Joomla 被黑了.如何预防? [英] Joomla hacked. How to prevent?

问题描述

好的，所以我的一个网站(在 joomla 上)像第 6 次一样被黑客入侵......

我不会告诉你任何故事.只有事实:

首先，我发现模板索引文件中出现了一些外来代码:

<p>每个人都知道大权...|...你的治疗伟哥<a href="xxxxx">伟哥</a></div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>

然后我在 tmp 文件夹中找到了一个名为 asd.php 的文件

内容:http://www.codr.cc/bb027a

我试图解码它并得到类似的东西:http://www.codr.cc/97c183

这是怎么发生的?黑客如何获得创建文件的权限?所有文件夹的权限为 755，文件数为 644.

Joomla 没有任何不安全的模块、组件或模板.一切都是最新的.

我还应该做些什么来防止未来的黑客攻击?

解决方案

第 6 次没有被黑客入侵.您已被数十个机器人入侵，并且您的系统被后门.您删除感染，机器人就会恢复它.

发生这种情况是因为您的软件已过期.可能是某些插件甚至 joomla 本身已经很旧了.

如何防止这种情况发生?好吧，您可以查找系统强化指南，那里有很多指南.无论如何，您需要从头开始.完全重新安装 joomla 及其所有组件，焦土风格.确保新系统上的所有内容都是最新的.

如果您仍有问题，请聘请专业人士.

Ok, so one of my websites ( on joomla) is being hacked like the 6th time...

I won't tell you any stories. Only facts:

Firstly, I found that in template index file appeared some alien code:

<div id='hideMe'> <p>Every person knows the large quan...|...ur cure Viagra <a href="xxxxx">Viagra</a> </div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>

Then I found in tmp folder a file named asd.php

with content: http://www.codr.cc/bb027a

I tried to decode that and got something like: http://www.codr.cc/97c183

How did this happen? How hacker got an access to create a file? All folders perms were 755 and files - 644.

Joomla doesn't have any unsafe modules, components or templates. Everything is up to date.

What else should I do to prevent future hacks?

解决方案

It hasn't been hacked for the 6th time. You have been hacked by dozens of bots and your system is backdoored. You remove the infection and a bot will just restore it.

This happened because your software is out of date. It likely some plugin or even joomla its self is very old.

How to prevent this? Well you can look up system hardening guides, and there are a lot of them out there. Regardless, you need to start for scratch. Completely reinstall joomla and all of its components, scorched earth style. Make sure everything is up to date on the new system.

If you are still having problems, hire a professional.

这篇关于Joomla 被黑了.如何预防?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！