My site has been HACKED ! help !

. Help! . at 4:16pm GMT, my joomla site got hacked by a turkish group. They have not removed any database or deleted files.. but they have left a message on the main page. I tried to find where the message is hidden but cant find it !. This is bad for me. a lot of my visitors have seen the message and i have some PR to clean up after this mess as most wont trust to the site . I was making average $20 daily google revenues. today, my site has dropped to $2.13 .

Please advice. I need to act immediately as i know more of my members are trying to get on the site. The last backup i have was in october!

 

Your hoster don't have more resent backup ? Do you host your site?
Anyway There is NO PANIC....
The most possible hacked your site and your mysql is untouchable and workable.
1) Save current database mysql backup somewhere else from site (download to you pc local)
2) Try to remember all your change (templates ....e.t.c) modules installed...
3) Make your last restore backup you have and upload, re install module may be have install since last backup you have
4) Upload the backup of database you took earlier and you have your site back
5) Change ALL PASSWORDS
6)

 

What version of joomla are you using ? Try to see what your config file contains ? There must to be !

 

I notice your running a vps. If you need help let me know. I suggest installing mod_security with a decent set of rules and disabling certain php functions as a frontline defense.

 

I second that.
I see lot of hack attempts due to bad scripting found on some of the mods installed with joomla.

Better careful.

 

just re upload the frsh files and connnect it to databese and it should work

 

without fixing the security vul. its useless to open the site.If you did not touch any file,you can request a log from your hosting provider so you can see which files have been touched.You should check the files in /includes folder.

 

I agree.....

Also , Try just re uploading your index.php...most of the time hackers just swap that out...NOT always but sometimes

 

if you don't fix the security issue, you will just get hacked another time ....

 

My sites were hacked by the same people. I don't have joomla though it's 100% custom. They don't seem to be out to hurt anyone though more for the fact of doing it. They just uploaded a index.html file that's all. They didn't touch the database or anything like that.

 

This is real serious problem. and i also have this same problem from last 2 days. i change my passwords 2 time. but they replace again index file. i am going to open new thread here on security forum. so kindly post there, how to solve this issue.

 

Have a look through Zone-h's archives - actually, have a look through your webstats and look for a referral from Zone-h. That will give you the details of the hack and save you time messing about wondering how they got in.

 

Yes, but i need solution. how they can just change index file.? they only always just change index file.
do i have to change my hosting? or what

 

actually 1 file is deleted named version.php in includes folder

 

what it mean, can you kindly explain ? thanks in advance for your help

 

Do You Have The Back Up

Send Me The File named version.php in includes folder so i can have a lot ?