Questions?
Monday - Friday
9AM to 5PM Eastern (GMT-5)
Latest Blogs
Joomla Services
Testimonials
“Jacob is a team player and continues to be an excellent resource for me to innovate the best avenues and ideas in supporting and continued maintenance of our various technical application needs. I highly recommend Jacob to anyone seeking a creative, high level internet applications professional.”
Randy Taylor
Dot2Dot Retail Group
Jacob did a great job on the technical side of migrating our web site to a new version of software and adding some functionality. He was a great help!
Henry A. Bromelkamp
President at Bromelkamp Company LLC
more testimonials on LinkedIn
Who's Checking Us?
We have 49 guests online
We are now IDL Web Inc.
We've expanded our team and rebranded our company.
Our goal is still the same, to provide outstanding customer service.
Continue to IDL Web Inc - Expert Joomla & WordPress Developers
Joomla Blog
Joomla 1.5.x Viagra Hack Information and Fix
In the past week alone we've had two clients reach us about their site being hacked.
The hack injected numerous "Buy Viagra" links into their websites right below the tag. The hack only displays for User Agent Googlebot, that means if you are using Fiirefox or Internet Explorer you will not see these links when viewing the source code, only Chrome.
Upon further investigation, comparing site and original Joomla 1.5.x source code we've located the file to be located in:
/libraries/joomla/application/application.php
If you're file is over 30KB in size, you are infected. Another way to find out if you are infected is to search Google for your website name as well the word Viagra, if you find results, you are infected.
January 2013 Update
I have seem more cases of /libraries/joomla/session/session.php being hacked as well with an include file from the tmp directory.
Your next action:
Upgrade to Joomla 2.5/3.x immediately.
Short term solution:
- Change your admin + FTP passwords
- Upgrade all 3rd party modules/plugins/components
- Upgrade to latest Joomla 1.5.x series
- Lock down FTP to your IP address
Hire an affordable Joomla expert
For your free, no obligation estimate please contact us today.
Comments
Hi, i just encountered this kind of infection. May I know how and what are the means this kind of hack occurred?
It is difficult to know the exact reason.
If your site is running Joomla 1.5 that alone could be the reason as 1.5 is no longer supported.
Also ensure all your components/modules/plugins are up to date.
Ensure your admin and server logins are in a secure format.
Joomla's website offers a Security Checklist
Nice informaiton, It will be very much useful.Keep posting. Can you shar elink realted to Joomla 1.5x viagra.I will be thankful for you.
Thanks