Highest Voted 'joomla' Questions - IT Security Stack Exchange

9

votes

5 answers

How can a PHP file be added over and over to my hacked site?

I'm on a shared hosting plan (I know, I know) on GoDaddy and all the files in it have been hacked. There are multiple sites in the plan, each of them has a folder. The folders and sub-folders of each site are full of hacked files, and so are the…

asked Nov 03 '16 at 19:35

Victoria Ruiz

191
1
3

4

votes

2 answers

How to secure store sessions values in webapps?

EDIT: I changed the title of this post from "How to manage sessions in webapps?" to "How to secure store sessions values in webapps?" as it might have been misleading In the recent months I happened to encounter interesting scenarios that made me…

penetration-test sql-injection session-management joomla

asked Sep 07 '16 at 12:52

Federico

183
2
9

3

votes

3 answers

Will PHP malware from my hacked website be able to infect my computer locally if downloaded?

I have site that is hacked and flagged by Google for having malware: Some pages on this website send visitors to the following dangerous websites: freshmodel.pw. I made a backup of everything before I started, added a new clean website, and remove…

malware php wordpress joomla

asked Mar 20 '17 at 23:31

9ete

131
3

2

votes

2 answers

Log shows many hits to non existing content - hacking?

I have a website with Joomla and 404shSEF installed. The component logs all 404 requests and the log is really interesting. The site is getting requests on components and also a file called this: "7c334.php". Here an…

joomla

asked May 18 '15 at 07:45

Owl

123
2

2

votes

2 answers

Hack: anymonous URL on my Joomla Website[Resolve]

My website has been hacked again. There are many foreign URLs such as here. I've checked the database and there is nothing strange in my database. Does anyone know what kind of hack attack is like this? Then I have to execute all files with exit ();…

malware php phishing vulnerability joomla

asked Mar 11 '15 at 08:52

Evelyn Raditya

31
4

2

votes

0 answers

SQLMap Strange Dump Result

Using SQLMap in this way: sqlmap -u "xxxxx" --dbms=MySql --dbs --user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" -D xxxxx -T "#__xxxxx" --columns I am obtaining this warning: [23:39:07] [WARNING] unable to…

sql-injection databases mysql sqlmap joomla

asked Feb 15 '17 at 19:07

Hoper

255
3
10

1

vote

0 answers

Akamai or Incapsula (or other) for CDN with DDoS Protection?

One of our clients is launching a new site and I've been tasked with making a short overview of the advantages/disadvantages of Akamai, Incapsula or other CDN providers who are strong with DDoS protection. Our main concerns are CDN Caching,…

attacks denial-of-service ddos joomla

asked May 12 '14 at 12:26

Rae

203
1
7

1

vote

1 answer

Installing Joomla with nobody:nobody user/group (CentOS/cPanel)

If you are installing Joomla via cPanel's File Manager to your mywebsite.com (user mywebsite) account, you will upload the package to your server and extract the archive. All files will have the user and group according to your account…

linux access-control file-access centos joomla

asked Dec 01 '13 at 03:45

Yatko

111
2

1

vote

5 answers

Site backdoor & eval()

I'm running a Joomla 1.7 site which was hacked today. Below script did the…

attacks php exploit backdoor joomla

asked Feb 21 '13 at 09:54

Techie

123
1
5

1

vote

1 answer

my site with joomla 1.5.14 got defaced and I'd like to know how he did it and stop it

I am supposed to manage the content of a site and it got defaced. The site is hosted on a Linux server running Apache. Apache version: 2.2.13 Linux version is Debian 4.0(I think I don't really have access to anything more than a ftp account and…

known-vulnerabilities vulnerability-scanners joomla

asked Feb 03 '13 at 14:26

Para

113
1
6

1

vote

0 answers

How to know what version of extensions are used in joomla-web-site from user's point of view?

The problem is: I'm a user and I'm to find out what version of extensions(modules, plugins and components) are used on Joomla-site. In simple cases the version is already written,like here: JWallpapers - A lightweight yet powerful image gallery…

web-application web joomla

asked Jul 04 '19 at 16:08

Elvin

113
1
1
4

1

vote

0 answers

How to forbid hackers on a Joomla website?

My Joomla website was the victim of a hacker attack recently. Hackers had access to my server and added some PHP files and mostly modified some index.php files. THe code is unfortunately ununderstandable to me and obviously too long to show here (if…

php webserver system-compromise joomla

asked Mar 06 '18 at 17:29

dench

11
2

1

vote

1 answer

Why does error-based SQL injection works only with certan fields?

I'm currently investigating the latest vulnerability affecting Joomla CMS. You can find here a description of the vulnerability, however my question is merely on error-based SQL injections and is context independent. The base URL I use to access…

sql-injection mysql joomla

asked Oct 28 '15 at 16:36

WhiteWinterWolf

19,082
4
58
104

0

votes

1 answer

Joomla Linux Permissions

I installed Joomla 3 to /var/www/html directory in Cent OS 6 server. Currently /var/www/html is owned by apache:apache. What is the recommended permissions for Joomla installation on Linux in production environment. Who should own what with which…

linux hardening centos joomla

asked Oct 23 '14 at 04:55

Kasun

784
2
5
13

0

votes

2 answers

NGO Joomla! site: Infected with malware? JavaScript injection?

Please help us with this NGO site running Joomla! 1.5. They can't pay a security professional right now, so maybe you guys can help isolate the problem? If you go to http://casatrespatios.org you get redirected to some openDNS…

malware javascript joomla

asked Dec 16 '13 at 21:12

transient_loop

427
4
13

Questions tagged [joomla]