Hi! MY site has been hacked & the super administrator has been deleted.
Thankfully there was no other damage.

Is it possible to manually generate the Superadministrator using PHPMYADMIN by running a database query?

PLease help......

There was also a message left on the front page:


----------------------------------------------------------
Home

HACKED By SenqRonize ! For Türkiye... / This e-mail address is being protected from spam bots, you need JavaScript enabled to view it This e-mail address is being protected from spambots, you need JavaScript enabled to view it

----------------------------------------------------

I googled it & got alot of results on "HACKED By SenqRonize ! For Türkiye... "
I cant work out what vunerability its exploiting.

may I ask which Joomla! version you are using?


THE FOLLOWING WAY MAY WORK FOR JOOMLA 1.0.1x

I assume that your user with the ID 62 is deleted. Try:

INSERT INTO `jos_users` (`id`, `name`, `username`, `email`, `password`, `usertype`, `block`, `sendEmail`, `gid`, `registerDate`, `lastvisitDate`, `activation`, `params`) VALUES
(62, 'Your Name', 'admin', ' This e-mail address is being protected from spam bots, you need JavaScript enabled to view it ', '', 'Super Administrator', 0, 0, 25, '2005-10-28 14:13:40', '2008-09-05 09:10:58', '', '' );

(this is just a modified export of my database; you may want to replace "Your Name" with your name, "admin" with the desired username of the Superadmin, and " This e-mail address is being protected from spam bots, you need JavaScript enabled to view it " with your email address)

This SQL code should insert a new user with the ID 62 into your database table

Then, I found an article on how to reset your Super Admin's password. The described method will reset the password for user ID 62:

joomlatp.com/joomla-template-Tutorials/R...trator-Password.html

After that you should go to the user settings and chose a more secure password.

Good luck!

I'm using 1.5.x i think 1.5.3 ( i need 2 update i know...lol)

Clean install vs upgrade in terms of performance? what do u think? The upgrade sounds messy?



I'm out now will try it when i get home.

I'll backup the Database first though

How does he HACK ?
Want to know to protect my own site.....

Kangt7, but then you cannot use this SQL. it was meant for the "old" Joomla! 1.0.x table structure.


No idea how that hack works... I believe the best protection is to keep your installation always up-to-date.

I'll have to find another way!


iosoft, i have no idea how it works. I can tell you the security measures i had.


SSL 256-bit - for the whole site (the slowed down like a b!tch)
Jfirewal - Purchased this "www.bestforjoomla.com/overview/"

My site is running on www.siteground.com/ servers.


Basically, The Front page of the forum is fully deleted & that message it left.
If you google that message u'll find tons of sites that have been hacked!

i should post this up on joomla.org.

I'll put more info up on the Flood attack report from Jfirewall...i've disconnected the database from my site to avoid further damage. once its up & running i'll copy & paste the report.

Doesn't matter how secure Joomla is if you're using an extension that is not. That is most likely how they did it.

Ok guys!

I put up a post in Joomla.org a few minutes ago. Below is the link

forum.joomla.org/viewtopic.php?f=432&t=322827

What extensions were you running? It could have been one of them that allowed the hack. But mostly likely the fact that you are running an insecure version of Joomla. You yourself admitted that you needed to upgrade. I suggest in the future when Joomla puts out security patches and version you apply them.