70 sites hacked by iframe - Total Catastrophy - Joomla or Hostgator? BEWARE! - Help!

All my sites on both my hosting accounts are infected with an iframe.

At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago.

The host blamed Joomla so I took the appropriate steps:

Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable.

It stopped the injection for a few days but then it came back.

I would also like to add that 2 other sites on my account, one simple index.html file (http://www.enureflex.com) and an old website I have that is totally HTML with nothing to do with Joomla (http://www.novatranz.com) also got infected.

The iframe also infected a Drupal install I did as a test.

So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server?

This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla.

Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue.

I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.

Thanks

 

This 100% had nothing to do with us. If you have a single script exploitable every addon domain under that account is exploitable. If it was our server that was hacked it would have affected 100's of customers. You wouldn't be the only person affected.

 

I would have to agree with hostgator,

Hacking Joomla is like eating lunch, just so easy so they say ( read this all the time )

That has to be the most exploitable cms ever...

 

This is the biggest downfall to using Joomla - it is the most popular and most targeted CMS out there. I think hackers find Joomla sites through the source code data (comment tags, etc)

 

I disagree. PHP-Nuke is the most insecure CMS I have ever come across.

About the sites in subject getting hacked, I think it's more of a permission problem where the hackers found a way to eggdrop some scripts or hack your sites. Since I am assuming all of have similar configuration/plugins, they try used the same trick on all of them.

 

Never knew hostgator was on DP...

 

oimachi go throught every single add-on, whether component, module or mambot, and remove what you don't need.

Then go through the rest and update every single one.

That should do the trick, although it may be the case that the hacker is using an undiscovered exploit.

If in doubt pay some money to this lot who help:

http://www.joomla-security.org/

 

Chmod all your files and folders, so they arent writable, that way even if they exploit joomla, they dont change anything.

regards

 

anyone else getting this attack?

 

What version of Drupal are you using?

 

Wow... this is an interesting thread. I'll have to take measures to secure my site better.

Lhlalyam

 

yes, I was attacked. every index page in my combo script/html site has been effected. over 1200 files in various folders.

from what I'm reading, a computer could have been effected and ftp passwords taken so all sites would then get hacked, I believe from dreamweaver, frontpage or ws-ftp. so far only my largest site is effected.

I use Joomla for a section of my site and recently upgraded to the latest version.

my logs show an ftp access to a joomla module but I'm still checking for any unusual files.

luckily, it seems like I accessed the site not long after the hackers access so I shut down my domain right away.

 

yeah it definitely wasn't Hostgator.

Joomla , because it is so popular, makes it so vunerable.

If there is a security hole, people write about it on their forums.

People contribute quick fixes for modules and are often terrible code.

So people assume that because it is so easy to plug in to joomla that all of its module will be safe etc.

They aren't.

Do you use any SEF Url plugins? One of the most popular sh404 just had a huge security hole.

I have had better luck with Drupal.

What components are you using...maybe i can spot the faulty one.

 

I had a similar exploit twice. I have around 20-30 sites hosted with hostgator! The exploit were similar iframe tags beeing added in the pages. I was just searching google on how to get through this.

Is it hostgator or is it Mambo/Joomla

It can be hostgator
1. I was earlier hosting with some other company and never ever got any hacking issues or problems in past.
2. Once when I complained them ... then they said your password might have been compromised or it would be due to some security loop hole in cPanel.

It cannot be hostgator
1. It happens with those (as per the thread and my knowledge) who have joomla/mambo installed on their servers, and yes I have one installed!
2. Earlier I did not have much traffic on the Joomla Domain... and in recent i did some changes to the site so ... I guess that invited hackers to my site.

My losses
Earlier I used to rank very well for most of the keywords. I was about to get around 5000+ uniques for the first time for this domain ... and now suddenly my rankings are gone!!! -- -The explaination for whay rankings are gone ---- > When I just opne the url found in the iframe http://xx.yy.xx.yy in Internet Explore... the whole address bar is RED... so its recognized as an fraud IP address and why would google rank a site who links to an fraud ip address.

Please help me what to do?

1. If I remove joomla then I will have to reinvest around 10-12 days in writing a new code so that It can create the same URLs as earlier and I can benifit from search engines.
If suppose I happen to get the attack again ... after joomla removed then who should be responsible?
2. Also I am using wordpress and others open source CMS for some sites ... what if they are causing the problems?
3. Moving to another hosting Company?

I am really frustrated of managing something that should not be so difficult.

Please help me "HOSTGATOR"

 

It can be host gator as well, if they have not secured the php features on the server.

If it was a joomla error you should contact the people on the joomla forums, and i am sure it will be patched and improve the joomla CMS

 

I agree, Joomla is vulnerable because it's so spread around. More info here: http://forum.joomla.org/viewtopic.php?t=131298

 

And I suppose maybe need to peek at this security checklist, it should be some help :

Joomla! Security Checklist.

best regards.

 

Damn...you have that many in one place?

 

God damn hackers!

 

The most targeted? I'm not so sure if it's the most targeted.... I would think Wordpress is leading the pack these days...