Jump to content

My Joomla website was compromised, need help!


Recommended Posts

Posted (edited)

Hi everyone,

maybe 15 years ago someone in India created a website with Joomla for me which I later could expand myself by creating additional product pages. So, I did this many years myself and it worked fine.

Lately I was informed by my hosting company that my site had been compromised and since it has been disabled. I tried to deal with my webhosting company in Italy, but they point to things I would have to do in Joomla! The person who made my website has vanished, I am unable to contact him after so many years.

Is there anyone in Thailand who is familiar with Joomla? By the way, my site was created with Joomla 1,5.9.

If I find no help I would be forced to abandon the site and that would be a great loss for me as I have worked probably thousands of hours on this site.

 

Here some hints from my hosting company what should be done:

 

1.   Dear customer,
to reset the Joomla super user password, I recommend that you follow the instructions in the official guide:
https://www.joomla.it/guide-joomla-3/8430-recupero-password-amministratore.html
follow point 2: 2° Modo: Reset della Password
I also inform you that we have detected malicious code on the web space in order to reclaim the space I suggest you follow the directions below:
https://guide.hosting.aruba.it/hosting/sicurezza/joomla-bonificare-un-installazione-compromessa.aspx
Please note that the operations described above can be performed using a File manager or FTP client.
We inform you that this procedure cannot be performed by our staff.

 

2.  Dear Customer,
We invite you to create a secondary account for us to access the backend of the site with administrative functions.
The backend, in case you don't know what to provide, is the administration part of the site, not the login @aruba.it

 

Any help would be very much appreciated!

Edited by Dario
Posted (edited)

are they still people doing stuff in Joomla? this is old sh*t, try to move to WordPress

 

if you are not in IT or tech, take the loss, it could be painful to move or "restore" or "upgrade", above all if you did a lot of changes on it.

 

sad to say, but these kind of CMS needs to be regularly maintained and that can be expensive eventually if you don't understand any of the tech in it

Edited by GrandPapillon
Posted
28 minutes ago, GrandPapillon said:

are they still people doing stuff in Joomla? this is old sh*t, try to move to WordPress

 

if you are not in IT or tech, take the loss, it could be painful to move or "restore" or "upgrade", above all if you did a lot of changes on it.

 

sad to say, but these kind of CMS needs to be regularly maintained and that can be expensive eventually if you don't understand any of the tech in it

I'd rather have the site restored and then maybe move the whole to WordPress. The website background is so unique that I'd love to recuperate it. I can still access the product pages at the backend, though.

Posted
1 hour ago, Dario said:

By the way, my site was created with Joomla 1,5.9.

omfg. Houston, we have a problem!

 

https://docs.joomla.org/Joomla_1.5_version_history#Joomla.21_1.5.9

 

- version 1.5.9 was released on 10 January 2009, and the whole 1.5 branch was deprecated on Sep 2012, after version 1.5.26 which was released on 27 March 2012.

-> there will be a huge work on cleaning the website from all the malware (I'm sure there will be a lot, given such an old version) and migrating it to the fresh software. Take a look at this:   https://docs.joomla.org/Joomla_1.5_to_4.x_Step_by_Step_Migration

 

Before migrating to the current version you will need to update 1.5.9 to 1.5.26. And you should not do it in one step, I'm not sure how Joomla works internally but I suspect that so high version difference might bring unexpected problems, so you might have to update 1.5.9 to 1.5.10 and so on.

First of all - do a full, complete backup! I.e. an archive of all files and the database too. And only after that you could try to update 1.5.9 to 1.5.26, if that fails - revert the files and database from the backup and proceed with single version updates - 1.5.9 to 1.5.10, then 1.5.11, you've got it.

 

You really should look after your website and update its software, it's the same as updating your Windows -- if you don't install critical updates then hackers will come after your PC, and the very same with the software running on your website.

  • Like 1
Posted (edited)

So your 15 year old website has not had any security updates and was compromised.  Shocking.

Edited by shdmn
  • Thanks 1
Posted (edited)
39 minutes ago, fdsa said:

omfg. Houston, we have a problem!

 

https://docs.joomla.org/Joomla_1.5_version_history#Joomla.21_1.5.9

 

- version 1.5.9 was released on 10 January 2009, and the whole 1.5 branch was deprecated on Sep 2012, after version 1.5.26 which was released on 27 March 2012.

-> there will be a huge work on cleaning the website from all the malware (I'm sure there will be a lot, given such an old version) and migrating it to the fresh software. Take a look at this:   https://docs.joomla.org/Joomla_1.5_to_4.x_Step_by_Step_Migration

 

Before migrating to the current version you will need to update 1.5.9 to 1.5.26. And you should not do it in one step, I'm not sure how Joomla works internally but I suspect that so high version difference might bring unexpected problems, so you might have to update 1.5.9 to 1.5.10 and so on.

