The Joomla! Forum ™

Hi,

Got this email about website been hacked. And actually the code is there.
Is the site hacked? and is it possible to remove the actual code the guy is mentioning?

-

Sent: Friday, August 12, 2011 2:18 PM



<noscript><a href="http://<deleted>.com" rel="follow">Joomla Templates</a><a href="http://<deleted>.org" rel="follow">Web Hosting</a><a href="http://<deleted>.org" rel="follow">Free Money</a></noscript>


Hi there,

Just wanted to let you know that YOUR WEBSITE has been HACKED by <deleted>.org! They also hacked my website couple of months ago so I decided to let you know about this ASAP.

What happened is that the people who run <deleted>.ORG, <deleted>.COM, and <deleted>.COM injected into your website several hidden links to their own websites.

!!! WARNING: THAT HURTS YOUR WEBSITE BECAUSE IT LOOKS LIKE YOU LINK TO SPAM WEBSITES !!!

REPORT THEM to https://www.google.com/webmasters/tools ... port?hl=en!

How to find the injected spam links?

1. Open your website in any browser
2. Click View
3. From the drop-down-menu click "Source" or "Page Source" or "View Source"
4. Search for "<noscript>"

Their injected malicious code usually looks like this:

<noscript>
<a href="http://<deleted>.com" rel="follow" title="Joomla Service">Joomla Service</a>
<a href="http://<deleted>.com" rel="follow" title="Best Web Hosting">Best Web Hosting</a>
<a href="http://<deleted>.org" rel="follow" title="Web Hosting">Web Hosting</a>
</noscript>


How to fix this?

Just remove the above chunk of code "<noscript>…</noscript>" from your website templates.

If you want to eliminate this kind of spam and punish webhostingtop.org, hostermonster.com, and joomlartwork.com for misbehaving, please take a minute to report these sites to major search engines:

https://www.google.com/webmasters/tools ... port?hl=en
http://help.yahoo.com/l/us/yahoo/search/abuse.html
https://support.discoverbing.com/eform. ... redirect=1

Hope my information helps!

Good luck.

Best regards,
MJ



_



Thanks

Springer

Where did you get the template from?

[ ] Run the forum post assistant and security tool Instructions available here

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Thanks mandville,

Downloded from a Website. Dont remember which one at this moment I downloaded the template from.
But I will go througt your actionlist.
If its in the template then it´s impossible to remove I assume?

Springerpower

remove the template and replace.
the source code of the templat ewill give the name, start from there

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}