Joomla 1.6 With Virtuemart Infected With Malware

[tigerbeer]

Hi everyone,

I have been running a website successfully for 4 years on this setup and all of a sudden, my site has started to get infected with malware and as a result been blacklisted by Google. I did do an upgrade of joomla but upgrading it to 2.5 has been extremely difficult with lots of errors. A backup was instead administered to a time prior to the site being infected.

After about running the site for about a month, malware has again shown up to some ru domains. Warnings by google have started and i have again asked my web hosting company to administer a backup.

My site uses Virtuemart only to show products with its prices within different classes of products. I do not need to use a shopping cart and a checkout and there are no processes of payments. Can someone who is in the know recommend me an easy to use and preferably free setup using a CMS that can display Thai fonts. I used to use Joomfish to do translations within Joomla to make the site bi-lingual. Users can switch between Thai and ENglish. Should I go back to using Joomla and Virtuemart as a combination alas the latest 2.5 version. Willing to delete everything and do a complete new website.

I would really appreciate some help here.

TB.

[Sayonarax]

Are you using shared hosting or a VDS?

Why do you use such a technical engine if you have no payment gateway or shopping cart? You could easily do all this by coding your own website with a mysql db.

Did you back up your website locally before upgrading to the new code?

[tigerbeer]

Hi, I have a shared hosting. You are right, a virtuemart is not needed but its what i am used to and have been using. something a lot less technical would be great. I have used CMS such as wordpress and Joomla before but i do not have the technical knowledge to program my own sql database and although some knowledge of it is essential, i do not know a whole lot about actually building a website from scratch using it.

i did a local backup on my server using Akeeba but used my webhost's backup instead.

[dave111223]

Old versions of Joomla are always notoriously vulnerable to hacking. If you are going to use Joomla you need to be using 2.5, and you need to keep up-to-date with all patches; this is easier in 2.5 than previous versions as they now have an automatic update system (long over due).

I would not advise "Upgrading" from an older version Joomla to the new Joomla. Do a fresh install and then "Migrate" your data, install all new plugins/modules etc...don't copy any plugins or templates directly from your old site (these could be the security hole). Make sure you install only new plugins designed for 2.5, install as few plugins as possible (if you don't really need it don't install it)

Personally if I was going to start again I'd use Wordpress instead of Joomla (simpler, better updates, more secure, more pluggable), and then a plugin like WP e-Commerce. But if you are already pretty familiar with your Joomla sites then sticking with [a new version] of Joomla is fine.

[tigerbeer]

I will definitely look up wordpress and the ecommerce plugin. I use Wordpress on another site and love the way everything is automatic updating on it.

[elshaheen]

Well, the older releases of Joomla 1.5 > are being phased out. What you may want to do is upgrade to the latest version of Joomla which has more security features then reinstall or seek an alternative version of Virtuemart. Get some fresh new plug-ins, components and etc. then reinstall them. Though, this will take some time, but you will have the experience to do it again.

I had several Joomla boards and some had been hacked, but I learned different tricks to avoid those attacks. You really need to learn those tricks.

[Jayman]

Well, the older releases of Joomla 1.5 > are being phased out. What you may want to do is upgrade to the latest version of Joomla which has more security features then reinstall or seek an alternative version of Virtuemart. Get some fresh new plug-ins, components and etc. then reinstall them. Though, this will take some time, but you will have the experience to do it again.

I had several Joomla boards and some had been hacked, but I learned different tricks to avoid those attacks. You really need to learn those tricks.

How about sharing some tricks. I'm sure it will be much appreciated by all.

[Phil Conners]

Most often Joomla get hacked through 3rd party plugins, often written by people with little understanding of security.

[ITGabs]

I am not sure if it's the same but you can easily block the Russian IP range in the .htaccess, time ago I saw something similar but in wordpress the ip range change very few. Still mod_security (apache) can filter by default all those exploits.

You can check in the access log part of the exploit, check if the ftp log it's compromised too, sometimes this fixes are only one line of code so you can look in google for exploit joomla plugins the version numbers and find how they explode the code, and a way to fix it.

You can start here

http://packetstormsecurity.org/files/115309/joomlaenmasse-sql.txt

If is not that you can keep looking from here

http://joomlaexploit.com/

Edited August 26, 2012 by ITGabs

[tigerbeer]

thanks for your reply ITGabs. Would definitely go through the links that you posted and see what can be done.

[ITGabs]

I know that fix these thing could be difficult and funny at the same time, when an exploit report appears more of the 99% of the system are vulnerables, and with these small scripts you can try it and be in the other side for a while...

Most or maybe all of the MySql injection exploits have the word "union" you can look in your accesslog, url that contain "union", the problem is that the logs only record the GET submits and not POST or COOKIE values that are vulnerables too depending of the code.

Important: If they can upload code to your Joomla thats mean that they have access to your user/pass and since user pass of the data base it's usually the same to the plesk/cpanel/ftp it's better to change that default configurations and keep the user pass different and not with default passwords like yourdomain01

A good practice to store the passwords in some secure way is http://keepass.info/ a great and free tool, so you must remember only one pass.