Hello Anastasia,

Hm, not sure what you mean by "hacked" as the only data that you provided us is the SQL query which is not even generated by Komento. That SQL query that you posted is actually generated by Joomla articles

I was told that through a vulnerability in a component are difficult questions, which takes all the server memory.


I try to achieve a more clear explanation of hosting.

Komento worked at Articles

"All that is required to analyze the problem is available from the logs: https://cp-hosting.jino.ru/statistics/logs/ Provide access to logs of your skill, they will be able to understand.
" - hosting support said.


I gave you access to ftp and there are logs. If you can find something...

Hello Anastasia,

Looking at your SQL queries above, that particular query isn't generated by Komento and I think your hosting provider should stop posting false allegations. That particular SQL query is generated by your Joomla articles. Look at the SQL query that you have posted,

 c.published ELSE 0 END AS parents_published FROM j25_content AS a LEFT JOIN j25_content_frontpage AS fp ON fp.content_id = a.id L

It's trying to query Joomla articles table By the way, I do not have the cpanel access

I know Mark you havnt' access to cpanel -) I gave you access to ftp and there are logs.

In the logs there are many requests to com_comento

bash-3.2$ cut -d' ' -f 7 *_access.log | sort | uniq -c | sort -rn | head 

27986 /?option=com_komento 

1991 / 

1946 /?option=com_easysocial 

934 /favicon.ico 

507 /mobiquo/mobiquo.php 

404 /index.php?option=com_easysocial&cron=true&phrase=si****

392 /wp-admin/install.php 340 /resources/artall/nteresting/894-404error.html 

300 /templates/yoo_solar/favicon.ico 189 /index2.php?option=com_fireboard&func=fb_rss&no_html=1&Itemid=53 



bash-3.2$ cut -d' ' -f 1 *_access.log | sort | uniq -c | sort -rn | head 

8108 37.57.54.18

and my hosting thinks that this component has a vulnerability and therefore became the object of attack. fully loaded server memory.... they turn off Komento absolutly -( and I can not prove that they are wrong -(((

Hello Anastasia,

That logs does not prove anything about any attacks. Seriously, access log simply means that whenever someone accesses the site, it gets generated in your access log file. in other words, even if there is 1,000,000 same page refresh by a user, it will appear 1,000,000 times. What your hosting provider is reporting about hacks is pure nonsense.

If the ip address 37.57.54.18 is accessing 8108 times, then don't you think your hosting provider should block the ip address rather than blaming the software? What I would do if I were you is to setup a custom redirection if the visitor is from the ip 37.57.54.18

I can help you to add them into your Joomla script but this wouldn't fix anything because the user can still access your index.php file. My advise to you is to:

1. Either block the ip address 37.57.54.18 on the server level
2. Add a script in the index.php to block 37.57.54.18 (But this does not solve issues because it will still appear in your access_log)

Also, this is a full explanation of what access logs are http://httpd.apache.org/docs/2.2/logs.html . Access logs DOES NOT MEAN that the extension is HACKED!