all! I have a Joomla site (http://wired-ar.com) that I attempted an upgrade to 1.5.26 just a while ago. The upgrade went a bit awry, and I was forced to revert to a backup copy of the site using 1.5.15. Was upgrading with the intent to then upgrade to 2.x and then the latest.
I'm new to Joomla, but I believe I've reattached all the necessary components and modules. However, I'm getting 404 errors on EVERY page. Homepage, interior pages. I'm also having some problems with my editor, as only the top-portion of the editor appears and no TinyMCE. I've re-uploaded all editor files just to be safe, but no luck.
I haven't got a clue what's going on here, and I'm all out of leads. Most other problems like this involve the home page working, and nothing else. On my end, the back end works a-okay, and no visual pages are coming through. Changing different themes does not help, nor modifying any of the SEO areas, like mod_rewrite. Disabling plugins returns no results, either.
I would love some help with this, please! Any thoughts, options, or possibilities would be great.
Try to disable SEF url from backend, and figure out from the links, which articles/comp. are assigned to the menu. (maybe languages arent set correctly - you have assigned another lang article/category for ex. to an En lang menu)
As it turns out, and this may be the case with others, if you can access the back-end and nothing else, you likely have a corrupted file tree that's missing components or modules.
In my case, the really old files on this server had very wonky permissions, which made a smooth re-upload nearly impossible. The solution was to check and double check all components, adding the missing ones where needed. Took a lot of CHMOD work, too, for me.
Hope that helps someone, if you're in a similar pickle with an old Joomla site!
Related
So I set up a wordpress website on my ubuntu machine. I am getting a problem i've never had before.
When I go to my domain's homepage with either wp.ryan-41.local or my IP, it shows the default "it works" page, while i'm not suppose to get it any more.
However when I go to wp.ryan-41.local/wp-admin/ I am able to login normally.
https://gyazo.com/d4b3945396b4e11a7aa6aa0145c5b7fd
here's a screencap highlighting my issue.
Anyone who knows what's wrong here? I'm able to login and fully configure my wordpress, but when I go to the homepage of the site itself, I get this.
Have you tried moving everything back one directory, because that's just what comes to my mind when I see that.
I eventually decided to just toss it out and start over. This worked, eventually, but it was a bunch of work. I think I might've done something weird earlier in the process with my scripts, so it must've gone wrong there.
http://catbreedsinformation.com
A friend and I put that site together a few years ago, just to do some study on how to use google ranking. It was actually doing quite well. Recently, we haven't really messed with it, but I still check the analytics, and they have severely dropped.
I went to visit the site tonight, and it loads for a split second, and then redirects me to a completely different site.
Can anyone explain what is causing this? And also, explain how I can stop this?
thanks.
Looks like your website hacked.
First of all, please change all passwords. Then remove twitter fan box plugin (because script of this plugin is causing redirect)
Then you can check this resource: https://codex.wordpress.org/FAQ_My_site_was_hacked
We've discovered today that our Joomla website has been hacked by a pharmacy trojan.
It was difficult to discover because most users don't see it when visiting our website.
One user reported about 2 weeks ago that our site contains viagra/pharmacy spam.
We've looked into it, but found nothing. The conclusion was that the users computer was infected.
Yesterday another user reported this problem, so I've started to investigate again.
One hour later I've discovered that the site is indeed infected.
When I visit this webpage with my web browser all if fine:
http://www.outertech.com/en/bookmark-manager
But, if I do a google translate of this webpage I see the infection (viagra and cialis links):
http://translate.google.com/translate?sl=en&tl=de&js=n&prev=_t&hl=de&ie=UTF-8&u=http%3A%2F%2Fwww.outertech.com%2Fen%2Fbookmark-manager
The same happens if I use curl:
curl -L -A "Googlebot/2.1 (+http://www.google.com/bot.html)" http://www.outertech.com/en/bookmark-manager
As a next step I made a backup (Akeeba) of the website and transferred it to a local xampp installation for further investigation.
The local xampp installation with the website has also the same problem, so indeed the Joomla installation is infected.
a visit of
http://localhost/en/bookmark-manager
shows no problems, but a
curl -L -A "Googlebot/2.1 (+http://www.google.com/bot.html)" http://localhost/en/bookmark-manager
contains the viagra links.
