Closed

Remove Malware from PHP / Joomla / MySQL / Drupal website on DreamHost & Update to latest versions

This project received 22 bids from talented freelancers with an average bid price of $298 USD.

Get free quotes for a project like this
Employer working
Skills Required
Project Budget
$30-$250 USD
Total Bids
22
Project Description

Need someone proficient in English who is VERY familiar with PHP, Joomla, MySQL, HTML, Drupal and the DreamHost platform
This job is to update the site to the latest versions of Joomla, PHP and MySQL and restore the site to proper working order according to the instructions below. (a number of files were hacked and malware was inserted into a number of files). The hosts platform does NOT support one-click installs.

For more details, please see the messages below we received from the webhost

If these messages don't make sense, then this job isn't for you.

I want someone who understands the issues completely and is able to quickly and fully restore the site.

===
Files found containing malware: 10 PHP Files + 9 Jomres sessions files.
Remove malware code.
Most commonly hacking exploits occur through known vulnerabilities in
outdated copies of web software (blogs, galleries, carts, wikis, forums,
CMS scripts, etc.) running under your domains. To secure your sites you
should:

1) Update all pre-packaged web software to the most recent versions
available from the vendor.

Drupal ([url removed, login to view]) : (OUTDATED!)
Joomla ([url removed, login to view]) : (OUTDATED!)

- Joomla installations need to be updated to the current secure release
for your branch: [url removed, login to view], 2.5.8, or 3.0.2. Note that 1.5.x is no longer
supported by Joomla! so migrating to a current branch before further
issues arise is important.
- Drupal installations should be updated to the current secure release
of 7.0 or the legacy releases of [url removed, login to view] or 5.23.
- Any old/outdated/archive installations that you do not intend to
maintain need to be deleted from the server.

2) Remove ALL third-party plugins/themes/templates/components after
upgrading your software installations, and from those that are already
upgraded under an infected user. After everything is removed, reinstall
only the ones you need from fresh/clean downloads via a trusted source.
These files typically persist through a version upgrade and can carry
hacked code with them.

3) Review other suspicious files under affected users/domains for
potential malicious injections or hacker shells. Eyeballing your
directories for strangely named files, and reviewing recently-modified
files can help. Search for all files modified within the 2 weeks prior to 8/6/2013 (the date the malware was discovered). Inspect these files and clean (deleting the hacked code
inserted) or delete the files entirely if they are not a legitimate part
of your website(s).

We have disabled the page(s) in question (via adjusting permissions on the files, e.g. chmod, or backing up the file first renaming it to "[url removed, login to view]" and cleaning up the injected code) until you are able to address this matter.

- Update any 3rd party software under the account, including content management systems, gallery software, weblogging tools, etc. Be sure to use current, secure versions and keep them up-to-date.
- Update any plugins and/or themes on your sites (Recent attacks against websites have targeted vulnerable software such as [url removed, login to view] which is included in some wordpress themes, separate from the core files)
- Check your website(s) files for any signs of tampering (file timestamps show recent editing) or files you did not upload yourself and remove them. Looking at the reported files above should give you a good starting point.
- Check your website(s) files for any 777 directories, (e.g. a directory that allows anyone on the server to write or edit the files in the directory; these permissions will look like rwxrwxrwx via the command line)
- Change your FTP password(s). Be sure they are at least 8 characters in length and do not contain English words. Random numbers and letters work best.
- Enablethe StopTheHacker service in your panel. Specficially consider signing up for StopTheHacker's Comprehensive Malware Scanning.

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online