Items filtered by date: December 2015

This is a great little snippet to add phone numbers into the topbar and when displayed in mobile are centered and on seperate lines so everything looks nice.

Tel: 0800 123 4567 Mobile: 07777 123 456

HTML

<p style="text-align: center;">
	<span style="font-size: 24pt;">
		<span style="display: inline-block; white-space: nowrap; margin-top: 5px;">Tel: 0800 123 4567</span>  <span style="display: inline-block; white-space: nowrap; padding-top: 5px;">Mobile: 07777 123 456</span>
	</span>
</p>

These are my notes on recovering your hacked Joomla website (de-hack/dehack/dehacking).

The best prevention is to have good reliable backups.

Part 1 - Am I hacked?

If you receive reports from a customer that their website is hacked you need to look at their site from your computer.

Precautions

• Use a Sacrificial PC (a PC you dont mind wiping if it gets infected)
• Make sure A-V is running
• HIPS is on
• An AD Blocker is running
• Run your browser in Sandbox mode
• Malwarebytes Anti-Exploit is running
• Javascipt is disabled (to start with)
• Adobe PDF is not installed
• No Script Plugin is running

What should I do to check?

• Check the obvious cPanel settings to make sure it is not them causing a website to go off
  
  • Is the account suspended
  • Over bandwidth quota Account
  • Over disk quota

• Have a look around with ftp / cPanel before anything else
  • Are there random file names and unusual folders
  • Check the CGI folder and remove anything in there (should I disable CGI)
• Check the Vulnerability Feed from Joomla
• Check the homepage to see if it is hacked (optional)
• Check .htaccess
• Login to Joomla admin
• Install RSFirewall and run system check
• Check Website log files
  • check the raw access logs with ApacheLogViewer (or other log viewer) and check for access to dodgy files and heavy access from 1 IP etc..
  • Also try sorting by request, this will expose dodgy files and their access
  • POST should not be heavily used by remote IP address
  • Add these IPs to the htaccess IP deny rules

Part 2 - First Steps if your site is hacked

• Disable website by .htaccess (Deny From All)
• Change cPanel password

Part 3 (opt A) - Recover from backup

This by far is the best way to recover your joomla website.

This will replace all files and your database, so if youor backup is really old or out of date you should consider if this is the best option for you.

• Back the virus infect website up and store
  • Why do this? This is done just in case you have missed some new content or other thing you have missed. It does not harm and this backup can be deleted later. Download this to your PC before starting.
• Verify that the Joomla version of the infected website and the backup are the same. If they are not you will need replace the database with that out of the backup and this can lead to content loss if the backup is not new enough. If you do not want to swap the database you cannot use this method.
  • The joomla version number is stored in
    • administrator/manifests/files/joomla.xml
    • /libraries/cms/version/version.php
    • Write down the Joomla version make sure you combine the release+maintenance version to get the correct joomla version?
  • How to find which version of Joomla! I'm using? - Joomla!
• Delete the files in public_html folder on the server
• Upload your backup
  • Only the contents of the public_html folder, you should extract these files from the backup and re-zip ready for upload.
  • You can also upload the full backup and after extraction only move the required files into public_html if you know what you are doing
• Extract backuped files into the public_html folder
• Replace the database (optional)
  • only do this if the Joomla versions were not the same
• Empty joomla cache

The site should now be running but it might not be clean, backups can still have issues. Perform the Hack Cleanup to finish.

Part 3 (opt B) - Repair Hacked Site (as is)

If you do not have any backups you will need to repair your Joomla installation using the following procedure. This is not the preferred option.

• Backup the website
  • Why do this? This is done just in case you have missed some new content or other thing you have missed. It does not harm and this backup can be deleted later. Download this to your PC before starting.
• Write down the Joomla version
  • The joomla version number is stored in
    • administrator/manifests/files/joomla.xml
    • /libraries/cms/version/version.php
    • Write down the Joomla version make sure you combine the release+maintenance version to get the correct joomla version?
  • How to find which version of Joomla! I'm using? - Joomla!

