Our Joomla site was hacked. Somehow attackers were able to place an .htm
file in the root of the website and overwrite the .htaccess
to deface the website.
I have restored a backup with the kickstart and akeeba and upgraded joomla from 2.5.18 to 2.5.19 the site already had the latest virtuemart.
Since that moment we have encountered a lot of duplicate entry errors in the session table.
Here is what I have tried so far:
I also installed a plugin and blocked a lot of bad ip's and changed the url to the administration page. I have changed logins of admin and superusers and moved to an other host, other mysql db other ftp login and got hacked again. Have not been hacked since I blocked ips and changed the admin location. But I still have duplicate session errors and somehow a lot of Â
characters in my content pages and no visible euro signs in virtuemart. Even though the database collation is utf-8 and I use the default htaccess which comes with joomla 2.5.19
I seriously have no idea how to troubleshoot this joomla duplicate session errors. Some source online says you have to remove the session table and re-create. but isn't that the same as clear all rows or a truncate?
edit can this be caused due to a missing column?
edit2 the change of largetext to medium for the data column has not changed a thing, still this error:
Duplicate entry 'cb' for key 'PRIMARY' SQL=INSERT INTO
jo_mydbprefix_session
(session_id
,client_id
,guest
,time
,userid
,username
)
edit3 can someone confirm that my problem is related to this one http://issues.joomla.org/tracker/joomla-cms/153
Hmm, is 'cb' the session_id? The session ID should look more like '7b975e2584c684f199774326c77e953f', right?
However: are you sure your restored backup is from before the attack? I would recommend to:
Now check if the session problem is still there.
Continue by manually downloading and copying files for your components and addons (virtuemart etc) into the file-structure.
regards Jonas