I've looked for hours at the (mostly php) files, did a lot of greps etc, but I cannot find anything suspicious.
Virus Total and Google Webmaster report the site as clean.
I did an audit on myjoomla.com, but no malware was found.
I would be really grateful if someone could point me in the right direction.
Where to look inside my Joomla installation for this hack?
I've restored an older backup that was not infected to a local Xampp installation. Did a backup of the current site and installed into to another local Xampp instanced. Made a diff of all files between the two installations and found the hack in the application.php file (it was only one line). Removed the line and the hack died. I still don't know how the site got infected (all addons are the latest versions). I've changed the password as a security measure and monitoring for this hack once a week.
edit: myJoomla.com report did actually find the hack, I didn't read the report carefully enough.
We recently recovered and migrated a Joomla 1.5 site to 2.5 and the hack was found in the template files (index.php and various override files in the templates html/ directory).
The surprising thing was we also found that about 1 in 10 of the articles had been infected. i.e. when we searched the jos_content table we found the fulltext column had Javascript embedded in it. So, I would suggest also looking there.
Your best bet is to use a tool like myJoomla as it was specifically created for this sort of thing for Joomla.
I also had this problem where if I'm visiting a sub page, the home page would load instead and show a lot of Pharmacy gibberish. But this only happened when I had Firefox Firebug opened. It turned out in my template under /html there was a mysql.php file that shouldn't be there. Luckily, I created this template so I deleted the template on the server and uploaded my original version and the problem went away. Hope this helps.
I'm making a webpage in Drupal 6.26, and I blocked in a strange thing. I develop both in Localhost, and online, and the strange is that some how in online the primary links are empty (but there's element on it I can see in /admin/build/menu-customize/primary-links also in this page the menu elements appeared in the place, but in the other pages they don't), but in Localhost everything is ok, and i checked all of the settings and they are the same, the theme files are the same to,(and i didn't change anything in the other drupal files), the only difference is that the online page is set in offline (because the under maintenance), and I tried it to make it online, but the problem is still there, so I don't really have any idea.
That might be a theme problem. Make sure your local configuration has the same active theme as the installation on the public server. Try switching to a default theme that comes with Drupal.
Another cause might be one of your modules. Try disabling all but the system modules and then start re-enabling them one-by-one to see which one changes your menu.
A couple sites of mine recently got "hacked". Someone was able to add a line of JavaScript to the bottom of every page on the site.
The server is a Windows Server 2003, and has Cold Fusion 8 and MySQL 5.x installed and running.
Looking into the code on each page shows that none of the pages were modified. The JavaScript is not in the code files themselves. This leads me to believe it is an IIS problem, but I am unsure and cannot find anything that would be able to do this within IIS.
The JavaScript being added redirects a user to another page only when they come from Google, or at least it appears to work this way.
Any help on how someone was able to accomplish this as well as removing it would be greatly appreciated.
Another way to word the question thanks to #Jeffrey Hantin
How do you systematically modify output from IIS without modifying individual pages?
EDIT: A bit more testing has shown that only the .cfm pages add the extra javascript. Added a new .cfm and the js was there but a .html did not have it.
Edit2: Turns out to have been a coldfusion problem after all. Somehow the pages OnRequestEnd.cfm were created on the sites and added that js.
Looks like someone exploited some latest Adobe CF vulnerabilities.
Please see these blog posts for details and try to search symptoms on your server:
Image upload
FCKEditor bug + this post
Hope this helps.
Turns out to have been a coldfusion problem after all. The page OnRequestEnd.cfm were created on the sites and added that js.
If you only want to use IIS to modify output, the ISAPI filter is probably the best answer. If you would like to use Coldfusion, you could utilize the application.cfc to modify output during certain parts of the request cycle or wrap all of your pages in a Custom Tag to consolidate the like portions of your page templates.
I have used both. In cases where my page headers and footers are all the same, the custom tag is fast and easy to use. To make changes to all the pages, you edit one custom tag file. In cases where I have a more complicated web application I'll use the application.cfc to store and insert common components where they are needed.
They might have guessed your password. You should change it immediately.
It's possible that an ISAPI filter is used to do this. I once used one myself to perform compression before IIS supported it natively.
In your specific situation, you may want to check for ISAPI filters you don't want installed. Of course, if your server has been compromised, you will likely be better off rebuilding from a known good image rather than trying to fix it in situ.