Questions?

Monday - Friday
9AM to 5PM Eastern (GMT-5)

My status

Latest Blogs

Testimonials

Randy Taylor“Jacob is a team player and continues to be an excellent resource for me to innovate the best avenues and ideas in supporting and continued maintenance of our various technical application needs.  I highly recommend Jacob to anyone seeking a creative, high level internet applications professional.”
Randy Taylor
Dot2Dot Retail Group

Henry A. BromelkampJacob did a great job on the technical side of migrating our web site to a new version of software and adding some functionality. He was a great help!
Henry A. Bromelkamp
President at Bromelkamp Company LLC

39 more testimonials more testimonials on LinkedIn

Who's Checking Us?

We have 6 guests online

FreshBooks

File Transit

Joomla Migrations

Migrate your Joomla 1.x to 2.5/3.x Save 10% on all orders by Mar. 31st

Migrate My Site

Joomla Developer

Hire a Joomla Expert with 13 years experience. Save 15% on all orders by Mar. 31st

Build My Site

Joomla Site Hacked?

Same day support available. Purchase hourly support packages that never expire.

I Need Support

Joomla Blog

Joomla 1.5.x Viagra Hack Information and Fix

Posted by Jacob Hodara
Jacob Hodara
User is currently offline
on Tuesday, 27 March 2012
in Security 4 Comments

In the past week alone we've had two clients reach us about their site being hacked.

The hack injected numerous "Buy Viagra" links into their websites right below the tag. The hack only displays for User Agent Googlebot, that means if you are using Fiirefox or Internet Explorer you will not see these links when viewing the source code, only Chrome.

Upon further investigation, comparing site and original Joomla 1.5.x source code we've located the file to be located in:

/libraries/joomla/application/application.php

If you're file is over 30KB in size, you are infected. Another way to find out if you are infected is to search Google for your website name as well the word Viagra, if you find results, you are infected.

January 2013 Update

I have seem more cases of /libraries/joomla/session/session.php being hacked as well with an include file from the tmp directory.

Your next action:

Upgrade to Joomla 2.5/3.x immediately.

Short term solution:

  • Change your admin + FTP passwords
  • Upgrade all 3rd party modules/plugins/components
  • Upgrade to latest Joomla 1.5.x series
  • Lock down FTP to your IP address

Hire an affordable Joomla expert

For your free, no obligation estimate please contact us today.

Hits: 9593
0 votes

Comments

Guest
Yogesh Bhardwaj Wednesday, 04 September 2013

Nice informaiton, It will be very much useful.Keep posting. Can you shar elink realted to Joomla 1.5x viagra.I will be thankful for you.
Thanks

Jacob Hodara
Jacob Hodara
User is currently offline
Jacob Hodara Monday, 03 March 2014

Hello, please clarify your question.

Guest
Febiby_R Monday, 28 October 2013

Hi, i just encountered this kind of infection. May I know how and what are the means this kind of hack occurred?

Jacob Hodara
Jacob Hodara
User is currently offline
Jacob Hodara Monday, 03 March 2014

It is difficult to know the exact reason.

If your site is running Joomla 1.5 that alone could be the reason as 1.5 is no longer supported.

Also ensure all your components/modules/plugins are up to date.

Ensure your admin and server logins are in a secure format.

Joomla's website offers a Security Checklist

Leave your comment

Guest
Guest Sunday, 20 April 2014