Solved Kunena 3.0.3 hacked: Redirects to spam site

Hi

My Joomla 3.2 was hacked causing the main site to redirect to a spam site when visiting from iPad. The redirect only happened once in a day. I removed some suspicious code from the root index.php file and that solved the problem.

However, I am still getting redirected when I click the Forum link in my menu, e.g. when I visit the main page of Kunena Forum Component (front end). The redirect only occurs on iPad and only about once in a day. I've been going through all components/com_kunena files and I didn't find any suspicious code there (quick look). So my question goes: If I am getting redirected when visiting the Kunena main page (not other parts of my Joomla site) where is it possible that the malware code is placed?



Thanks (to all the helping people and not to the **** hackers)

I had exactly the same situation. I used sitedif to compare the uncompromised to the compromised website and was able to find the unwanted code. Three times the site got hacked and three times in different locations. But just removing this code isn't enough. There is a leak somewhere that has to be fixed to.

I did that whole fixing proces twice. The first time removed the code, change passwords and some other small stuff. Until the next hack and a message from my hoster my account was suspended because they got blacklisted.

Now my whole site is rebuild with alle the latest versions (also components and plugins), all the stuff I don't need is removed (for example Tapatalk integration), have Eyesite monitoring all the changes in the website's code and have a component to make a daily backup to prevent too much loss in case of a possible new hack.

Good luck with this and I will be reading all the other answers with much interest.

Thanks. It seems like sitedif is only available for Windows. Do you know if something similar has been made for Mac?

Kunena and Jumi are my only extensions so I believe the security issue lies in Joomla or Kunena. As you say, I should fix the leak. Upgrading Joomla or Kunena is however a pain in the *** because of all the core hacks and customizations I have made. A simple update that only fixes the security issues would be appreciated - now I'm just dreaming.

I have now upgraded Kunena to the latest version and it took me only 1 hour to redo the customizations. I did that simply by changing the affected files with the old ones from my backup (I know the proper way would be only to change the affected code and not the complete files).

I hope that the malware code has disappeared during the update - I'll keep an eye on my site through iPad the next days. I also hope that the XSS vulnerability, that has been fixed in the latest version of Kunena, was the security issue that let the hackers in at my site. If that is the case I can skip upgrading my Joomla to the latest version (believing that the security issues in Joomla that has been fixed in the latest versions is not so severe) - a step that will cost me days of work.