Full Package Joomla System Files Re-Install

This section should re-enable Joomla but malware might be present in 3rd Party Apps and in random folders all over the place and should not be counted on as fully cleaning your website.

This section will also allow you to get a list of installed extensions and their version numbers. You can get these from your database if you know what you are doing.

• Download the full installation package for the same Joomla version from github
• extract the zip file
• upload all of the extracted Joomla files to the hacked website's public_html folder and replace all files
• This should allow you to get basic access to your joomla website
• login into the joomla website and get a list of the installed extensions and their version numbers

You can move to the 'Perfom Hack Cleanup' section if you have time contraints or are happy that the infection is not envasive, this is not recommended. You should carry on with the next section.

Full Fresh Install with 3rd Party Apps brought back in

This is a lot more thourough in cleaning you site but requires a lot more work. This assumes you have followed the section above and have a backup of the infected site and a list of extensions.

• Delete the files in public_html folder on the server
• Extract the backup you just made on to your PC (of the infected site)
• Scan the files in the public_html files for virus and remove them if found.
• Upload the Full Joomla installation package to the public_html folder on the server
• carefully check the /images/ folder and once you are happy that it is clean upload this to public_html on the server
• There might be 3rd party apps that have user files that need uploading (ie in the media folder), unless you know what needs uploading and have check for virus or dogy files DO NOT UPLOAD, you can always do this later. Most user stuff will be in the /images/ folder
• Download all of the extensions you need and make sure they are the correct version
• check the  configuration.php from the download infected backup and make sure it is clean from virus or dodgy code and then if all clear upload it to the website server
• Login to joomla. You migth get some erros but ignore these unless you cannot login (that will need to be dealt seperately)
• install all of the extensions you have downloaded. this will re-install all of these extensions with fresh files.
• Check all of the extensions are working correctly (i.e. there are no missing images). If there are missing images check in your infected backup for them, clean the related files and folders and then upload them to the correct location on the server.
• Check joomla is running normally

The site should now be running but it might not clean yet. Perform the Hack Cleanup to finish.

Part 4 - Post Hack Cleanup

These instructions should be done for all versions of recovery and help prevent getting re-infected and remove any straggling malware or unwanted behaviour.

Users and Passwords

• Remove any erroneous user accounts. Delete any users that should not be in the Joomla user manager.
• Change passwords (and prefixes) for the following in order and all of them:
  • cPanel (if not already)
  • MySQL Database
  • MySQL Database Prefix
  • RSFirewall
  • Joomla Users - Reset them all
    • if you have users do a bulk reset once you have changed the admin password
• Edit configuration.php via cpanel and change MySQL database password
• Check the administrator folder is protected by .htaccess authentication (Batcode). If it isn't, add this feature
• Enable 2nd Factor Authentication in Joomla (I have not tried this yet)
• The potential login procedure would follow
  1. URL with Token
  2. Batcode
  3. RSFirewall
  4. Joomla Login
  5. 2nd Factor Authentication

RSFirewall

If already installed upgrade it if it is not the latest version.

• Install RSFirewall if not present (with hashes and GeoIP)
  • Upload New Hashes (if not present)
  • Install GeoIP to block by country? (if not present)
• Configure RSFirewall settings  (as per skeleton notes)
  
  • Upload Skeleton Config - Which includes:
    
    • Block all China and Russia
    • Active file scanner
    • Enable admin password protection
    • High and critical emails sent to joomla@example.com
    • Disable Joomla Installer
    • Prevent New Admins from being created
    • convert all emails to images (i have not used this yet)
    • Filter File Uploads
    • Automatic Blacklisting set to 10
    • etc...
• Scan / System check and follow all recommendations (apart from php.ini)
  • Remove any malware files it finds by keeping the list on screen and then use a ftp browser and remove all infractions
  • Temp Files
    • Empty temp files (except index.html if doing manually)
    • The temp folder should be /home/{account}/tmp-joomla if not already
    • Don’tdelete /home/{account}/publid_html/tmp it will just come back with a system upgrade or get flagged by the RSFirewall as missing.
• Database Check (PHPMyAdmin and RSFirewall)

Upgrade Joomla and Extensions

Backup again before doing this sections for safety.

