threat

  • Botnet

    The term botnet refers to a group of computers (sometimes called zombies) that have been infected with malware to perform tasks for whomever distributed said threat. This individual, or organization, controls the botnet by sending instructions to the zombies from one or more Command & Control (C&C) servers. This is one of most used techniques to carry out brute force attacks against servers - or group of servers.

  • Clean Hacked Website Files

    By comparing infected files with known good files (from official sources or reliably clean backups) you can identify and remove malicious changes.

    Caution

    It is important that you compare the same version of your Joomla! core files and extensions. Core files on the 2.x branch are not the same as the 3.x branch and so on.

    Never perform any actions without a backup. If you’re unsure, please seek assistance from a professional.

    To manually remove a malware infection from your Joomla! files:

    1. Log into your server via SFTP or SSH.

    2. Create a backup of the site files before making changes.

    3. Search your files for reference to malicious domains or payloads you noted.

    4. Identify recently changed files and confirm whether they are legitimate.

    5. Review files flagged by the diff command during the core file integrity check.

    6. Restore or compare suspicious files with clean backups or official sources.

    7. Remove any suspicious or unfamiliar code from your custom files.

    8. Test to verify the site is still operational after changes.

    If you can't find the malicious content, try searching the web for malicious content, payloads, and domain names that you found in the first step. Chances are that someone else has already figured out how those domain names are involved in the hack you are attempting to clean.

    Diff tools to compare suspicious files with known-good copies:

  • Cleaned your site? Fix Malware warnings too

    You have done a great job by cleaning your recently hacked file? Excellent, but you not finished yet!

    If you were blacklisted by Google, McAfee, Yandex (or any other web spam authorities), your site is showing various malware warnings to your visitors, wich can be a big turn down factor. Luckily you can request a review after the hack has been fixed.

    Google is now limiting repeat offenders to one review request every 30 days.

    Be sure your site is clean before requesting a review!

    To remove malware warnings on your site:

    • Call your hosting company and ask them to remove the suspension.

      • You may need to provide details about how you removed the malware.
    • Fill in a review request form for each blacklisting authority.

      • Google Search Console
      • McAfee SiteAdvisor
      • Yandex Webmaster
      • Norton Site Security
      • (any other similar service backlisting your site)
    • The review process can take several days.
  • Clickjacking

    Is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. On a clickjacked page, the attackers load another page over it in a transparent layer, in most cases using HTML FRAME based techniques. The users think that they are clicking the buttons they are actually seeing, while they are in fact performing actions on the hidden page. This way the attackers can trick users into performing actions which the users never intended. There is no way of tracing such actions to the attackers later, as the users would have been genuinely authenticated on the hidden page.