Quickstart Site been hacked??

Forums    Joomla Templates Club    JA Zite    Quickstart Site been hacked??
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • roojai Friend
    March 15, 2013 at 8:38 am #185863

    I noticed that the quickstart files for this template contain a lot of seemingly rubbish articles.

    I discovered two unknown users on my website and then literally thousands of articles that seemed very spammy in nature.

    I thought my site was compromised so I just downloaded a brandnew install from here and the same users and articles are actually contained in the quickstart files.

    Is there any reason to believe that other files have been compromised too? This has seriously raised concerns about your products…

    roojai Friend
    March 15, 2013 at 11:11 am #486617

    And just to add – now that I have cleaned up the articles – I find there are more being published all the time – by a superuser with the alias of ‘joomla’.

    Anyone know how to stop this?

    swissa Friend
    March 15, 2013 at 12:30 pm #486635

    Try making a new super user (for you) and delete the old ones. Make sure that Joomla is running 2.5.9.

    If you still have a problem then you can see these joomla posts.

    http://forum.joomla.org/viewforum.php?f=621&sid=c7a2462becf547b2fd9a5ade96310634

    http://forum.joomla.org/viewtopic.php?f=621&t=777957

    http://forum.joomla.org/viewtopic.php?f=621&t=582854

    1 user says Thank You to swissa for this useful post

    1. roojai
    tfosnom Friend
    March 15, 2013 at 1:16 pm #486638

    <em>@roojai 364632 wrote:</em><blockquote>And just to add – now that I have cleaned up the articles – I find there are more being published all the time – by a superuser with the alias of ‘joomla’.

    Anyone know how to stop this?</blockquote>

    Some quickstarts from here, being duplicates of the online demo site can contain a lot of registered users left over from testing by ja staff who appear to get all their friends to populate forums and other areas. Why JA can’t spend a few minutes stripping all users out of the install.sql beats me.

    I also had some ja staff register as users during a problem resolution I was having , yet I never knew Alice & John from joom.com were support staff and again support had access details as a superuser yet that was changed to registered as well.
    I don’t like support creating backdoors to my site so i deleted them as I normally would. Mind you the problem never required a registered member access to test .

    Be careful 🙂

    Shannon

    roojai Friend
    March 15, 2013 at 2:06 pm #486642

    Thanks for your help.

    Disabling the original Superuser doesn’t seem to help but I seem to have stopped more articles appearing (I hesitate to use the word “new” as many seem to be back dated) by removing rights to all superusers to create articles.

    I use K2 on the site anyway and that seems unaffected.

    The big concern is that this malware is obviously part of the download of the quickstart package – so all users downloading that will be having these problems and many are probably unaware.

    I have no idea what other badness this thing has in it’s power. Maybe I better download a clean template to a clean installation and start again – a fair bit of work though as I have already made quite a few modifications. I guess I can copy across these mods quite easily. Safe than sorry…

    roojai Friend
    March 15, 2013 at 2:09 pm #486643

    Oh, just for info – another symptom is a huge number of hits on all these articles – make me think its more to do with the sample content…

    swissa Friend
    March 15, 2013 at 2:14 pm #486644

    <em>@roojai 364657 wrote:</em><blockquote>Thanks for your help.

    Disabling the original Superuser doesn’t seem to help but I seem to have stopped more articles appearing (I hesitate to use the word “new” as many seem to be back dated) by removing rights to all superusers to create articles.

    I use K2 on the site anyway and that seems unaffected.

    The big concern is that this malware is obviously part of the download of the quickstart package – so all users downloading that will be having these problems and many are probably unaware.

    I have no idea what other badness this thing has in it’s power. Maybe I better download a clean template to a clean installation and start again – a fair bit of work though as I have already made quite a few modifications. I guess I can copy across these mods quite easily. Safe than sorry…</blockquote>

    If indeed it is malware. Hence my link http://forum.joomla.org/viewtopic.php?f=621&t=777957 which is a script (from Joomla.org) to check your site so that you can be sure. Be careful copying the mods across especially if you have added any 3rd party extensions etc.

    Best of luck!

    roojai Friend
    March 17, 2013 at 10:39 am #486724

    Actually I found that the “problem” was actually the intended behaviour of one of the plugins – JA Social Feed Plugin.

    My mistake – I take it all back:-[

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)

This topic contains 8 replies, has 3 voices, and was last updated by  roojai 11 years, 2 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum

Important Notice :

New Unified Portal is live

Must Read

Jump to forum

Categories