• Re-install/Upgrade all extensions
• Re-install/Upgrade template (Joomlashine allows you to scan files for modifications)
• Remove JSecure lite (if present)
• Install SH404SEF (optional)
• Upgrade Joomla

Joomla Settings

• Add captcha to all forms
• Empty joomla cache
• Add 5G firewall

Final Operations

• Empty Temp files again
• Run RSFirewall System check
• Create a backup from the live webserver and save it to your PC
• Extract the public_html (your could do the whole cPanel archive) and scan for virus
• If the scan(s) come back clear you are done. If any virus is found you need to remove them and upload the cleaned files
• remove any .htaccess restrictions
• Delete the root .htaccess and robots.txt files and replace with the Skeleton ones or use the latest Joomla ones from the upgrade
• Done

Part 5 - cPanel Additional

I use cPanel for hosting so this is what I do but you can easily translate these in to any other hosting platform

• Set email quotas within the disk quota of the account ie the website + email quota is below the account limit 100mb mail boxes is good.
• Purge the default mailbox (probably via webmail or ftp)
  • load horde, right click on the inbox and select empty - this will remove all emails
• Set Default Email address to "Discard the email while your server processes it by SMTP time with an error message."
• Country restrict the site via .htaccess (in the short term)
• Enable SPF and DKIM
• Get the server PHP version upgraded if needed
• Server AV scan when replacing the .htaccess you must bear in mind multiple domains , if you delte these rewrites this could cause a connection reset error. Restore the htaccess file from the viri website buyt make surte yoou clean it. This might want to be earlier in these instructions

Misc

Password Checklist

When fixing multiple websites you need to record the username and passwords. I use a text file with the following in:

• www.hackedwebsite.com
• cPanel -
• MySQL -
• RSFirewall -
• Joomla -
• Prefix -

This for me is a very important process to know. For my longer articles I mainly create them in office and then copy and then paste them in to my WYSIWYG (JCE Editor). This method allows me to write the articles quicker without fear of time outs and lost content etc.

With putting most of my articles on my website there is no need to keep the word documents as this would get tiresome and could be confusing. There is a downside to this. If you want any of the articles in a word format you no longer have the original and the article has been converted in to a HTML page.

Until now I did not know how to convert the Joomla articles back to Word Documents and i was use to that when I copied the document back from the website and pasted into Word 2010 the results were undesireable and not how I remembered the original word document, the formatting could be loast, the wrong font was being used and the heading references were missing.

I will now show you how to completly restore a Word document from a Joomla article. You should note that this will work with other content such as K2 articles.

Different Methods I have tried

• Pasting into LibreOffice Writer 5.1.3 (Prefered Method)
• Create HTML file with the HTML from the article WYSIWYG and then open that file with Libre Office
• Pasting into Word 2010
• Create a HTM file from the browser and then open with Microsoft Word 2010
• Conversion Websites

Methods and their results:

Pasting into Libre Office Writer 5.1.3 (Prefered Method)

1. Goto the articles webpage, do not edit the article.
2. Copy the article's content only, not the menu, statistics, modules etc.... (If you need the title which is not in the content because it is managed by the menu item, type that in later.)
3. Create a blank LibreOffice Writer document and open it.
4. Paste (Ctrl+V) the content into LibreOffice Writer
   
   • Ctrl+V seems to do a paste, 'HTML without comments'.
   • After pasting into LibreOffice Writer there are no weired characters. Layout, lists and headings are maintained but the fonts have been changed to the default LibreOffice style.
5. Save the file as Word .docx file
6. Open the file in Word 2010
   • The layout and heading references have been maintained. There are no weired characters but the styling is still the sames as was in LibreOffice.
7. Select all of the content
8. Change style to word 2010
9. Add the main <H1> Title if needed
10. Save the document
11. Done

You now have a word version of your HTML article. The headings and formatting is maintained. You can also paste the word document back into a WYSIWYG with no further issues.

