.0) 0 | plg_system_logout (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_stats (3.5.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_highlight (3.0.0) 1 | plg_finder_weblinks (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_search_weblinks (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_tags (3.0.0) 0 | plg_search_contacts (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_article (3.0.0) 1 |
3rd Party:: plg_quickicon_jcefilebrowser (2.4.5) 1 | plg_content_contentmap (1.3.5) 1 | PLG_SYSTEM_REDCORE (1.0.0) 1 | JA T3 Framework (2.7.1) 1 | plg_editors_jce (2.4.5) 1 | plg_editors_tinymce (4.4.3) 1 | plg_editors_codemirror (5.18.0) 1 |Templates :: Site :: protostar (1.0) 1 | beez3 (3.1.0) 1 | ja_t3_blank (2.5.1 |
Templates :: Admin :: hathor (3.0.0) 1 | isis (1.0) 1 |
Statistics: Posted by rasheed23 — Thu Feb 29, 2024 3:23 pm