News:

Support the VirtueMart project and become a member

Main Menu

looks Like our VM2 install got hacked

Started by robert, November 29, 2012, 22:42:28 PM

Previous topic - Next topic

robert

We are running VM2 and we are now getting some sort of injection which may be attempting to redirect to "pieiy.sellclassics.com"

I think this happened this afternoon, so we are still investigating where the code may have been inserted.

The reason I am posting about it here is - when I view the code with firebug it shows up in the <head> right near mootools and com_vertuemart/assests/js/vmsite.js

No clue where to go from here - but Ill be looking for a fix to remove the code

jenkinhill

OK so it sounds like your Joomla template has been modified.  I'm going to guess that you were using Joomla 1.5.x maybe with an old version of the JCE editor or some other component/module/template that was out of date? 

This is not likely at all to be due to VirtueMart, but the standard (and most important) advice for a hacked Joomla site is to download and run the Forum Post Assistant program before doing anything else  and post the results with a report of the symptoms on the Joomla security forum. Then take the site offline until the security people have had a chance to review the FPA results. See http://forum.joomla.org/viewtopic.php?f=432&t=475313

It is most important that this is done as only by correctly reporting such problems can a knowledgebase be built of possible problems.

Kelvyn
Lowestoft, Suffolk, UK

Retired from forum life November 2023

Please mention your VirtueMart, Joomla and PHP versions when asking a question in this forum