Notes

• I have not tested this method with images but should work.
• This method seems to remove all weired chracters, possibly has an invisible font substitution for this exact issue.
• I would guess the results by using the WYSIWYG content (not HTML) will be exactly the same.

Create HTML file with the HTML from the article WYSIWYG and then open that file with Libre Office

1. Edit the article in Joomla
2. Expose the HTML and copy it
3. Create a article.html file on your PC's desktop and paste the code into it
4. Save and close the article.html file
5. Open the article.html file with LibreOffice Writer
6. Save the content as a word .docx file (i.e. article.docx)
7. Open article.docx in Word 2010
8. Select all of the content
9. Change style to word 2010
10. Add the main <H1> Title if needed
11. Save the document
12. Done

You now have a word version of your HTML article, there might be a few things you need to sort out but the headings and formatting is maintained. You can also paste the word document back into a WYSIWYG with no further issues.

Notes

• It is important to only use the HTML of the article.
• I have not tested this with images, they possibly will fail unless using full http:// paths.
• When I open up the article.docx file in LibreOffice, some characters appear as weired characters, not a lot. This is due to the characters being non-standard from the original Microsoft Office Word document (i.e look like periods but are not, or those dashes that you get in Word but are the ones Word autocorrect adds). These characters go unnoticed because they render correctly on the webpage (or appear to) but are slightly different characters. When LibreOffice opens the HTML file it substitutes these characters with characters from the ‘SimSun’ font giving rise to what appears to be corruptions but is infact just an unpleasant font substitution. To correct this you can:
  • Makes sure there are no errors in the original word document. It is the auto correct thing that most likely causes this
  • Remove all non standard code in the article (joomla/wysiwyg)
  • Tidy the text up inlibre office before saving
  • Tidy the text up in Microsoft office

Pasting into Word 2010

This keeps the formatting from the website but does not correctly attach heading status to the headings even though they are in the nav pane. You can merge the styles which seems to restore the fonts but not the heading.

If you use this method you will have to use the 'Change Style' feature and manually set the headings again. There is also a chance that there will be font settings in the document that will be copied back in to a Joomla rticle should you want to try and use this code back in the joomla article, perhaps after editing it.

Create a HTM file from the browser and then open with Microsoft Word 2010

• Using FireFox I saved the articles webpage as htm and then open with word.
  • This keeps the headings correctly referenced
  • This is messy as it keeps all of the other stuff like the menu and modules.
  • You can then delete the uneeded bits by highlighting and deleting
  • Select all and go to ‘Change Styles’ and select ‘Word 2010’ which makes the headings look normal. The text still stays in the wrong font and size
  • This would cause specified font rules being copied back up to a Joomla article should you want to put the article back into Joomla.

Conversion Websites

• These converters will try and keep the content the same as on the website by setting fonts and sizes rather than maintaining the elements such as converting <h1>, <h2> to a heading elements in Word.
• So these converters will translate the content fine into the Word equivalent visually but there will be element recognition loss and font substitution.
• Because of the loss of headings I would have to manually set all the headings again and then use the 'Change Style' feature. Teh results of this will vary from converter to converter.
• Because I want to create a word document that only uses the default so there is no font settings within the document, this method is not good.

General Notes

• They might be stuff that cannot be translated properly like code highlighting, but these can be sorted out manually as they most likely never existed in a word document anyway

• Office 2016 - This might be more forgiving for direct pasting of content as it is a lot newer and because HTML and document formats probably have more parity

More to come as I do the project.

