×
K5.1.1 is released (10 Jun 2018)

The Kunena team is pleased to announce Kunena 5.1.1 [K 5.1.1].
Please read the blog post for information:

× Topics must relate to a currently supported version of Kunena. If you are unsure what is the current supported version of Kunena, please go to the download page.

If you are having problems then, for your own benefit, it would save us all a lot of time if you would kindly post your configuration report when you ask for help from this forum. If you do not post your configuration report we will not ask you for it but you will probably not get your problem solved, either.

Question Hacked via com_kunena/template/cripsys/assets

More
3 months 1 day ago #1 by uzbaby
Hello. This morning I got malware problems. I got lots of cache files and my site was desactivated. In my hosting they said that trouble comes from com_kunena/template/cripsys/assets folder.

How can I find there malicious files?

Please Log in or Create an account to join the conversation.

More
3 months 14 hours ago #2 by 810
What kind of malware problems do you have? Which hosting provider do you having.

Also please add kunena report.

Please Log in or Create an account to join the conversation.

More
3 months 4 hours ago #3 by uzbaby
Thnak you.
In the attachment my malware file.
My hosting is bluehost.

Rigth now I can't make kunena report due to my site is down. Can I do it via hosting? Can you please explain how?

Please Log in or Create an account to join the conversation.

More
3 months 4 hours ago #4 by uzbaby
malware file in the attachment

File Attachment:

File Name: malware.txt
File Size:86 KB
Attachments:

Please Log in or Create an account to join the conversation.

More
3 months 4 hours ago #5 by 810
You need access to the backend.
Else download your site, and use a localhost.

blog.sucuri.net/2017/02/joomla-security-...ign-in-the-wild.html

You need to look into your files to: base64_decode, we use this codes.
$return = base64_decode($input->post->get('return', '', 'BASE64')); 
…  
$return = base64_decode($this->app->input->getBase64('return')); 

if you see any code like:
base64_decode("VHJhY3RvciBNb3VudGVkIExhbmRzY2..Z1ZWwgQ2hpcHBlcnM8YSBocmVmPSJodHRwOi8vam
F2cmlwLm5ldCIgc3R5bGU9InBvc2l0aW9uOmFic29sdXRlOyBsZWZ0Oi0xMjc1cHg7IHRvcDowIj5qYXZyaXAubmV0PC9hPg"), 
Then you are infected.

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #6 by uzbaby
I have access to backend. But which file should I check?
All files from com_kunena/template/cripsys/assets folder?
But there lots of files are just image files.
Should I search in some another files?

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #7 by uzbaby
Recently I had some robot users....I deleted then. Can they be the reason of malwares? If I only delete that users will my problem be solved?

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #8 by rich
If your system is compromised, it does not help to delete a robot user. You can rename the folder assets and Kunena install again, then the folder will created new (including all files).
But I'm not sure if your system is clean afterwards. I miss an important information. How current are your installations of your site (including all extensions)? Please add a configuration report: docs.kunena.org/en/faq/configuration-report

Further informations:
www.joomshaper.com/blog/my-joomla-site-was-hacked-what-to-do

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #9 by uzbaby
this is my configuration report

This message contains confidential information

Database collation check: The collation of your table fields are correct

Joomla! SEF: Enabled | Joomla! SEF rewrite: Enabled | FTP layer: Disabled |

This message contains confidential information
htaccess: Exists | PHP environment: Max execution time: 30 seconds | Max execution memory: 256M | Max file upload: 64M

Kunena menu details:

Warning: Spoiler! [ Click to expand ]

Joomla default template details : jm-school-tools | author: joomla-monster.com | version: 1.02 | creationdate: 12/04/2013

Kunena default template details : Crypsisb3 | author: Kunena Team | version: 5.0.14 | creationdate: 2018-03-14

Kunena template params:

Warning: Spoiler! [ Click to expand ]

Kunena version detailed: Kunena 5.0.14 | 2018-03-14 [ Stephen Hawking ]
| Kunena detailed configuration:

Warning: Spoiler! [ Click to expand ]
| Kunena integration settings:
Warning: Spoiler! [ Click to expand ]
| Joomla! detailed language files installed:
Warning: Spoiler! [ Click to expand ]

Third-party components: UddeIM 3.7

Third-party SEF components: None

Plugins: None

Modules: Kunena Latest 5.0.3

Please Log in or Create an account to join the conversation.

More
2 months 4 weeks ago #10 by uzbaby
the strange thing is that in hosting file manager --- cache folder....it becomes more than 24 MB for several hours. Cache is coming from kunena forum.And if I don't delete this immidietly it becomes more and more and my hosting shut down my domain.
What is this? What makes my forum to do this big cache? Also my forum is offline now..

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.120 seconds