Hacked user on server

JohanSvensson

• February 18, 2014 12:09

Hi! Recently one of my clients got hacked, a basic Joomla site with weak password. I have been investigating the activity on the account and server, and found some files that have been uploaded. They have been spawning a lot of processes with cronjob on the user. The account is Jailed and php is running as the user so I don't thing they have gone any further on my server. Just this user have this type of activity. I found one interesting script on my clients account, but its quite hard to "translate" what it's actually doing. (See attached file) Someone have any ideas?

• 

  Infopro

  • February 18, 2014 17:41

  I have removed the attachment, no need for that sort of thing on these forums. If you're unsure of what to do here, you might consider contacting your Hosting Provider or hire a System Administrator.

  0
• 

  jpearl

  • February 19, 2014 19:02

  Delete the script, update joomla, delete the bad cron jobs, and see if the issue is resolved.

  0

Please sign in to leave a comment.