Get hacked Joomla back on the rails

I have an old joomla installation which was hacked. All I know for now only index.php was changed and they messed with my user accounts. I downloaded index.php from the current version but at one point it calls $app->dispatch(); which requires a component name parameter in my version. Does anyone know what parameter this should be? I tried: null, 'home', 'application',...

Also I'm planning on updating to the newest version later, however I开发者_如何学Python can't seem to find my current version number. I found somewhere that it is displayed in the admin pages but I can't access them yet. Can I find it in the code files somewhere?

EDIT: The index.php from version 1.5.22 worked. Apparently the correct version was 1.5.3. Does anyone know what else I should check that might have been hacked/messed with?

Why not get a copy of the version you used?

http://forum.joomla.org/viewtopic.php?p=2221953

You can go to the joomla project on joomlacode.org, then select the search tab. From there you type in "1.0.10" and select Releases to search in. You should get some results. Click on the one you are searching for, the files can be found on the files tab, this time the tab is on a blue bar (more to the bottom of the screen).

Although I'd recommend upgrading completely, to stop being re-hacked again.

====== Answer to second question

How big is the site? Usually if it's just a link spamming attack a quick once over will suffice.

The next issue is that you need to patch the hole that caused the problem, in this case upgrading to the latest Joomla (1.6 - I believe) is the first port of call.

Have you modifed the Joomla system in such a way that the hack could have been opened up by you?

My advice, reset the admin passwords and upgrade Joomla.

Very difficult to say anything else without seeing what the "hack" was.

I had to clean out a hacked Joomla install recently. My tip is to grep all the files base64_decode: some hacks consist of decoding a huge string that emits php.

find ./ | xargs grep base64_decode

The hack looked like this: error_reporting(0);eval(base64_decode('JGxMOXdGMWFZNHpY.....

This particular piece of code detected googlebot and other crawlers, and then emitted a list of spam links heavy on viagra. If a normal user agent string was used it showed a normal site. I had to use a firefox extension that changes the user agent to debug this.

The next step would be getting rid of the exploit and then either patching Joomla and waiting for the next exploit or switching to something more secure, like static html or a well-maintained CMS.

Fortunately Joomla has really nice documentation on how to recover from a hack. http://docs.joomla.org/Security_Checklist_7. As Pino mentioned, it is critical that you are always on the latest version to minimize your exposure to security exploits.