Joomla site hacked

[Frost]

Hey all.

Well I must say I'm absolutely frustrated by this and pissed off to say the least. I have, or should I say had a Joomla site that I had set to offline. I never used that site, upgraded or otherwise as it was just set to offline and sitting there ready to go live with it. 3 months later the client decided to pay me and wanted the site up, so when I navigated to the site to turn it on, the site was not there it redirected me to some other blank bs site.

I opened a ticket about the issue and was told I had a virus in the files and to reload the files onto the server and reset my password. I have scanned my machine countless times without finding anything, the copying up of the last functionaly backup I had didn't help the problem still exists. So, I deleted all the files from my joomla site off the server and it still redirects me. I have tried accessing what should be a blank site from countless different pcs that have never used that site, never been on that site, nor had the code or ftp access on them and the redirect still happens. So I'm pretty sure the problem is now on the WHB servers but I'm not getting any solutions.

I need this fixed soooner than later. Has anyone else had this issue? I'm really freaking out.

Any info would be greatly appreciated.

thanks.

[Sergey S.]

Dear Frost, please provide us with your ticket so that we can send a request to our technicians to review the issue once again and make sure that all possible actions to fix it have been taken.

[Matt R.]

These type of incidents happen for two reasons:

1) older, insecure versions of Joomla are easily compromised by hackers or bots.

2) trojans etc on your pc that relay passwords back to a third party, allowing them to gain access

I can say with confidence there is not an underlying server wide problem here. I cannot state enough how important it is to use ssl connections, update regularly and practice good password security.

[carlobee]

oh. i just hate those hackers .

[Colin]

So, I deleted all the files from my joomla site off the server and it still redirects me.

Possible htaccess rewrite rule causing redirect?

[Twiztid]

I would suggest you make sure you always have everything up to date.... if on a VPS or dedicated server add a root kit hunter and other security software.

[JasonD]

It sounds like you left the "ADMIN" or "SETUP" page alive. Though you had the site offline, after installing, you have to remove the initial setup page. Robots look for setup pages, and will turn the site on, and direct it where they want. (Usually after they fill it with spam and virii links.

Can you be more specific about the phrase... "I navigated to the site to turn it on"...

You can not turn the site on from visiting the web-site itself. (I assume you are saying that you tried to access c-panel, and your page was redirected. But that is unclear, as you state that you tried to visit "The site", as in, your joomla page on your website.)

If the pre-fab site is not actually infected, then it is your HOST file. Your computer may have a virus/trojan/hijack, which is redirecting your browser.

In any event. The fact that the website is infected, might be a sign that you should not be attempting to sell something that you are unfamiliar with. That is not intended to sound negative, but should be taken as a chance to expand your knowledge of the program you wanted to use. "joomla".

The items in the c-panel "One-click" area, are not the best items to use. They are simply pre-fab installs, made to be easy to use. For a production site, you want to get the latest version installed, and keep an eye on updates and patches, for yourself and your clients. Only use the "one-click" installs to test if something may be what you want to use. Then, instantly uninstall it, and install the latest versions of the same programs.

(Note: You will find that most of the items in the "one-click" area, no longer exist. Due to security issues, they stopped being made and supported. Most of those items were novelty toys for experimentation. Translation, they were a hackers playground and killed by spam-bots, when support died and hackers got bored hacking dead toys that no-one used anymore. They are still a target, because of the "one-click" c-panel use. Those versions are still in c-panel, because hackers and malware bots pay c-panel to include them. For obvious reasons.)

The few items that are there, because the creators actually pay to have them there, are all the latest versions. (You still want to get the actual versions from the supported websites. That usually requires you to create a user-login for support, which is worth the additional effort. You will get a notice if that "toy" becomes unsupported in the future.)