Sep 18

Hacked Joomla website

I found out of one my friend’s joomla site was hacked and hidden links were embedded into his website. It took me almost an hour to figure out where they had added the code. It started with finding out template change that they could hide links from us.

templates/rt_maelstrom/css/template.css:#rt-lm {display-none;}
templates/rt_maelstrom/css/template.css:#rt-lm{position: absolute; top: 0px; left: -5000px;}

Next step was looking for the URL and where they were getting it but lots of ‘grep’ -ing and phpMyAdmin search resulted with nothing. While I was giving up on it, I found it in article.php file under templates folder. Ofcourse encoded as usual.

echo base64_decode($pml);?>

Leave a Reply