unexplained changes to php files

[obound]

Hi,

This is regarding the domain mdaindia.org which is a Joomla based website. I found out today that the website was broken and the home page was returning partial html. On further investigation I found that several php files have been modified between 19th and 21st of this month. Since no one else has ftp access and I have not made any changes, this is definitely a result of some malicious attack.

I raised a ticket on this and I was informed that the access logs have been rotated and the backups have also been rotated. So I did not receive any help.

I am surprised that within a week you lose all capabilities of tracing the source of attack as well as restoring the website.

Can Jojo confirm that this is the case?

-
Kumar

 

[Stephen]

Joomla has some rather large security issues in the past that happe via remote includes in MODULES normally.

 

[obound]

Stephen,

I'm sure there has been some kind of exploit of Joomla's issues which has facilitated this. But I'm more concerned that Jodo is unable to restore an earlier backup at this stage.

-
Kumar

 

[Stephen]

We keep backups for disaster recovery, we have numerous days but we do not keep really old backups. We keep 3-7 days normally on file, but it sounds like you may have asked shortly after the rotation happened.

 

[Deepak-JH]

But I'm more concerned that Jodo is unable to restore an earlier backup at this stage.

You asked for a backup on or before 18th nov which was rotated before you submitted ticket.and logs were also also being rotated. You reported this issue a bit late that's why we could not provided you with the backup you requested.