Hello Akeeba
As luck would have it I became the victim of Malware during my holidays.
I put my site into emergency mode and am just getting o top of things 2 weeks later.
This is where Siteground say the problem is:
Scanning [/home/finalbug/public_html] ... Please wait...
[GEN]PHP_backdoor_2 [18/04/16] /home/finalbug/public_html/administrator/modules/mod_version/proxy.php
-----------------------------------------
Scanned Files : 158148
Scanner Hits : 1
I have downloaded the latest full package of Joomla and compared the folders:
/public_html/administrator/modules/mod_version/
the above path in my Joomla install contains the following files:
helper.php
language (contains: en-GB which contains en-GB.mod_version.ini & en-GB.mod_version.sys.ini)
mod_version.php
mod_version.xml
tmpl
The above path on my infected installed Joomla Site contains the following files any thing with a star is different to the Joomla installation!
helper.php
***index.html***
language/***index.html*** file
language/***.listing*** file
language/en-GB/en-GB.mod_version.ini
language/en-GB/en-GB.mod_version.sys.ini
language/en-GB/***index.html*** file
language/en-GB/***.listing*** file
mod_version.php
mod_version.xml
***proxy.php***
tmpl/default.php
tmpl/***index.html***
tmpl/***.listing***
What is happening is that I currently have pushing 10,000 mails in my Mail Spam OUT folder!!!
These are the usually mails for Viagra & Co which I definitely did not send.
Here are my questions.
Any ideas where the malware is getting my email details from?
I guess that I need to change the password for my email account right?
What is the best way to proceed.
I am a verified of breaking something.
As of now I have compared the infected folder:/public_html/administrator/modules/mod_version/
(Downloaded on my computer)
and the clean Joomla install version of the same folder i.e:
/public_html/administrator/modules/mod_version/
(Downloaded from the Joomla Site)
I am guessing that the best thing to do is replace the whole /public_html/administrator/modules/mod_version/ folder?
Am I missing some thing?
Thinking wrongly?
Need to check something else?
thanks
Paul
As luck would have it I became the victim of Malware during my holidays.
I put my site into emergency mode and am just getting o top of things 2 weeks later.
This is where Siteground say the problem is:
Scanning [/home/finalbug/public_html] ... Please wait...
[GEN]PHP_backdoor_2 [18/04/16] /home/finalbug/public_html/administrator/modules/mod_version/proxy.php
-----------------------------------------
Scanned Files : 158148
Scanner Hits : 1
I have downloaded the latest full package of Joomla and compared the folders:
/public_html/administrator/modules/mod_version/
the above path in my Joomla install contains the following files:
helper.php
language (contains: en-GB which contains en-GB.mod_version.ini & en-GB.mod_version.sys.ini)
mod_version.php
mod_version.xml
tmpl
The above path on my infected installed Joomla Site contains the following files any thing with a star is different to the Joomla installation!
helper.php
***index.html***
language/***index.html*** file
language/***.listing*** file
language/en-GB/en-GB.mod_version.ini
language/en-GB/en-GB.mod_version.sys.ini
language/en-GB/***index.html*** file
language/en-GB/***.listing*** file
mod_version.php
mod_version.xml
***proxy.php***
tmpl/default.php
tmpl/***index.html***
tmpl/***.listing***
What is happening is that I currently have pushing 10,000 mails in my Mail Spam OUT folder!!!
These are the usually mails for Viagra & Co which I definitely did not send.
Here are my questions.
Any ideas where the malware is getting my email details from?
I guess that I need to change the password for my email account right?
What is the best way to proceed.
I am a verified of breaking something.
As of now I have compared the infected folder:/public_html/administrator/modules/mod_version/
(Downloaded on my computer)
and the clean Joomla install version of the same folder i.e:
/public_html/administrator/modules/mod_version/
(Downloaded from the Joomla Site)
I am guessing that the best thing to do is replace the whole /public_html/administrator/modules/mod_version/ folder?
Am I missing some thing?
Thinking wrongly?
Need to check something else?
thanks
Paul
Helping you learn beyond your finalBUG
