Hi All, I got the following message on all my Joomla Sites HACKED BY MeTRp0L and CLeWeR and Scientist FOR OTTOMAN EMPIRE Is there any way they could get past my server stuff or do you think it is a Joomla problem. I have the Perfect Ubuntu 8.04 with ISPConfig 2.2.24
Is your Joomla up to date? My guess is that it is only Joomly that was hacked. But you should check the rest of the system. Also always use strong passwords and when login in through SSH check the fingerprint to prevent man in the middle attacks.
I had a look, it is only the joomla sites, all other sites are still fine (html & flash) How can i do this??
Strong passwords have at least 8 characters of this kind: - small letters a-z - capital letters A-Z - numbers 0-9 and even stronger with: - special characters: + = ( ) * # etc. Don't use the same password for different logins. When connection to the server the client checks the fingerprint of the server. if it is new or has changed the client will ask you if you want to accept it. Check if the fingerprint is correct. You can get the right value on your server by using Code: ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub If the fingerprint is not the same then the changes are that someone is pretending to be your server and would gain the password when you enter it.
Aditionally, you should check your system with some rootkit scanners regularily: http://www.howtoforge.com/faq/1_38_en.html
Disable allow_furl_open and allow_furl_include from your php.ini restart apache (/etc/init.d/apache2 restart) copy all images (jpg, gifs, and bmps) and configuration.php from your /images folder and delete entire joomla site Reinstall Joomla copy your old configuration.php to your root, an restore your images to your original folder... delete install folder... And good luck!