First of all - do a full, complete backup! I.e. an archive of all files and the database too. And only after that you could try to update 1.5.9 to 1.5.26, if that fails - revert the files and database from the backup and proceed with single version updates - 1.5.9 to 1.5.10, then 1.5.11, you've got it.

 

You really should look after your website and update its software, it's the same as updating your Windows -- if you don't install critical updates then hackers will come after your PC, and the very same with the software running on your website.

excellent approach, and yes old versions can be a pain to upgrade or clean-up

 

maybe not worth it at the end, better to start from scratch with a new version of Wordpress

 

Wordpress also host for free if you are small, at least they used to, maybe that changed too now

Edited by GrandPapillon
Posted

The hosting company wrote:

 

"We invite you to create a secondary account for us to access the backend of the site with administrative functions.
The backend, in case you don't know what to provide, is the administration part of the site, not the login @aruba.it"

 

If I would understand exactly what I have to do, the hosting company might be able to help. How do I create a secondary account?

I have a telephone appointment with the hosting company tomorrow Wednesday.

Posted

I assume they mean "administration" account of the Joomla website,

 

but if it's off and down, not sure how you can create a new account

 

just give them all your credentials, logins and password and let them deal with it, at that stage you have nothing to lose 

Posted (edited)

OP, good suggestions so far, but looks like you are not that familiar with the CMS you use and skipped maintenance for years.

 

* as suggested above do a complete backup of your installation, especially your own work.

 

* Shut down your web site until you have fixed it, upgraded it, or migrated it fo a new platform. The version you have is too old and will be compromised again.

 

* Sign up to sites like upwork.com,  and do a few searches for Joomla upgrades or platform migrations to see roughly how much it would cost you that work.

 

* After doing some research decide if you want to proceed with it in regards to costs. If you want to pay someone to do it you can post a job there, this all can be done remotely from anywhere. You said you spent thousands of hours providing content, I don't know how do you value your "hourly rate",  but for sure it won't take thousands of hours for someone experienced to do the remediation work.

Edited by gearbox
Posted (edited)
22 minutes ago, GrandPapillon said:

I assume they mean "administration" account of the Joomla website,

 

but if it's off and down, not sure how you can create a new account

 

just give them all your credentials, logins and password and let them deal with it, at that stage you have nothing to lose 

I can still access my backend. I just looked at the users list. OMG! There are about 3200 users registered! All hackers.

I think I have to forget about my website.

Edited by Dario
  • Haha 2
Posted

or migrate to a new version and regularly update the software.

or migrate to a new version and convert the website to static HTML pages - absolutely hackerproof (if they don't get access to your @aruba.it login)

Posted
52 minutes ago, Dario said:

The hosting company wrote:

 

"We invite you to create a secondary account for us to access the backend of the site with administrative functions.
The backend, in case you don't know what to provide, is the administration part of the site, not the login @aruba.it"

 

If I would understand exactly what I have to do, the hosting company might be able to help. How do I create a secondary account?

I have a telephone appointment with the hosting company tomorrow Wednesday.

you should not run a website if you don't understand it.

you must have someone run it for you. yes, it costs money.

  • Like 1
Posted
1 hour ago, Dario said:

I can still access my backend. I just looked at the users list. OMG! There are about 3200 users registered! All hackers.

I think I have to forget about my website.

what was the website about? :)

 

Posted

It is nearly impossible to reinstate the website based on Joomla 1.5.9. I have decided to create a new website on WordPress. If anybody can give me some free assistance, I'd be very happy.

Posted
31 minutes ago, Dario said:

It is nearly impossible to reinstate the website based on Joomla 1.5.9. I have decided to create a new website on WordPress. If anybody can give me some free assistance, I'd be very happy.

Have you tried fiverr.com? You can get a DIVI website made for next to nothing, get the guy to knock up a few sample pages and then create and add your own pages, that's easy enough - or get someone to import your whole Joomla site, its hard to understand the damage to your site.

Posted (edited)
3 hours ago, recom273 said:

Have you tried fiverr.com? You can get a DIVI website made for next to nothing, get the guy to knock up a few sample pages and then create and add your own pages, that's easy enough - or get someone to import your whole Joomla site, its hard to understand the damage to your site.

Thank you, recom273. I'm busy checking it out now. It's possible to get a WordPress site there. Don't have to go to WordPress yourself. Can you tell me: how would I pay a designer let's say in India or Pakistan?

Edited by Dario
Posted
2 hours ago, Dario said:

Thank you, recom273. I'm busy checking it out now. It's possible to get a WordPress site there. Don't have to go to WordPress yourself. Can you tell me: how would I pay a designer let's say in India or Pakistan?

You pay with PayPal via the fiverr app - I have had the bones of 2x sites done in the past and a DIVI install all were good. 
 

I have made sites myself in the past , I would offer to help you out - but for less than 1500B a guy can make you an e-commerce site or personal blog up and running within a couple of days.

 

They aren’t really creative sites, with cutting edge custom code, but they do the job. 
 

I will PM you a guy that did some things in the past for me. 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...