Viewing Method

• cast to device
  • screen mirroring (miracast)
  • screen mirroring (chromecast)
  • screen mirroring (TeamViewer/AirDroid/etc..)
• Other
  • IP webcam (DroidCam)
  • HDMI/MHL output from phone via USB
  • via DLNA (AllCast + AllShare)?
  • TeamViewer
• Screen share via App
  • AirDroid
  • Windows Phonelink
  • MyPhoneExplorer

Notes

• Settings --> Connect devices --> Connection preferences --> Cast
  • Still no 3 dots
• Three-dot menu missing from Cast (#732) · Issues · LineageOS / issues / android · GitLab
  • Google removed "wireless display/Miracast" support in P. This is the method a lot of smartTVs use for direct casting/screen mirroring. Android also fully supports casting via Chromecast/google home type devices and thats why this menu remains in place.
• Miracast is bi-rectional, where-as Chromecast is one-way i.e. they only do receivers and is a locked down protocol.

Zooming Methods

• camera zoom
• adding a lense on
• using a better phone
• large TV

my methods makes the phone the microscope, not adding one onto it

Lenses

• Lense types
  • Macro = for subject close to the lense
  • Micro = microscope stuff (possible Wide + Macro + Fish Eye lens = micro)
  • Telescopic = for subject far away from lense, there is usually a minum distance the subject needs to be (minimum focus distance)
  • Super Macro ?
  • Zoom Lense ?
• Focusing distance = minimum distance the subject has to be from the lens

Bracket

• Retort stand (29cm version probably to small)
• Lazy stand thing (clips onto the desk) – This has the ability to be moved about easily

Software

• free software for USB cameras like USB microscopes - Oasis Scientific Inc - A good list of android software here.
• Google Play
  • xploview - Apps on Google Play - Application software for wireless microscope
  • DroidCam Webcam (Classic) - Apps on Google Play - Use your phone as a webcam on your computer over WiFi or USB.
    • Windows and Android App
    • DroidCam Client (Classic) Dev47Apps - From their website
  • Magnifier & Microscope [Cozy] - Apps on Google Play - Good magnifier app to see tiny things bigger and more clearly!
  • Microscope - Apps on Google Play - A microscope equipped with a simple database.
  • USB Camera - Apps on Google Play - Connect EasyCap or UVC devices for recording and broadcast video/audio stream
  • MScopes for USB Camera Webcam - Apps on Google Play - Capture images & record videos for USB Camera, Webcam, Microscopes, Endoscopes
  • UsbWebCamera - Apps on Google Play - This can preview and capture movie & still image from web camera w/o root.
  • IP Webcam - Apps on Google Play - Turn your phone into a wireless camera!
• ApkPure
  • CameraFi APK for Android Download - CameraFi Latest Version APK download for Android. - Capture and Recording video from a USB camera using CameraFi.
  • USB Camera APK für Android herunterladen - USB Camera 11.2.1 APK-Download für Android. Schließen Sie EasyCap- oder UVC-Geräte zur Aufzeichnung und Übertragung von Video- / Audiostreams an

Different lenses from ebay

Microscope

• 60x
  • Cheap version (v1)
    • 60 x no adjustable zoom (or possible screm thread) with UV and led light, clips on with a screw thread fitting
• V2
  • 60 x adjustable zoom with UV and led light, clips on with a screw thread fitting
  • White plastic or one with a smiley face
  • Smiley face one does not have any cushioning on the clamp, this could scratch your phone
  • Bracket version available
• 100x
  • V1
    • 100x standalone version available (to use with your eye)
    • 100x that fits onto a mobile phone
    • Available with a case for a phone
    • 3 * LR1130 batteries (included)
• V2
  • Uses 3 x AAA batteries
  • Seems bigger than the other version
  • Maybe heavier
  • Can be used on mobile or standalone

Other notes

• Using your mobile phone as a microscope
  • How to Use an Android Phone As a Webcam For PC [Windows & Linux] - Learn how to use your android phone camera as webcam for all your online video call and chat applications like Skype, MSN or Google+ hangouts.
  • How to use your Android as a Webcam - CNET - On a PC with no built-in Webcam and not ready to purchase one, either? Luckily your Android device makes a great stand-in for a Webcam.