andreipopel
Friend
Hello,
I just looked at my server stats(AWStats) an here what I found: http://medicalstudent.ro/cache/mod_mainmenu/naGodO!/.onlineeast3.bankofamerica.com/cgi-bin/sitekeys-challenge.html/update.html
These 2 pages are one of my visited pages of my student, medical scientific non profit website(medicalstudent.ro)., see that url in the address bar. How this happened? I will trash my cache folder, but could someone explain me why this pages are here with my url on it and with hundreds of visits?
Thanks!
andreipopel
Friend
O, and there are more pages with bank of america in the cache folder, but what about this one?
Another personal banking service in my site. Is joomla full of spam? How on earth my plugins folder or that css files are infected with this? Cache,,,don;t know, is more vulnerable, but in the plugins folder? grrrrrrrrrrrrrrrrrrrrrrrrrrrr
mj1256
Friend
you’ve been hacked and someone is bouncing email off of your server. Its an old trick to cloak the originators of the spam and use someone elses server resources to do it. These people are usually in the middle east.
REPORT THIS TO YOUR HOSTING COMPANY IMMEDIATELY
let them deal with it, you will have to restore your site from a backup prior to the hacking.
1 user says Thank You to mj1256 for this useful post
andreipopel
Friend
Thank you! There were phishing files on my server account. Told the hosting company, deleted them…I will upgrade to joomla 1.5.9 soon , I have right now 1.5.7. How this happened? Is there a way for better protection? They told me there were wrong folder permissions, but you know well that joomla has some errors with that.
mj1256
Friend
where are you hosted, your server should have PHPsuexec installed on the server. This will set the permissions for maximum security. No file should ever have a permission of 777
andreipopel
Friend
well..you know that joomla cache needs the cache folder set to 777 ant that is my only folder hacked, after I deleted several time the cache..it seems that new spam pages appear…I wil do a fresh install..
andreipopel
Friend
Help please!
I’ve done an upgrade to 1.5.9 , removed all that shells and set the permisions to all folders at 755, my hosting company said to me it’s ok, and in 6 hours they suspended my site again, a brand new phishing folder/file appeared in the images/resized folder. What should I do? Do not have any idea, brand new install?
mj1256
Friend
did you change all of your passwords for everything that accesses your server and online accounts. The admin, the cpanel, your hosting account, etc.
I would also completely delete the site and install from a backup, prior to the phishing folders and change all passwords again.
make sure you rename you db and chnage the paswords for that
This topic contains 8 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum
