Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Daydah Concepts Limited Friend
    #875252

    Hi, We have a client that we used JA Travel for in J1.5 version way back. We recently recreated the site using the J3 version, some months ago. Fast forward to yesterday when they said for 3 days their mails kept getting discarded and getting the ‘maximum mails per hour exceeded’ error. Long story short, the hosts pulled down the site, then discovered the culprit: This is the file currently sending out spam: /home/…./public_html/templates/t3_blank/language/en-GB/object.php

    Its been settled, but not before many people had reported the site as a spammer. I am still cleaning up the mess, but I would like JA to please ensure no one else falls victim. Please can that item be removed from the download file for the template? Thank you.

    pavit Moderator
    #875272

    I am still cleaning up the mess, but I would like JA to please ensure no one else falls victim. Please can that item be removed from the download file for the template?

    Hi there

    I’m sorry but i have to tell you that into download file for t3_blank template there is no files named object.php,
    so this is not a Joomlart problem but maybe some extension was installed with infected files into it

    northis Friend
    #934176

    I have/had the same problem…

    The hackers load porn and send out spam form e-mail account called claudia_something@yourdomain.com etc.. None of those e-mail accounts exist, but they send them out successfully. JHackGuard picked up an sql injection. They load various files called file.php, object.php, dir.php, etc – all at the very end of a path all over the site. We remove them and scan site for malware and viruses – never found any after removing the suspect files. Then at around 4am they do the same thing all over again. The site was suspended by our host almost every day for over a week.

    Running JA Travel on Joomla 3.5.1 – All complimentary extensions and third party plugins are up to date.

    We have now moved to Site Ground who claim to have one of the most secure servers. We have not had another hack yet, fingers crossed.
    We tried to look at the access logs, but the hacker seem to have deleted his tracks – so we can’t tell what he uploaded in the first hack. We still can’t find the backdoor he must have implemented.

    Since this has happened to more than one person using JA Travel, I do suggest that Joomla art review this template package and scan for possible vulnerabilities. I have battled for over two weeks to stop this nonsense and still don’t know if the problem is solved. Site Ground’s environment does seem to stop the hackers from repeating the process.

Viewing 3 posts - 1 through 3 (of 3 total)

This topic contains 2 replies, has 3 voices, and was last updated by  northis 8 years ago.

We moved to new unified forum. Please post all new support queries in our New Forum