Forums

I spoke with my host and they said that in the /administrator/components/com_chronocontact/excel_writer/OLE.php is used for spamming ?? they said its somehow linked with some christian spam. Is this true ?

What does this file do ?

what permissions should the contents of the administrator/components/com_chronocontact be set at in order to work ?

sorry it was excelwriter for my other post

Hi dannyd,

Seems pretty unlikely to me. I had a quick Google around and didn't find anything that suggested a problem. Did your host quote anything firm to you, or just rumour?

The file is part of the PEAR package for dealing with file wrappers like Excel info here.

Bob

Can I change the permissions on these files to 644 or something that would keep hackers from using them or associated files ?

They said they would usually shut down a site that wasnt secure and they said that the OLE file and associated files was the cause for hackers using to spam out emails.

Hi Dan,

Which chronoforms version do you have ? V2.3.6 comes with a security fix regarding the excel writer files, please delete the whole excelwriter directory at your server and all files included then download chronoforms v2.3.6 and upload the one in there, if you can overwrite the files : admin.chronocontact.html.php and admin.chronocontact.php, other 2 files start with toolbar then you will have a CSV file export option too!

Please let me know how this will go!

Cheers

Max

Can you send me the new version with how to upgrade. The site is live i dont want to disrupt the site. Is it a simple overwrite ?

Hi Dan,

This is very simple, download V2.3.6 from the downloads area, extract it, get the excelwriter folder, now go to your joomla site root and then to administrator/components/com_chronocontact/

then upload the new excelwriter folder, this will overwrite the old one and thats all🙂

other files I talk about are at the same package and the same path!, in case any problems happened it will be in the admin area and your site visitors won't even feel it and we have the time to fix quick!

Cheers

Max

I got hacked too. Turkish website. I have no idea what to do. Please advise.

Site is here.<br><br>Post edited by: GreyHead, at: 2007/11/22 00:26

Hi kondyak,

Looks like they've found a way to FTP stuff onto your site, or possibly a script injection. You may find the answer by Googling around. Unlikely that it was a problem with ole.php as Dan mentioned a spamming breach with that.

The fix is something like this:[list]

FTP to your site

put an index.htm file in the root to set the site off line

check on which files, probably in the root, have been modified recently and replace them with good copies

back up the database

update Joomla to the latest version and check on any extension that you use

start up the site again and make sure that all is well, probably it is from this type of hack

if not you'll have to go back and work some more I'm afraid

[/list]Bob

Hi Kondyak,

Your site is still down, they seem to be changed your config file and/or the index.php, send me FTP access to your website and Joomla admin login too and I will fix that for you quick if its this only, or may be they deleted/edited some files in case you had bad permissions for public (like 777) and in this case you must follow all steps provided by Bob in the post above!

Good luck!

Max

Ok.

Thanks very much for the quick response.

I'm just the Adwords guy for the site, although I did add chronoforms, so the developer who initially set up the site is going to take a look at it. If we're still having problems next week I'll post again.

Thanks so much,

Kevin

What if the URL where I would normally go to sign in to Joomla Admin is the same as the homepage... and the ftp login page says that the website is temporarily unavailable...

Is this like the definition of a complete hack?

Hi,

Yes this is a hard one, I guess your only way now is through the website cpanel, go there and find the hack files and remove them, an expert should do this so you don't get things more complicated!

good luck!
Max