The Joomla! Forum ™

I use MySQL. Is there any way to protect it for the case your talk about? Thus, attacking my php files, the database is still protected?
Thanks, Dr. Ian Way.

_________________
Dr. Ian Way
http://www.scibet.com

Hi All

I'm new to Joomla and Php. I've similar problem with my site and google suggests that I've the malicious script on 4 places.

http://mysiteurl.com/
http://mysiteurl.com/?feed=rss2
http://mysiteurl.com/?page_id=2
http://mysiteurl.com/p=1&cpage=1

The code looks like this: <script src=http://*rimo-*iano.dk/App_Data/Default.aspx.php
></script>

Any suggestions where I should be looking at to delete it?

Thanks in advance.

Mithai

is the extension from a 3rd party? does the link appear anywhere else/

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Hello Mandville

Thanks for your reply. For the moment the site is running smooth and I can't see the script in the index.php or default.php files both in the template and other files that I've gone through. Google only suggested these URLs to check and since the URLs are dynamic, I have no clue where to look at. Previously there was a script in the index.php in the template folder but I deleted the whole site and installed the script from scratch. then I changed the file permission of index.php to 444 and the script didn't come back. But the google still showing the given urls as infected. Please help. Thanks again.

And yes the extensions are from third party but I've downloaded them from joomla site. Can they still be infected?

it could be that google just hasnt updated its directory afteryour hack.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

I had malicious codes on index.php all over the sites, even though they were all running on 1.5.18 .

Now, Its all good, but my host said, that the server may have been backdoored, meaning, the hackers may have left some php file somewhere inside , by which they can enter again.

So, how can we find those suspicious files or anything ?

Is there a way to find them ?

_________________
http://www.qubesys.com : Web Design, eCommerce and Software Development
http://www.joomclub.org : Joomla Premium Extensions,Templates and Support Packages

security checklist 7, safe route to reovery. unless you have a few hours to spare to huynt every folder on your site and check every file!

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Ok, so images, templates, db backup and then new joomla install and putting them back.

Thats it.

And yes, install the same components and modules and plugins again there on the new one.

_________________
http://www.qubesys.com : Web Design, eCommerce and Software Development
http://www.joomclub.org : Joomla Premium Extensions,Templates and Support Packages

install up2date versions of your extensions

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

just wondering, i understand this but i like to know random stuffm, when you talk about the file .js what does JS stand for?

apart from the title of this topic giving a clue
try
http://www.google.co.uk/search?q=file+type+suffix
followed by http://www.sharpened.net/helpcenter/extensions.php
and then
http://www.sharpened.net/helpcenter/extensions.php
or
http://filext.com/file-extension/JS

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

js stands for JavaScript. Its a programming language.

_________________
Custom made joomla arcades:
- http://www.tripledoublegames.com
- http://www.playcarparkinggames.com

Ok Godaddy websites have been hacked again. I'm getting sick of this one. It's all over the news. The domains that websites are redirected to are hosted on Godaddy too. It's all over the internet.

I can't delete and upload everything again and again, I'm feel like I'm going to puke now.

Okay; I called'em right away and they seem to have fixed the website now. So cheers!

_________________
Stay Cool!

Do we have any extensions to scan our site for malicious javascript ??

_________________
Signature rules: Literal URLs only - viewtopic.php?f=8&t=65

before this turns into a self promotional post fest, there are several scripts that claim they can scan for such scripts but are they guaranteeed to get all of them.
you also do not know if nything else is installed.
do it the correct way, the safe route to recovery and the rest of checklist 7 (and this topic)

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

There was some kind of tool I used for scanning a long while ago for my blog because it was getting so many problems of this nature. But this was a couple years and I do not have that tool anymore, but thankfully I have not needed anything like it for a good bit.

_________________
That's right, I'm Jack Bauer. What of it?

virustotal.com is good for checking your site to see if it still contains malware.

But I find having a zipped backup only takes half an hour to restore a site properly.

Then just a case of closing off permissions where applicable, changing passwords, checking joomla and plugins, modules etc are up to date.

last day my computer get infected by keylogger and my email , paypal and file hosting account hacked , we need to use antivirus applications and even we believe something safe . java script is perfect for useful things and dangerous for hacking attempts too . i hope we make joomla everyday better and better .

_________________
Please read forum rules regarding signatures: viewtopic.php?t=65

I was recently hit as well on a site I developed using Joomla 1.5

Here is where the 64Decode script was placed in my files. Hope this helps others.

J1.x ? as not sure what they are and in an archive folder..

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Version 1.5.22

How easy or hard is it to hack a site with malicious code?

_________________
Best regards,
Streamline

Mājas lapu izstrāde un grafiskais dizains - http://www.majas-lapu-izstrade.lv

Hackers have many methods of hacking a website.

First, they'll scan it with various tools to look for some known vulnerability. Recently, many sites have been subjected to scanning for phpmyadmin folders.

These probing scans will leave clues in your log files. Look for many GETs or POSTs about the same time and returning 404s (page not found).

The key to protect against this attack is to make sure all software is updated and to follow the security guidelines for all software.

Second, the hackers may try a dictionary attack on various login pages. A dictionary attack uses a dictionary of commonly used passwords and it tries various username and password combinations on login pages. The key here is always use strong passwords.

Third, the hackers may use stolen FTP credentials. These are stolen by viruses on PC used to FTP files to websites. The virus can either search for the file that stores the saved passwords, or "sniff" the FTP traffic. Since FTP transmits all data, including username and password, in plain text, it's easy for the virus to see and steal the login credentials and then logs in as a legitimate user via FTP and infects the website.

The key to protection here is to use SFTP, which encrypts the traffic, and constantly scan your PC for viruses. This hack attack will leave clues in the FTP logs, if you have them activated.

There is also cross-site scripting, SQL injection and a variety of other methods, but if you stick to known, good software, the creators are generally responsible for those types of safeguards.

To answer your question directly, it is easy to hack a website if you don't follow the security guidelines, it's hard if you do.

Thanks for the detailed answer WeWatch!
You actually made me alert and I'm a bit scared of these damn viruses now since they can easily steal my data. Of course I'm using anti-virus software, but they only fights the consequences ...

Guess it's time to start thinking of data synchronization.

_________________
Best regards,
Streamline

Mājas lapu izstrāde un grafiskais dizains - http://www.majas-lapu-izstrade.lv

Can we please stay on topic: Malicious Javascript in your site?

Thanks!

Leo

_________________
--- Joomla Professional Support Services :: http://gws-desk.com ---
--- Joomla Professional and Specialized Hosting :: http://gws-host.com ---
--- Ready to Roll Joomla! Web Sites : 1 - 7 days only! :: @ gws-market.com ---

I thank your problem was solve....