Hi LHacky
After a lot of time its me again. I have a problem: My website was hacked. My provider (domainbox.de) told me, that jinc-component was attacked.
Is there a possibility, to prohibit it?

Greetings from Cologne
Herby

Hi Herby,

probably you had the problem described in this post

http://lhacky.altervista.org/jextensions/index.php/kunena/6-jinc-security-issues/1172-everyone-can-upload-files

so you have two alternatives ... follow the instruction you will find there, or update to the last JINC version that is no more affected by the problem (to say the truth the problem affected and external component included in JINC :( )

Let me know if you need more detailed info ... I'm sorry for your problem.

Best Regards,

Lhacky.

Hello,
also my site was hacked some day ago and, after downloaded and checked the entire site, I noticed that the compromised zone was /administrator/components/com_jinc/classes/graphics/tmp-upload-images where I've found several files that were inserted by the hacker (provoking a UDP flood of over 300 Mbps from my site). My provider told me that I cannot work on the live site if, before, I didn't solved my security issues. My question is: after to have deleted the content of the infected folder, can I override the old jinc component with the new version via ftp?

This site is very important for me. It is related to an non-profit association that assists terminally ill

Thanks in advance.
Marcello

Hi Lhacky
Yesterday I updated Jinc, but my provider closed my account again, because the jinc-component was hacked and more then 20.000 spams were sended using my account. May be there where still older injected files in my sytem - I don't know.
So I think it would be better
- to uninstall Jinc-component,
- to delete Jinc-folders
- to install the latest Jinc-Version again
Do You think, this ist the best way to solve my problems?

If you think so:
what can I do, to save the subscribers?

Because I saw no exportbutton in Jinc, I exportet the subscribers-table from my database, but this file contains no subscriber-names but only emaliadresses. In which table I find the names? I would like, to export this table also, for generating an request with Microsoft access.

Best regards
Herby

Hi Herby,

it sounds a bit strange that after hacking you site the attacker sent newsletter using JINC ... the security problem solved with the last fix allowed just to upload files in Joomla! folder, not to access Administration and use components. Are you sure your admin account is safe? Did you change your password?

Anyway the procedure to save your mail addresses could be different depending on JINC and Joomla! release ... can you remember me your versions?

Best Regards,

Lhacky.

Hi Marcello,

after cleaning the file system you can apply the solution you will find here

http://lhacky.altervista.org/jextensions/index.php/kunena/6-jinc-security-issues/1172-everyone-can-upload-files

and then you can update to the last JINC version.

Best Regards,

Lhacky.