The most interesting "hack" I have seen on a Joomla! site

[Flidiot]

So I was chatting with a client about their Joomla site this morning... Wanted to check something and was greeted with the following:

No configuration file found and no installation code available. Exiting...

Pretty strange, considering the site has been working till now and the host hadn't issued any notices about system problems etc. so everything "should" be fine.

Logged into their FTP and saw something very...not sure what the right word is...interesting? Hilarious? Outrageous?

All the PHP files seem to have been renamed from x.php to x.trolololol...

Guess it's time to reset all the passwords, again...

Luckily for me, I am not hosting it...else I think I'd be in a world of pain right now

[roguemat]

Epic

[GarethC]

Nice :P

just be thankful all the files are still there

[debonair]

Yup return everything to the way it was and get hacked again kikiki

[Flidiot]

Haha, ja... All the files were still there but I did't want to risk anything. Restored from a backup, pretty easy with Akeeba.

I just thought it was actually so funny. They were not amused (obviously), but I nearly wet myself from laughing so hard.

[GreGorGy]

Seen similar - found the eventual solid solution was changing permissions to limited write / read only on many files. And of course the folks that had it happen to them didn't have access to / know how to request server logs. I was just there to fix/undo and not diagnose...

[Flidiot]

Seen similar - found the eventual solid solution was changing permissions to limited write / read only on many files. And of course the folks that had it happen to them didn't have access to / know how to request server logs. I was just there to fix/undo and not diagnose...

Similar situation and solution this side.

The guy that organised the hosting for them pretty much just shrugged his shoulders when they asked what was up. That's why they got me to sort it out, but still nagging for logs.

I also changed some of the file permissions, configuration.php (for example) was highly secure with Read/Write/Execute permissions for Tom, Piet and his next-door-neighbour's third cousin.

[GreGorGy]

Similar situation and solution this side.

The guy that organised the hosting for them pretty much just shrugged his shoulders when they asked what was up. That's why they got me to sort it out, but still nagging for logs.

I also changed some of the file permissions, configuration.php (for example) was highly secure with Read/Write/Execute permissions for Tom, Piet and his next-door-neighbour's third cousin.

Argh! I feel your pain. Now lemme go tear some more hair out!

[Flidiot]

Argh! I feel your pain. Now lemme go tear some more hair out!

If it makes you feel any better, you aren't the only one that will be pulling hair out this morning