Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.
Steps to update to JS 3.1.0.4 after already hacked?
I apologize if this is the wrong spot for this. I got the email last night saying there was the vulnerability and to update JomSocial ASAP. Today, I got the notification from my host that my site was hacked. I know I need to update JS still, but are there certain steps I need to take since my site is currently compromised?
I'm sorry for the panicked message. I am given 24 hours to fix this before I'm kicked from my host. :X
I'm running Joomla 3.2.1, JS 3.1.0.1 (says I have the latest version installed).
Here's what the host says:
Hello,
We have received a notice that your website has been defaced and/or hacked.
Please take the following corrective measures within the next 24 hours to prevent domain or VPS suspension.
1) Remove all defaced materials
2) Scan all directories within the account for hidden files that do not belong.
3) Change all passwords associated with that account
4) Update all CMS software or scripts running on that site to the latest version.
5) Provide an update to this ticket once all changes are complete.
Here is a copy of the original complaint that we received:
#############################
Dear abuse team,
please help to close these offending portals sites(1) so far.
This information has been generated out of our comprehensive real time database, tracking worldwide portals URI's
If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !
Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.
DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!
You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.
Yes I have a backup, no I don't know when the compromise happened :(
Thank you so much for updating it for me. Do you have any recommendations for removing the hacked files? Or how to find all the hacked files?
Thank you!
I had to restore my site from a backup, which brought me back to JomSocial 3.1.0.1. I tried upgrading JomSocial, but it still says 3.1.0.1. How do I upgrade JomSocial?
Thank you
Thank you! I know what I did wrong last time. I installed the updater file instead of the community file. I was able to update it without any problems when I used the correct file. oops :)