Ok, so I thought I knew a little about safety online. I'm not a massive fan of antivirus, but then despite being without anti virus for about 12 years now, have yet to be infected by one. However, recently, showing my website to someone, *his* antivirus popped up and stopped something coming from *my* site.
I also received an email from my hosting company :
"We have renamed the script located at
flashygraphics.co.uk\user\htdocs\language\pdf_fonts\bmail.php
to _misuse_bmail.php as it was being used to send out large numbers of what appear to be Nigerian '419' emails. Before renaming the script back you must ensure it is no longer vulnerable to exploitation, for example by adding a referrer check."
Ok, so I am getting a little worried. I decide to download the entirety of my ftp server contents to my harddisk to have a little look.
A little background :
I am still quite a novice at web development - I code a little php, a fair amount of html/css and a little javascript, but I am not a security guru. I have been using Joomla as my CMS, but now it seems someone has hacked my Joomla installation and put a dodgy email form script on there, I notice that there are extra extensions installed into Joomla that I didn't ask for (for example, an FTP extension) and I eventually found the virus, and put AVG on my home machine.
Now, the thing is... where do I even start with finding out what I did wrong. I want to learn from this experience.
I have deleted the offending files including virus, uninstalled the dodgy extensions from Joomla and have updated Joomla to its' latest version. I have changed the passwords on the ftp, db and admin tool for joomla too. My home PC, having scanned it with AVG, is clean (and considering the large amount of random stuff I download, its a wonder). I'm generally not so stupid to run executables, but some things like AVI files on windows I am wary of tbh.
The real question, as I said, is what did I do wrong? Opened up the administrator panel on a potentially compromised machine? Installed an add-on that could have been compromised? I'm not even sure that what I have now is even fixed... and I don't feel like I've even learnt anything from all this...
I also received an email from my hosting company :
"We have renamed the script located at
flashygraphics.co.uk\user\htdocs\language\pdf_fonts\bmail.php
to _misuse_bmail.php as it was being used to send out large numbers of what appear to be Nigerian '419' emails. Before renaming the script back you must ensure it is no longer vulnerable to exploitation, for example by adding a referrer check."
Ok, so I am getting a little worried. I decide to download the entirety of my ftp server contents to my harddisk to have a little look.
A little background :
I am still quite a novice at web development - I code a little php, a fair amount of html/css and a little javascript, but I am not a security guru. I have been using Joomla as my CMS, but now it seems someone has hacked my Joomla installation and put a dodgy email form script on there, I notice that there are extra extensions installed into Joomla that I didn't ask for (for example, an FTP extension) and I eventually found the virus, and put AVG on my home machine.
Now, the thing is... where do I even start with finding out what I did wrong. I want to learn from this experience.
I have deleted the offending files including virus, uninstalled the dodgy extensions from Joomla and have updated Joomla to its' latest version. I have changed the passwords on the ftp, db and admin tool for joomla too. My home PC, having scanned it with AVG, is clean (and considering the large amount of random stuff I download, its a wonder). I'm generally not so stupid to run executables, but some things like AVI files on windows I am wary of tbh.
The real question, as I said, is what did I do wrong? Opened up the administrator panel on a potentially compromised machine? Installed an add-on that could have been compromised? I'm not even sure that what I have now is even fixed... and I don't feel like I've even learnt anything from all this...
