JoomlaPlug!

It is very strange that 2 of my domains are not letting me log in to the front end, 24 hours after restoring them from being hacked.

With both of them I get the same error:

Fatal error: Call to undefined function: stripos() in /home/content/t/i/t/tittiger1/html/mexdental/libraries/joomla/environment/uri.php on line 675

This happens when trying to log in to the front end.



I can log into the back end of both of these accounts but not the front end.


My point is that I suspect my XCloner backups have a back door into them that the hacker left....... and because there is not CRC or other method to check my backups I am left in the dark.

Hope this post creates the imputious to correct some of these short comings.


Regards,

Joe

I would advise to try and upgrade your Joomla core files to the latest version and see if you have anymore issues!

Ovidiu

Thanks Ovidiu, that was the first thing that I did after the restore. I patched both sites from 1.5.5 to 1.5.7 and then backed up both updated versions immediately.

I was also mistaken, three, not two, of my web sites seem to be involved.

I am going to restore them again today and change the passwords.

Boy am I bummed out. When I did the restore this time the home page came up as being hacked! So whoever did this hack sometime in the past put in files that I have been putting into my backups for god knows how long.

Should I go back 1 month? 2 months? and lose all that work?

And I will never know if my backups going forward are safe from now on because I won't know if I really went back to an unadulterated version of the site.


Has anyone had any luck with a file comparison utility? Is there one out for Joomla 1.5.7 yet?

TIA

Joe

When restoring, did you use the ftp mode from the Joomla.Cloner.php/XCloner.php restore screen?

Ovidiu

No I always create a new directory and database and FTP the file there with File-zilla FTP client.



I have given some thought to a CRC function for XCloner as the CRC will change when you upload anything to the media manager, add an extension, or make a configuration change perhps it would be nice if the CRC was run as a cron job and anytime that there are changes you get an email with the new CRC and a list of all the affected files. That way I would have a record to help track down what has happened.

My original method of making all site changes locally and then propagating that to my hosting provider worked well until Vista came out and I had to run Uniform server in a virtual XP machine and that just proved to be too cumbersome.

If I can find a SQL/php server that will run in Vista I may go back to doing everything locally and learn how to use the build in cloning capabilities of XCloner to clone it to my Hosting company. The only hold up I see would be that a forum would have to be propagated in the opposite direction. And I have very limited experience doing clones of only some of the tables. I also have a comment app that creates the same type of problem.