Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <dwightdhutto@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.006
X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'python.': 0.02; 'one?': 0.05; '21,': 0.07; 'javascript,': 0.07; 'ok.': 0.07; 'python': 0.09; 'php,': 0.09; 'received:mail-vc0-f174.google.com': 0.09; 'sep': 0.09; 'structure,': 0.09; 'utilizing': 0.09; 'yeah,': 0.09; 'cc:addr:python-list': 0.10; 'charset:iso-8859-7': 0.15; 'wrote:': 0.17; 'odd': 0.17; 'code,': 0.18; 'css,': 0.22; 'questions:': 0.22; 'cc:2**0': 0.23; 'programming': 0.23; 'seems': 0.23; 'cc:no real name:2**0': 0.24; 'cc:addr:python.org': 0.25; 'header:In- Reply-To:1': 0.25; 'question': 0.27; 'execution': 0.27; 'message- id:@mail.gmail.com': 0.27; 'there.': 0.28; 'hosting': 0.28; 'received:209.85.220.174': 0.29; 'source': 0.29; 'maybe': 0.29; 'fri,': 0.30; 'code': 0.31; 'file': 0.32; 'certain': 0.33; 'html,': 0.33; 'programming,': 0.33; 'knowledge': 0.33; 'received:google.com': 0.34; 'pm,': 0.35; 'received:209.85.220': 0.35; 'received:209.85': 0.35; 'but': 0.36; 'subject:Please': 0.36; "didn't": 0.36; 'execute': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'files': 0.38; 'sure': 0.38; 'page': 0.38; 'hello,': 0.39; 'list,': 0.39; 'header:Received:5': 0.40; 'help': 0.40; 'your': 0.60; 'high': 0.61; 'provide': 0.62; 'helping': 0.63; 'within': 0.64; 'visit': 0.64; 'dont': 0.64; 'subject:One': 0.65; 'webpage': 0.65; 'subject:. ': 0.66; 'ago.': 0.66; 'happened.': 0.84; 'joomla,': 0.84; 'mins': 0.84; 'plugins.': 0.84; 'joomla': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=8yRdozW+hvnDunR5eTLGeQO5MtCVXAFgpIQV9qC5D80=; b=R7wQ9dyuMXQ3Yjpu1q2uCv7616xEmrdjOUQIzM+0dRyCa8F98B9u6B/ZGsScvcpwBD jeOgP7zaZzbPj3lbr1SZ8gacJDl9SdoBgweNk+y06TQyjOehcpYnwRWyx7JvyNYrsoes ChkmeN+peUk5oUaLqG4nf6NxdHBTEzY6OvlC6LPPtTrZmUxvdyWpTv9ZFSz+M/DJafXA gBbF7VTfVuk9WjXMoUIrFIqI5DILHmZJrjK8s6kksXA1X5URyuWqv9nOYAOe1/9eTRiU ORSK+20IHOuDiPaRq744RLZKxj891hSbetF5LWREzhZI+JCKkIaRamCEDvgW+eGk5+p/ 9cxA==
MIME-Version: 1.0
In-Reply-To: <079f4b21-93f4-450b-9112-21b2faa19ed3@googlegroups.com>
References: <079f4b21-93f4-450b-9112-21b2faa19ed3@googlegroups.com>
Date: Sat, 22 Sep 2012 04:59:07 -0400
Subject: Re: One of my joomla webpages has been hacked. Please help.
From: Dwight Hutto <dwightdhutto@gmail.com>
To: =?ISO-8859-7?B?zd/q7/Igw+rx5eXq?= <nikos.gr33k@gmail.com>
Content-Type: text/plain; charset=ISO-8859-7
Content-Transfer-Encoding: quoted-printable
Cc: python-list@python.org
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1071.1348304349.27098.python-list@python.org>
Lines: 43
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1348304349 news.xs4all.nl 6981 [2001:888:2000:d::a6]:52577
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:29733

On Fri, Sep 21, 2012 at 2:45 PM, =CD=DF=EA=EF=F2 =C3=EA=F1=E5=E5=EA <nikos.=
gr33k@gmail.com> wrote:
> Hello,
>
> One webpage of mine, http://www.varsa.gr/ has been *hacked* 15 mins ago.
>
The others are right, this is a joomla question, unless you're
allowing execution of code by members and they utilize python.

My questions:
Only one? From my experience of joomla, you can allow your posters to
execute code within their postings by utilizing certain plugins.

It seems odd that only one page was hacked, or that they let you know,
and didn't try db access.

But it seems you're site had a hosting backup, but make sure to
subscribe to the joomla update and security list, plus change the
passwords.

> I logged into CPanel but the joomla files seem ok.

Did you have a backup of the file structure, and a zipped db backup,
then check for new security flaws/change passwords/etc?

> but when i view page code with chrome i get the source code, i dont knwo =
of which file thaty contains javascript inside.
>
> Please visit my web page varsa.gr and view the source code and maybe you =
can tell me what has happened.
>
> I would be gratefull for any help you provide me.
>
> I know this is not a python question but you guyshave high knowledge of w=
eb sites programming and i though you wouldnt mind helping me out.

Yeah, programming, but joomla is html, php, css, and javascript, but I
don't remember much python there.


Best Regards,
David Hutto
CEO: http://www.hitwebdevelopment.com