Joomla! 2.5.4砍死:诊断有麻烦 [英] Joomla! 2.5.4 Hacked: Having trouble with diagnosis
问题描述
我的Joomla 2.5.4网站昨晚被破解.而且,Joomla论坛当前已关闭,我什至无法运行Joomla的诊断实用程序. (fpa-en.php)
My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
我没有按照Joomla的指示进行诊断. (请参阅下文)我也通过电子邮件发送了我的虚拟主机(我在共享服务器上,但是我使用的是Joomla推荐的主机,该主机是Joomla网站的专家).所以,我的问题是下一步该怎么做?
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
这是我到目前为止的信息.
Here is the info that I have so far.
使用Joomla 2.54(最新版本).所有扩展程序都已更新到最新版本,而且Joomla易受攻击的扩展程序列表中都没有.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
其他管理员的密码已更改,但幸运的是没有.
Passwords of other administrators were changed but not mine fortunately.
User_notes表已删除,这使得admin部分中的User Manager无法使用.
User_notes table deleted, which renders the User Manager in the admin section useless.
根据日志记录,攻击按此顺序命中了以下文件:
According to logs the attack hit the following files in this sequence:
- /administrator/index.php
- /index.php(根)
- /plugins/authentication/joomla/joomla.php
- /plugins/user/joomla/joomla.php
,然后对users和user_notes表进行更改.
and then the changes to the users and user_notes tables.
两个index.php中都没有垃圾
There is no junk in either index.php
Attack ip是199.15.234.216,它来自supremetelecom.com的Fort Worth服务器
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
幸运的是,我有备份并且没有损坏,但是直到我无法使fpa-en.php能够工作并访问Joomla论坛为止,我不确定除更改所有密码并阻止D0之外,如何对d0进行操作. ip.
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
在此先感谢您的帮助!
推荐答案
首先,重置包括您在内的所有管理员的密码,然后更改它们并确保它们包含字母和数字.如果提供了密码,则使用密码生成器更改主机控制面板的密码.如果没有,请在线使用密码生成器.完成此操作后,请更改数据库用户名的密码,并且不要忘记用新密码来更新configuration.php.
Firstly, reset the passwords of all the administrators, including yours, then change them and ensure they include letters and numbers. Then change the password for the host control panel using the password generator if they provide one. If not, use a password generator online. Once this is done change the password for your database username and don't forget to also update the configuration.php with your new password.
其次,下载并安装管理工具,这将为您的网站将来增加更多的安全性.管理工具还带有一个紧急脱机"按钮,该按钮很有用.
Secondly, download and install Admin Tools which will add more security to your site for the future. Admin Tools also comes with an Emergency Offline button which is useful.
然后下载并安装 Saxum IP Logger ,它将进行跟踪所有注册用户,并提供您的IP地址,国家/地区等信息,您也可以使用其随附的插件来阻止IP地址.
Then download and install Saxum IP Logger which will trace all the registered users, giving you their IP address, country and so on and you can also block IP addresses using the plugin that comes with it.
接下来,转到主机控制面板并查看日志,以查看哪些IP地址已进入您的网站以及访问这些IP地址的文件.对应于已编辑文件的IP地址,然后您可以使用我之前提到的插件进行阻止. Joomla 2.5很难被破解,因此您的扩展很可能开发得不好并且允许SQL注入.因此,当与数据库相关时,您应该始终选择流行的扩展来安装在您的网站上.
Next, go to the host control panel and look at the logs to see which IP addresses have entered your website and while files they have accessed. The IP address that coresponds to the files edited, you can then block using the plugin I mentioned before. Joomla 2.5 is very hard to hack so it is rather likely you have an extension that is badly developed and allows SQL injection. Therefore you should always choose popular extensions to install on your website when they are database related.
希望这对以后有帮助.问候
Hope this helps you in the future. Regards
您还可以密码保护FTP中的文件夹,以提高安全性.
您可能还会发现此扩展程序非常有用
You may also find this extension quite useful
这篇关于Joomla! 2.5.4砍死:诊断有麻烦的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
