Hacked By CoupDeGrace - Question | JoomShaper

Hacked By CoupDeGrace

MC

Massimo Campari

General 1 week ago

We have detected a security breach on our websites caused by a vulnerability in the Helix Framework. Do you have any guidelines or recommendations on how to resolve this issue?

0
3 Answers
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227694

Hello,

We sincerely apologize for the inconvenience.

Please follow the steps below to resolve the issue:

  1. Go to Site Template Styles → Your Template → Template Options → Custom Code → Custom JavaScript.
  2. Check for any suspicious or unknown JavaScript code and remove it. This should remove the injected message if it was added through the template's Custom JavaScript field.
  3. After that, please update both the System - Helix3 Framework plugin and the Helix3 - Ajax plugin to the latest version (v3.1.2).

If you do not see an update notification in your Joomla dashboard, you can download the latest Helix3 package from the following page and install it via Extensions → Install:

https://www.joomshaper.com/joomla-templates/helix3

Please follow the cleanup guide here: https://www.joomshaper.com/forum/question/45152 You can also use the following security scanner to help identify malicious files and delete them: https://github.com/zkrana/joomla-security-scanner

Please make sure to read the README.md file in the repository for instructions on how to run the tool. After completing the cleanup and upgrading to v6.6.2, please let us know the outcome or if you need any further assistance.

We'll be happy to help. Thank you.

0
MC
Massimo Campari
Accepted Answer
1 week ago #227706

We have restored a clean backup from before the attack, updated the template and all installed extensions, and updated all passwords. Is there anything else we should consider or do?

0
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227754

Keep your sites updated and backup frequently.

If you manage multiple Joomla sites, you could use tools like Akeeba Panopticon or mysites.guru for faster batch-maintenance.

A security-hardened .htaccess file (manually or generated) is also always a good idea.

See https://github.com/zkrana/joomla-security-scanner#user-content--hardening Admin Tools Pro (.htaccess Maker) or HTProtect (1-click-Hardening incl. .htaccess and Auto-Extension-(Security-)Updates)

0