Site compromised, how to test and clean.

Discussion in 'Programming/Scripts' started by razor7, Mar 29, 2023.

  1. razor7

    razor7 Member

    Hi! on March 28 about 5AM (GMT -3) a Joomla site of a client of mine was compromised. Have to say that the site is hosted on an ISP without ISPConfig.

    The hacking was about a lot of .htaccess files (about 4500+ copies) that enabled the execution of some PHP files spread through the site directory skeleton. In my review I've found some PHP shells, some tinyfilemanager copies, some joomla files infected with b64 code and so on.

    I have manually removed all the infected files, restored the hacked ones and removed all the .htaccess files but I want to know if you guys recommend some service, web AV or something similar to double check everything is ok with the site.


    PS: Yes, Joomla is at the latest version and so all 3rd party addons
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Restore a backup and make sure you fix the security flaw. Removing infected files always leaves a risk of stuff left behind.
  3. Alex Mamatuik

    Alex Mamatuik Member

    Think of using ISP Protect tool.
  4. razor7

    razor7 Member

  5. Alex Mamatuik

    Alex Mamatuik Member

    Could you provide some screenshots, demonstrating the Tool/Programme in action?
  6. razor7

    razor7 Member

  7. Alex Mamatuik

    Alex Mamatuik Member

Share This Page