My Joomla 2.5.4 website was hacked last night. Moreover, the Joomla forum is currently unavailable, and I canβt even run the Joomla diagnostic utility. (FPA file En.php)
I followed Joomla's instructions for diagnosis without success. (See below). I also emailed my web host (I'm on a shared server, but I use a host recommended by Joomla, which is a specialist on Joomla sites). So my question is: what should I do next?
Here is the information that I still have.
Using Joomla 2.54 (latest). All extensions have been updated to the latest version, and none of them are included in the list of vulnerable Joomla extensions.
The passwords of other administrators have been changed, but not mine, fortunately.
The User_notes table has been removed, which makes the user manager in the admin section useless.
According to the logs, the attack falls into the following files in the following sequence:
- /administrator/index.php
- /index.php(Root)
- /plugins/authentication/joomla/joomla.php
- /plugins/user/joomla/joomla.php
and then changes to the user tables and user_notes.
There is no junk file in index.php
The ip attack was 199.15.234.216, which is located on the Fort Worth server at supremetelecom.com
Fortunately, I have backups, and there was no distortion, but so far I can not get fpa-en.php to work and access to Joomla forums, I'm not sure what to do with d0, except changing all passwords and blocking f.
Thanks in advance for your help!