1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How could my index.php file been completely replaced or overwritten.

Discussion in 'Apache' started by waverlymain, Feb 11, 2016.

  1. #1
    Hi, I have a general security question about the Go Daddy Apache server I am on (I think I am on). (If I posted this in the wrong section I apologize in advance.)

    This happened all of my domains (16 total) that I own and have Joomla installed to them.

    I have more than a handful of domains that have Joomla installed on them. A few hours ago they were all hack and taken down, I was able to figure out how to fix the issue myself. However my question is this, Now that I know how to bring my sites back on line and working properly, how can I stop it from happening again?


    The short of all of this is this, my index.php file was completely overwritten or just deleted and replaced with a new one. Below is a screenshot of the code that is my new index.php. Of course I called Go Daddy, no help there. The part that pissed me off the most is: in the code, the image is hosted on a domain that is hosted at Go Daddy, uuugghh
    screenshot of code.jpg
     
    waverlymain, Feb 11, 2016 IP
  2. Localnode

    Localnode Active Member

    Messages:
    33
    Likes Received:
    7
    Best Answers:
    1
    Trophy Points:
    65
    #2
    The problem was probably in Joomla.
    Were they out-dated installs? Any out-dated plugins?
    There's many factors which could have caused the hack.
    When you restore from a backup (which I hope you have) you can take a look at https://geekflare.com/joomla-security/ and https://docs.joomla.org/Security_Checklist/Joomla!_Setup for some basic hardening tips.
     
    Localnode, Feb 13, 2016 IP
  3. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #3
    99% sure that the problem is with the Joomla-install, plugins, or something else - searching for the code in Google returns this page: http://ddecode.com/phpdecoder/?results=46862176fe853f7dd0503e0db287525b which show some eval() code (first of all, eval() should be disabled on the server) - check your server, check your installs, make sure the sites are secure.
     
    PoPSiCLe, Feb 13, 2016 IP