- Posts: 3
- Thank you received: 0
Support for SermonSpeaker 3.x is canceled as it is for Joomla 1.5. I will gladly assist you with minor issues but I will not fix any bugs anymore in this releases.
The fix is to upgrade to SermonSpeaker 4.x, which is better anyway.
The fix is to upgrade to SermonSpeaker 4.x, which is better anyway.
sermon feed got hacked
- David Perry
- Topic Author
- Offline
- New Member
Less
More
10 Nov 2011 23:06 #1172
by David Perry
sermon feed got hacked was created by David Perry
Just noticed that our sermon feed got hacked about a week ago. It stopped sending updates to iTunes, so I checked the feed in a validator and saw a bunch of spam links had been inserted towards the bottom.
I'm on Joomla 1.5, and running SermonSpeaker 3.4.3 with SermonCast 3.4.3. I can include a link to the feed validator results if that will help.
What's the correct protocol for cleaning up the feed? Looks like I'm running the most recent version for 1.5. Are these database items I need to flush (and if so where do they get injected) or is it something else?
Any help appreciated, thanks!
I'm on Joomla 1.5, and running SermonSpeaker 3.4.3 with SermonCast 3.4.3. I can include a link to the feed validator results if that will help.
What's the correct protocol for cleaning up the feed? Looks like I'm running the most recent version for 1.5. Are these database items I need to flush (and if so where do they get injected) or is it something else?
Any help appreciated, thanks!
Please Log in or Create an account to join the conversation.
- Andrei Chernyshev
- Offline
- Translator
10 Nov 2011 23:11 #1173
by Andrei Chernyshev
Replied by Andrei Chernyshev on topic Re: sermon feed got hacked
wow, they probably modified a file then. I'd scan your directories for any off the wall files and folders. When our church site got hacked about 3-4 months ago i've found 2-3 back doors and and about 3 phishing sites (i.e. bankofAmerica and so on).
Please Log in or Create an account to join the conversation.
- David Perry
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
10 Nov 2011 23:40 #1174
by David Perry
Replied by David Perry on topic Re: sermon feed got hacked
Thanks for the tip, I did just go in and looked for modified files within the general time frame. I've now removed the actual spam files, but haven't found the back door yet. As in, my feed still doesn't validate because it now just has an error where it can't find the database file where the spam list used to be.
My podcast feed has the ending /rss tag, and then is followed by a couple of br tags and then the errors. I'm not sure exactly how the feed is put together so not sure where exactly it's happening. I did check the sermoncast files against a new copy and they looked fine.
My podcast feed has the ending /rss tag, and then is followed by a couple of br tags and then the errors. I'm not sure exactly how the feed is put together so not sure where exactly it's happening. I did check the sermoncast files against a new copy and they looked fine.
Please Log in or Create an account to join the conversation.
- Andrei Chernyshev
- Offline
- Translator
10 Nov 2011 23:48 #1175
by Andrei Chernyshev
Replied by Andrei Chernyshev on topic Re: sermon feed got hacked
if I'm not mistaken feed files are here \components\com_sermonspeaker\views\feed\tmpl\
the way i found a back door is they had a file labeled something like config or configuration when i opened that file and scanned through it there was a line that said "b@ckdoor Installed successfully". but this doesn't mean that they'll they haven't learned and changed their tactics. in my line of work h@ckers and m@lware people learn quickly.
the way i found a back door is they had a file labeled something like config or configuration when i opened that file and scanned through it there was a line that said "b@ckdoor Installed successfully". but this doesn't mean that they'll they haven't learned and changed their tactics. in my line of work h@ckers and m@lware people learn quickly.
Please Log in or Create an account to join the conversation.
- David Perry
- Topic Author
- Offline
- New Member
Less
More
- Posts: 3
- Thank you received: 0
10 Nov 2011 23:49 #1176
by David Perry
Replied by David Perry on topic Re: sermon feed got hacked
Just an update, I think I got it (at least for now...). The main index.php file was compromised, even though the date on it didn't show that it had been modified. Swapped in a new index file, as well as a new .htaccess for good measure and looks like things are working again. Still need to do some testing, but at least it seems to be cooperating now.
Please Log in or Create an account to join the conversation.
- Thomas Hunziker
- Offline
- Administrator
11 Nov 2011 12:29 #1179
by Thomas Hunziker
Replied by Thomas Hunziker on topic Re: sermon feed got hacked
To make sure all SermonSpeaker files are intact, you could just install SermonSpeaker over your existing installation.
It will do nothing with your database and settings, it just copies the files over again.
It will do nothing with your database and settings, it just copies the files over again.
Please Log in or Create an account to join the conversation.
Time to create page: 0.101 seconds