Remove Malware from PHP / Joomla / MySQL / Drupal website on DreamHost & Update to latest versions

This project received 22 bids from talented freelancers with an average bid price of $298 USD.

Get free quotes for a project like this
Project Budget
$30 - $250 USD
Total Bids
Project Description

Need someone proficient in English who is VERY familiar with PHP, Joomla, MySQL, HTML, Drupal and the DreamHost platform

This job is to update the site to the latest versions of Joomla, PHP and MySQL and restore the site to proper working order according to the instructions below. (a number of files were hacked and malware was inserted into a number of files). The hosts platform does NOT support one-click installs.

For more details, please see the messages below we received from the webhost

If these messages don't make sense, then this job isn't for you.

I want someone who understands the issues completely and is able to quickly and fully restore the site.


Files found containing malware: 10 PHP Files + 9 Jomres sessions files.

Remove malware code.

Most commonly hacking exploits occur through known vulnerabilities in

outdated copies of web software (blogs, galleries, carts, wikis, forums,

CMS scripts, etc.) running under your domains. To secure your sites you


1) Update all pre-packaged web software to the most recent versions

available from the vendor.

Drupal ([url removed, login to view]) : (OUTDATED!)

Joomla ([url removed, login to view]) : (OUTDATED!)

- Joomla installations need to be updated to the current secure release

for your branch: [url removed, login to view], 2.5.8, or 3.0.2. Note that 1.5.x is no longer

supported by Joomla! so migrating to a current branch before further

issues arise is important.

- Drupal installations should be updated to the current secure release

of 7.0 or the legacy releases of [url removed, login to view] or 5.23.

- Any old/outdated/archive installations that you do not intend to

maintain need to be deleted from the server.

2) Remove ALL third-party plugins/themes/templates/components after

upgrading your software installations, and from those that are already

upgraded under an infected user. After everything is removed, reinstall

only the ones you need from fresh/clean downloads via a trusted source.

These files typically persist through a version upgrade and can carry

hacked code with them.

3) Review other suspicious files under affected users/domains for

potential malicious injections or hacker shells. Eyeballing your

directories for strangely named files, and reviewing recently-modified

files can help. Search for all files modified within the 2 weeks prior to 8/6/2013 (the date the malware was discovered). Inspect these files and clean (deleting the hacked code

inserted) or delete the files entirely if they are not a legitimate part

of your website(s).

We have disabled the page(s) in question (via adjusting permissions on the files, e.g. chmod, or backing up the file first renaming it to "[url removed, login to view]" and cleaning up the injected code) until you are able to address this matter.

- Update any 3rd party software under the account, including content management systems, gallery software, weblogging tools, etc. Be sure to use current, secure versions and keep them up-to-date.

- Update any plugins and/or themes on your sites (Recent attacks against websites have targeted vulnerable software such as [url removed, login to view] which is included in some wordpress themes, separate from the core files)

- Check your website(s) files for any signs of tampering (file timestamps show recent editing) or files you did not upload yourself and remove them. Looking at the reported files above should give you a good starting point.

- Check your website(s) files for any 777 directories, (e.g. a directory that allows anyone on the server to write or edit the files in the directory; these permissions will look like rwxrwxrwx via the command line)

- Change your FTP password(s). Be sure they are at least 8 characters in length and do not contain English words. Random numbers and letters work best.

- Enablethe StopTheHacker service in your panel. Specficially consider signing up for StopTheHacker's Comprehensive Malware Scanning.

Skills Required

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online