One of my joomla site (Design and Hosting) got hacked again! Usually I just fixed the configuartion file knowing that it will do the job, but also knowing that the vulnerabilities are still there. So this time I’ve decided to track down the problem, found out from the log that it was hacked by someone in Turkey using a something called R57shell! How it works on the other side seems quite simple, in this case the url used was

http://vinlai.com/index.php?mosConfig_absolute_path= —-

I won’t show the last part but it’s url to a site containing the r57shell script. And that’s it, they can view and change all all the files and directory! Anyway, in my case the problem was caused by a sef components used to rewrite the urls. Have no time to fix it now, only took out the hacked files. Will do a clean install this time since the current one is quite ‘broken’, until then, the site will be done. If you also uses Joomla, here are some guides which I found useful…

• What are the top 10 stupidest Joomla! security tricks?
• RECOVERY: Help! My site’s been compromised.

A lot of them are common sense like keeping the software up to date… can’t be lazy sometimes, will just end up spending more time fixing it after the damaged has been done!

– Update 17:10 –

Site back online! Using a different component for url rewrite this time, hopefully it won’t be hacked again soon…

Tags:Internet, joomla, Websites
Categories: Internet
No Comments »