Skip to Content Skip to Menu

Hacked? Registration usernames changed to random letters but not saved

  • rlerner
  • rlerner
  • OFFLINE
  • Posts: 11
  • Thanks: 1
  • Karma: 1
9 years 7 months ago - 9 years 7 months ago #260110 by rlerner
Hacked? Registration usernames changed to random letters but not saved was created by rlerner
Using J3.4 and CB 1.9.1. Front end registration is off. Created a new user in back end, saved. When I return to User Management, the name appears as entered. However, when I go the individual profile, the name has been changed to a series of random letters. First and last are the same, much like a CB spam registration would appear. But it does not seem to be saved in the profile. The user management page still shows the correct name, unless I go into the profile and save when I exit.

Failed solutions:
1. FTP'd entire site and did a local virus scan on it, nothing.
2. WeMaHu Joomla virus scanner (not sure if it really works, but worth a try), nothing.
3. Looked through comprofiler folders for files with different dates, nothing stuck out as obvious.

In the Joomla core user management profile, the names are NOT changed. Only in the CB profile. Not really sure where else to look or if there is a better tool or technique to find these things.

It's probably a well-known hack, don't think it's anything new.

Anyone know where the bad guys typically hide these things?
Attachments:
Last edit: 9 years 7 months ago by rlerner.

Please Log in or Create an account to join the conversation.

  • rlerner
  • rlerner
  • OFFLINE
  • Posts: 11
  • Thanks: 1
  • Karma: 1
9 years 7 months ago #260128 by rlerner
Replied by rlerner on topic Hacked? Registration usernames changed to random letters but not saved
How about this. Can anyone tell me the file(s) that pass the text box input from the registration page to insert into database table? Assuming it goes to the table jos_comprofiler, please correct me if I'm wrong. Maybe I can search the code and find the file(s) pointing to that.

Please Log in or Create an account to join the conversation.

  • nant
  • nant
  • OFFLINE
  • Posts: 12339
  • Thanks: 1467
  • Karma: 877
9 years 7 months ago #260135 by nant
Replied by nant on topic Hacked? Registration usernames changed to random letters but not saved
I tested and everything is working fine here with CB 191 and Joomla 3.4.

I do suggest that you upgrade to CB 2.0.7 as CB 191 is no longer maintained.

I would also suggest that you do the same test with a different browser.
--
Nick (nant)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Tutorials + Search the forums
For more add-ons and support: Upgrade your membership
Links: Community Builder - Languages - Adv/Pro/Dev membership - CBSubs Paid Subscriptions - GPL Templates - Hosting

Visit my CB Profile - Send me a Private Message (PM)

Please Log in or Create an account to join the conversation.

  • rlerner
  • rlerner
  • OFFLINE
  • Posts: 11
  • Thanks: 1
  • Karma: 1
9 years 7 months ago #260157 by rlerner
Replied by rlerner on topic Hacked? Registration usernames changed to random letters but not saved
Updated to 2.0.7. Also installed/ran myjoomla audit extension. Free version did the trick. It identified some files it felt were security risks or may have been altered. Allowed it to perform fixes and all seems well at this point.

FWIW - Had to hard-uninstall wemahu. It does not appear in manage components and has no uninstall. Left some traces throughout MySQL tables. Would not do that one again.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum