Security alert: Infected files in J1.5 folders

If you are a Joomla 1.5 user, you should be aware that we’re noticing an increased number of sites to which hacked files have been uploaded. We’re not going to preach “Should’ve upgraded!”, but we urge you to check your site all the same.

You should check the following folders for files that don’t belong there:

  1. /images/banners -> Look for files named .cacje_xxxx.php (where xxxx could be anything)
  2. /tmp/ -> Look for files with random names with a .php extension.
  3. components/com_content/helpers/ -> Look for files who like .jos_xxx.php where xxx could be anything.

It is possible that these files have been sitting on your server for weeks, but that doesn’t mean it has to stay that way. We urge you to remove the files as soon as possible.

2013-06-17_11-10-32

If you’re not comfortable with manually looking for these files, you can perform a free audit with http://manage.myjoomla.com. Under “Files Information”, you’ll find the “Suspect / Malicious Content in files” option. If these unwanted files were uploaded to your site, this tool will certainly find them.

Advertisements