乔姆拉!2.5.4 Hacked:诊断有问题 [英] Joomla! 2.5.4 Hacked: Having trouble with diagnosis
问题描述
我的 Joomla 2.5.4 站点昨晚被破解了.此外,Joomla 论坛目前已关闭,我什至无法运行 Joomla 的诊断实用程序.(fpa-en.php)
My Joomla 2.5.4 site was cracked last night. Moreover, the Joomla forum is currently down, and I can't even run Joomla's diagnostic utility. (fpa-en.php)
我按照 Joomla 的说明进行了诊断,但没有成功.(见下文)我还通过电子邮件发送了我的网络主机(我在共享服务器上,但我使用 Joomla 推荐的主机,它是 Joomla 站点的专家).那么,我的问题是接下来我该怎么做?
I have followed Joomla's instructions for diagnosis with no success. (See below) I have also emailed my webhost (I am on a shared server, but I use a host recommended by Joomla that is a specialist in Joomla sites). So, my question is what do I do next?
这是我目前掌握的信息.
Here is the info that I have so far.
使用 Joomla 2.54(最新).所有扩展都更新到最新版本,没有一个在 Joomla 易受攻击的扩展列表中.
Using Joomla 2.54 (the latest). All extension were updated to most recent release, and none are on the Joomla vulnerable extensions list.
其他管理员的密码已更改,但幸运的是我的密码没有更改.
Passwords of other administrators were changed but not mine fortunately.
User_notes 表被删除,这使得管理部分中的用户管理器无用.
User_notes table deleted, which renders the User Manager in the admin section useless.
根据日志,攻击按此顺序命中以下文件:
According to logs the attack hit the following files in this sequence:
- /administrator/index.php
- /index.php(根)
- /plugins/authentication/joomla/joomla.php
- /plugins/user/joomla/joomla.php
然后是对 users 和 user_notes 表的更改.
and then the changes to the users and user_notes tables.
index.php 中都没有垃圾
There is no junk in either index.php
攻击ip为199.15.234.216,来自supremetelecom.com的Fort Worth服务器
Attack ip was 199.15.234.216, which is from a Fort Worth server of supremetelecom.com
幸运的是,我有备份并且没有损坏,但是直到我无法让 fpa-en.php 工作并访问 Joomla 论坛之前,我不知道除了更改所有密码并阻止ip.
Fortunately, I have backups and there was no defacement, but until I can't get fpa-en.php to work and access to the Joomla forums, I am not sure what to d0 other than change all passwords and block the ip.
在此先感谢您的帮助!
推荐答案
首先,重置所有管理员的密码,包括您的密码,然后更改密码并确保密码包含字母和数字.然后使用密码生成器更改主机控制面板的密码(如果他们提供).如果没有,请在线使用密码生成器.完成此操作后,更改数据库用户名的密码,不要忘记使用新密码更新 configuration.php.
Firstly, reset the passwords of all the administrators, including yours, then change them and ensure they include letters and numbers. Then change the password for the host control panel using the password generator if they provide one. If not, use a password generator online. Once this is done change the password for your database username and don't forget to also update the configuration.php with your new password.
其次,下载并安装管理工具 这将为您的网站增加更多的安全性.管理工具还带有一个非常有用的紧急离线按钮.
Secondly, download and install Admin Tools which will add more security to your site for the future. Admin Tools also comes with an Emergency Offline button which is useful.
然后下载并安装 Saxum IP Logger 它将跟踪所有注册用户,为您提供他们的 IP 地址、国家/地区等,您还可以使用随附的插件阻止 IP 地址.
Then download and install Saxum IP Logger which will trace all the registered users, giving you their IP address, country and so on and you can also block IP addresses using the plugin that comes with it.
接下来,转到主机控制面板并查看日志以查看哪些 IP 地址进入了您的网站以及它们访问了哪些文件.与编辑的文件对应的 IP 地址,然后您可以使用我之前提到的插件进行阻止.Joomla 2.5 很难破解,因此很可能您的扩展程序开发不良并允许 SQL 注入.因此,当您的网站与数据库相关时,您应该始终选择流行的扩展程序进行安装.
Next, go to the host control panel and look at the logs to see which IP addresses have entered your website and while files they have accessed. The IP address that coresponds to the files edited, you can then block using the plugin I mentioned before. Joomla 2.5 is very hard to hack so it is rather likely you have an extension that is badly developed and allows SQL injection. Therefore you should always choose popular extensions to install on your website when they are database related.
希望这对您将来有所帮助.问候
Hope this helps you in the future. Regards
您还可以用密码保护 FTP 中的文件夹以提高安全性.
您还可以找到 这个扩展非常有用
You may also find this extension quite useful
这篇关于乔姆拉!2.5.4 Hacked:诊断有问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
