Surviving an SQL injection attack
I recently suffered an attack on a modestly sized Joomla website (>500 articles), with the result that I had random hyperlinks appended to the end of every article, masquerading as a hard to notice full-stop character. Tracking down the source of the attack, might be difficult, but this article describes the procedure for clearing up the mess.
- Components > Akeeba Backup > Backup Now.
- Enter a comment and click Backup Now!
- Go to Administer Backup Files to download your backup in case your web server has a failure.
You should definitely change the following passwords:
- MySQL user account.
- Joomla superuser accounts
- Web Hosting login account.
Next you need to log in to phpMyAdmin and run the following SQL command to see the extent of the damage.
SELECT * FROM `xxxx_content` where introtext like '%>.</a>%'
My malicious hyperlink was presented as a full-stop, and of course, I don't use full-stops for hyperlinks, so this search revealed all the articles affected, and realising the issue existed, I then exported the table as a .csv file.
I used Libre Office to 'Find and Replace' the malicious text.
- Open the .csv file.
- Add a Header row, to match the field names in the content table.
- This is important for when you use phpMyAdmin to Import the .csv file, so that it has the correct number of columns.
- Select the introtext (5th) column for editing.
- In the toolbar menu, go to Edit > Find & Replace.
- For Find enter the following
<a style="text-decoration:none" href="/.*">.</a>$
- Leave Replace with as blank.
- Expand Other Options.
- Select Current selection only.
- Select Regular expressions.
- Choose Values, for Search in.
- Search direction is Rows.
- Click Replace All.
- Save your .csv file with its new 'clean' data.
Upload .CSV File
Now you can upload the .csv file back into the database table.
- Go back in to phpMyAdmin.
- Select the xxxx_content table.
- In the Operations tab, click Truncate to empty this table.
- Select the Import tab.
- Browse to your newly created .csv file.
- Enter 1 for the Number of rows to skip.
- Click Go.
All being well your articles should now be cleaned up.
Things to watch out for
This procedure worked for me, because the hyperlinks were 'disguised' as a full-stop, and the hyper-link itself used 'text-decoration:none', which I never use. Also all the hyperlinks had been appended to the end of the article.
Thanks for visiting.