sites hacked after XCloner restore | General Questions and Support | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Avatar
Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
The forums are currently locked and only available for read only access
sp_TopicIcon
sites hacked after XCloner restore
March 16, 2013
10:54 pm
Avatar
CatfishTPA
Member
Members
Forum Posts: 12
Member Since:
February 26, 2013
sp_UserOfflineSmall Offline

4 of my sites (they were on the same shared hosting account) have been hacked. All php files hat a line of code eval(base64_decode injected. 2 of those sites (Joomla 1.5.26) were restored using XCloner, and it seems that I forgot to remove the xcloner.php and tar.php files in one installation after the restore …

Good thing is that I still have the backup data for the 2 sites that were restored via xcloner, and for the two new sites (which I rebuilt on Joomla 2.5), I had Xcloner installed and ran a backup after they were completed. So I can re-install them from those backups.

 

Question 1: how likely is it that the infection came because I forgot to delete the two files?

Question 2: to restore, I prefer the method where I upload the tar.php, the xcloner.php and the backup file and the just execute mysite.com/xcloner.php. Can I just use the clean files from the extension download zip file? I can't use the files from the server since they are also infected. The malicious code is in those files, multiple times

Question 3: one of the Joomla 2.5 sites has a multilanguage setup (language categories, language menus etc.). Do I assume correctly that the Xcloner backup and restore will restore the languages as well?

March 17, 2013
6:43 am
Avatar
Ovidiu Liuta
Admin
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

1. not likely, but it could help if somebody found that script, i do advise to delete the script after restore and to attempt the restore from a private folder and not the site root, it might be much safer in case you forget to delete them

2. you can use the XCloner restore script from the original package

3. yes, XCloner will backup everything

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 738
Members: 10030
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Adrian Stefan
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0