solved Is my websites Hacked?

alt=
@luis789
2 months ago
88 posts
Hello All
In the system core, Tools Advanced configuration I identified the below Configuration key
curl_setopt( $ch , CURLOPT_URL , "https://hacklink.us/ek.php?id 152" ) //
See Image Below. When I go to the link link appears to be an international website.
I tried to removed it, but when I click in the Delete Button, it does not allow. Could you please confirmed if this link was somehow injected to the website. If it was, is there a way to remove it or what should I do?
I really appreciate for your kind assistance.
hacklink.png
hacklink.png  •  36KB


updated by @luis789: 01/04/24 09:10:51AM
michael
@michael
2 months ago
7,646 posts
Yes. If you didn't put those in there change your password for all admin accounts now.

To delete those keys if the DELETE button doesn't work open up /data/config/config.php and you will see them there. Delete and save the file.

Don't delete the required fields, it should look like this screenshot.

Actually could you save the config.php file, zip it and send it to us, I'd like to have a look at it. send it to support at jamroom dot net with ATTN: Michael and a link to this thread.

thanks.
should.jpg
should.jpg  •  224KB

alt=
@luis789
2 months ago
88 posts
Thank you very much Michael.
I applied the fix as you've requested and that config key is no longer available.
I also email the copy of the config file as requested.
Thank you very much for your quick response.
hacklinkFixed.png
hacklinkFixed.png  •  23KB

Tags