Bloody Hackers And Joomla 3 - Question | JoomShaper

Bloody Hackers And Joomla 3

PhoenixGB

PhoenixGB

Helix Framework 1 week ago

HI

Have an old client using Joomla! 3.10.10 - got the custom script hack, removed it, done all updates BUT the Helix Ultimate System and Helix Ajax are both 2015 v3.0.2

Can i just upload the new versions cos theres no way ot update them from updates?

Don't want to have to keep going back and fixing it cos of these dickheads

0
12 Answers
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227886

Just download version 3.1.2 from https://www.joomshaper.com/joomla-templates/helix3 and install it via Extensions → Install using the ZIP package. This will update your existing installation.

0
Rashida Rahman
Rashida Rahman
Accepted Answer
Support Agent 1 week ago #227889

Hi,

We sincerely apologize for the inconvenience.

Are you talking about Helix3 or Helix Ultimate, please? It seems helix3 though!

However, please follow the steps below to resolve the issue for Helix3:

  1. Go to Site Template Styles → Your Template → Template Options → Custom Code → Custom JavaScript.
  2. Check for any suspicious or unknown JavaScript code and remove it. This should remove the injected message if it was added through the template's Custom JavaScript field.
  3. After that, please update both the System - Helix3 Framework plugin and the Helix3 - Ajax plugin to the latest version (v3.1.2).

If you do not see an update notification in your Joomla dashboard, you can download the latest Helix3 package from the following page and install it via Extensions → Install:

https://www.joomshaper.com/joomla-templates/helix3

Best regards,

0
PhoenixGB
PhoenixGB
Accepted Answer
1 week ago #227891

Rashida I already said i have removed the script, its the helix updates and its an old Joomla 3 site using Travelia v2 from 2017 !!

0
Rashida Rahman
Rashida Rahman
Accepted Answer
Support Agent 1 week ago #227907

Got it!

For users of Helix 3-based templates: Need to install both the Helix 3 System Plugin and the Helix 3 Ajax Plugin. The Ajax Plugin is now available as a separate download (previously it was only included within the template package).

https://www.joomshaper.com/joomla-templates/helix3

Installing these two plugins should be sufficient. Screenshot for your convenience:

https://cleanshot.com/share/bgDZ7d45

0
PhoenixGB
PhoenixGB
Accepted Answer
1 week ago #227908

Thank you Rashida

0
Rashida Rahman
Rashida Rahman
Accepted Answer
Support Agent 6 days ago #227997

You are always welcone:)

0
PhoenixGB
PhoenixGB
Accepted Answer
1 week ago #227890

Cheers Pascal, at the moment it's liking playing Whack A Mole on all my sites, some clients just wont pay for updates and expect everything to be fixed FOC, give them the analogy of servicing ur car, u might get away with it for a few years but when it does break it costs way more - still dont wanna pay. I need a job like sweeping parks and roads aaaarrrgh!

0
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227913

I developed HTProtect (free extension) for exactly this purpose.

It already protects against all of these vulnerabilities, including Helix Ultimate, and receives protection and security updates automatically via a live feed. That means you don't have to keep the extension itself up to date to receive new protection rules, although it also includes a built-in self-update mechanism.

Just added: https://htprotect.org/en/helix-ultimate

0
PhoenixGB
PhoenixGB
Accepted Answer
1 week ago #227914

That looks great Pascal, what Joomla versions will it run on, i have clients from 3 to 6 (and that's their mental ages in some cases lol)

0
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227916

Supports Joomla 2.5 through 6.x and PHP 5.6 through 8.5 (PHP 7.4+ recommended).

Automatic extension updates are available on Joomla 5.4+, as they rely on the Task Scheduler.

Joomla 3 is still fully covered by the Mini-WAF protection rules and security notifications - only automatic extension updates are unavailable due to the missing Task Scheduler.

0
Paul Frankowski
Paul Frankowski
Accepted Answer
Senior Staff 1 week ago #227934

Using Joomla 2.5 in 2026. It's madness! No excuses.

0
PhoenixGB
PhoenixGB
Accepted Answer
1 week ago #227935

We ALL know that but some clients think a website is a website is a website and isn't something that needs maintenance. I always try to get them to take a support contract and even compare it to servicing a car, u can get away for years and then whe nit does break it costs a fortune.

0