On 23/08/2012 3:32 AM, Dr Beco wrote:
One of my sites, that has joomla (and not wordpress) also got hacked (again).
Is your Joomla along with all components/skins etc. up to date? Many of the hacked sites I look at are not up to date.
" the sysadmin told me that there was a php script entitled "jos_jpxn.php" running that was rewriting my .htaccess" (lickface)
I quite often see Joomla sites that get hacked have a few PHP shells dropped around the place that the attacker then uses to do other things (reset passwords/change htaccess files/phising sites etc.).
Also, if it is shared web hosting are your permissions all set correctly? Do you know how PHP is configured on the server? If the permissions are wrong say on the configuration file and another site on the same server gets hacked, they may be able to read your configuration file, get the database details and reset/recover the admin password.
Personally I wouldn't trust a Joomla/Wordpress/whatever install once the site has been comprimised like this - who knows what else has been changed. It may be best to reupload the site/database from a backup if you have one.