9 years 5 months ago
Hi
My server has developed the unfortunate habit of sending out spam email in the middle of the night.
I've managed to isolate the files responsible, etc - but not yet certain if the problem is a Joomla exploit or some other vulnerability.
There are a couple of things I'm wondering if people would able to shed light upon.
The first is that I'm setting up a cron job that will run every few hours to tell me if files have been modified.
This is the unix command:
find . -type f -ctime -1
Thing is when I run it, it returns these files (among others).
./templates/system/index.php
./templates/ecolife/index.php
./templates/beez3/index.php
./templates/protostar/index.php
Does this make any sense? (I've not altered the files, and, as far as I can tell, they haven't actually been altered.)
Secondly, the exploit seems to involve invoking a file called "style.php" that's in the libraries directory.
Does anybody know if that file is part of a standard installation? (I have installations where it doesn't appear...).
Any advice very gratefully received!
Thanks.