The Joomla! Forum ™

It's not an extension, it's a manual script that is very specific in it's usage and requirements.


[I've removed the rest of my post as it was offensive to others]

_________________
Brad Baker - Follow me on Google+
http://www.rochen.com - Joomla! Hosting, the correct way.
http://www.joomlatutorials.com <-- Joomla Help & Tutorials
^Now with Joomla 2.5 and Joomla 3.0 Tutorials

I already noticed you do not read. I asked you to add the Keepass to the initial post and you just bully yourself onto something different....
What is the difference with the Joomla Forum Asisstant Tools (excellent) which is a stand alone script as well? That is posted in JED and heavy promoted (look in the top of your screen) (http://extensions.joomla.org/extensions ... tools/1734) Argument is not valid.....Consistency and transparency in decision making are though....

Good call Brad...Glad to see you active again (http://www.alltogetherasawhole.org might do you some good! ....amongst other things....)

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

As was pointed out before, JTS does not alter files in the way that the suggested cleaning script does.
--
edit to add : i will add the password tool to the checklist 7 as a suggested ftp security tool

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Broomla is a virtual broom for cleaning (scripted) iframe injections in Joomla. It is intended for those who do not have a good backup to restore and who do not know how to manually repair a Joomla 1.5 website compromised by a (scripted) iframe injection FTP Trojan.

It is therefore not an ftp security tool at all. It belongs into recovery or whatever but definitely not in ftp security...Nothing to do with ftp-security I am afraid but appreciate the intension

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

it was keepass i was talking about - the password reminder tool that helps prevent ftp passwords being stored in the ftp prog.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

misunderstanding...tnx but it is already mentioned in that I think

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

yes - just added it today to Local Security
* Don't store user name/password in ftp program
o Use a password manager such as the free keepass
after your comments on it

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

anybody help me how to use this

Thanks

_________________
Http://www.hiittech.com/
Http://www.newskycars.com/

Hello, You might want to explain where you point at? What s the issue, what are your problems , where you need help, what is the error you get, what is your platform......just to mention a few?

Please be good and use viewtopic.php?f=428&t=272481 so we know what is your environment and psot detailed info so we can help you?

Cheers

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

Hi just thought I would share. I have 24 sites. 16 have been hit with this. Cleaning joomla is bad enough but the whole server was hit so the server admin tools are all corrupt also. Of the 16 sites ALL had Joomla installed somewhere. 4 of the sites were not on my FTP client, no passwords stored on my computer anywhere. The remainder of my sites that were not hit, were listed on the ftp client. So for now I am ruling out the virus ftp thingy.

I changed computers Dec 09 and I have not added some of the affected sites passwords and user id's to my new computer. The old computer has not been in use (fried hard drive). The attacks all happened on the 23rd and 24th of Jan. 2010 on all of my sites.

None of my WP sites were affected. None of my hand coded sites either unless they also contained and instance of joomla 1.5 or 1.0. It did not matter what flavor or version. Three sites were recently upgraded to the latest release. I also have some social networking sites that use elgg. They were not affected unless joomla was there somewhere. So I am thinking it's something to do with Joomla. I am on a designated server not shared service so I am at a loss and just waiting on support to go through the logs. I have joomla installed with php and ftp. Made no difference.

I have been all over the net today and it seems like there is a real uptick in this thing. http://justcoded.com/article/gumblar-fa ... oval-tool/ this site has a removal tool I have used it, the script is called curevir.php but it is somewhat limited because of file permissions, it does work though, if you can work around that it may be good for you.

Note: There have been 109 entries on this subject at justcoded, a lot of them in January 2010 and 39 of them in the last few days. Just sayin...

These attacks are discussed here as an individual. However, these collective solutions must joomla. If we use this script.

_________________
http://www.deben10.net
http://www.ben10-games.net

I read the full post and I would like to share with you our preventing security strategy .

Use the FTP File System Layer
With this mode you don't need directory with the 777 CHMOD

Use a strong .htaccess
Orginal .htacess : http://docs.joomla.org/Preconfigured_.htaccess
We add:

In some case we add a filter again bad-bot : http://www.bg-pro.com/?goto=badbot

Install http:BL Plugin

http://extensions.joomla.org/extensions ... ccess/2786

Install a monitoring system

We develop JMonitoring. It check the integrity of the main files of joomla like all the index.php (joomla and templates), configuration.php etc...

http://extensions.joomla.org/extensions ... urity/9787

Finally subscribe the RSS Vulnerable Extensions List
http://feeds.joomla.org/JoomlaSecurityV ... Extensions and check with your monitoring tools if you have installed one of this extension.

Actually we use it on more than 40 joomla website with good results.
PA

_________________
www.inetis.ch - Joomla integrator and member of the Joomla.fr Team

#slight off topic but how are you finding the new format feed, is it working for you?

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

removing the code does not get to the root of the problem - why/how did it get there in the first place.

warning before running any scripts posted by users, make sure you have a suitable back up of your site.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

on deeper checking of that script you would also need to edit some of the code of the script to match your site.
without more instructions provided by the coder, i would not recommend people who are not familiar with php to use it.
fabiomazzo - thank you for the effort but can you please expand on the script-instructions etc.
my advice still is, cleaning the code does not cure the reason it arose

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Which i definitely support 100%. Prevention is better than seeing the doctor the morning after....

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

My intention was not to promote myself, only developed a solution to my problem and decided to share. Ok Sorry, I think I'm in the wrong community. Bye

Did you read any of the other comments and suggestion over your script?

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

I have not mentioned about your comment, but on the edition of my post.
With a little more detailed documentation : http://innoit.com.br/phpantivir

thank you , that will assist those who think they can just upload and run the script and it will solve all their issues.

see this full depth explanation from PhilD
viewtopic.php?p=2052210#p2052210

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

It's not a solution, not solve a lot of issues, just helps in ONE specific issue. Perhaps, it can help somebody.

Thank you for posting the solution. If it helps even only one single person it will put smiles on your face!!

Cheers!

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

Thanks for the informative post.
I found this great tool to detect malware on your site {self promotion deleted}

I got problem during installation any body guide me

_________________
Http://www.hiittech.com/
Http://www.newskycars.com/

what exactly are you having an issue with.? and i deleted your double post

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

This type of infection is much more common with the password however. For that reason, you should follow these steps:

1. Scan your local computer, the clients computer, and any computer from which you have accessed the account using an up to date virus scanner such as http://malwarebytes.org CRITICAL!

2. Update the cPanel/FTP password with a password that is not easily guessable. Use 12-digits and something like example (!) &G5s#!K-|%H1

3. Submit your site for a rescan using your Google Webmaster account. If you do not already have an account please follow the instructions on this page to obtain one: http://www.google.com/support/webmaster ... swer=45432
thaks
4. Read the information provided below about this type of viral infection and how to further prevent it.

Only for your information: Last week 05-06-10 and last night 05-12-10, several websites were attacked for this script. All of them are hosted in GoDaddy; Fortunately, there is a function call "Restore" so we could restore files from some days ago and they replace the "hacked" files. I know this is not enough, but at least is a fast (and temporary) solution.

the godaddy conversation is here viewtopic.php?f=432&t=515398

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

I agree that SFTP won't protect against a keylogger, although there is not much information regarding this latest trojan/exploit (keylogging or password sniffing?), the pattern does seem to be with FTP. If one can use SFTP VS FTP, it is certainly more secure.

Not sure about you, but personally I would not use FTP over an open un-trusted network.

Oh! I'm reading this article and I think It very good.