xxxx.com - malware ???

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
User avatar
londonprive
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Feb 11, 2011 5:02 am
Location: London

xxxx.com - malware ???

Postby londonprive » Fri Feb 11, 2011 5:10 am

Hi,

I am currently doing lots of page optimisation on one of our joomla websites. Now, I use google's page performance tool and came across the following suggestion:

========================
Serve resources from a consistent URL

The following resources have identical contents, but are served from different URLs. Serve these resources from a consistent URL to save 2 request(s) and 70B.

Is it Malware, or is it a joomla thingy - or what ?

I am slightly confused to be honest. If that thing is not of benefit to me - how to get rid of it?


Cheers,
George

User avatar
dam-man
Joomla! Exemplar
Joomla! Exemplar
Posts: 7962
Joined: Fri Sep 09, 2005 2:13 pm
Location: The Netherlands
Contact:

Re: - malware ???

Postby dam-man » Fri Feb 11, 2011 6:57 am

Moved to security Forum
Robert Dam - Joomla Forum Moderator
Dutch Boards | Joomla Coding Boards | English Support Boards

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 16702
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: xxxx.com - malware ???

Postby leolam » Fri Feb 11, 2011 9:25 am

Please do not click any of the links above!

@ Mods: Please disarm these links? Sites spread malware imho

edit: removed steps since issue caused by extension as described below

Leo 8)
Last edited by leolam on Sat Feb 12, 2011 4:34 am, edited 1 time in total.
- Joomla Professional Support Services :https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Joomla Professional Web Development :www.gws-studio.com -
- Member Joomla Bug Squad & J-CMS Release Team

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: xxxx.com - malware ???

Postby Tonie » Fri Feb 11, 2011 9:34 am

Links have been removed.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 16702
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: xxxx.com - malware ???

Postby leolam » Fri Feb 11, 2011 9:37 am

Tnx Tonie 8)
- Joomla Professional Support Services :https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Joomla Professional Web Development :www.gws-studio.com -
- Member Joomla Bug Squad & J-CMS Release Team

mdwongca
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Fri Feb 11, 2011 4:54 pm

Re: xxxx.com - malware ???

Postby mdwongca » Fri Feb 11, 2011 5:07 pm

Hi. I'm Mike Wong, Product Manager at tynt.com. Just wanted to provide some information regarding this post. I'm sorry you ran into this issue and I'm hoping we can get to the bottom of it.

I want to start by assuring you that Tynt is in no way malware or malicious. <deleted SP> We add a link to text when users copy text off your page.<deleted SP>

There's two possible ways our scripts can end up on your page. You can sign up <deleted SP> and install our script. The second possibility (which is more likely), is that we have a partnership with whos.amung.us. and you've installed the whos.amung.us widget. <deleted SP>

If neither of those situations are true, please feel free to contact me at support [at] tynt [dot] com and I'd be happy to chase this down for you.

Thanks,
Mike Wong
Last edited by mandville on Fri Feb 11, 2011 5:46 pm, edited 1 time in total.
Reason: removed self promotion, and "partner promotion"

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 16702
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: xxxx.com - malware ???

Postby leolam » Fri Feb 11, 2011 5:32 pm

The original post contained an enormous amount of hidden links to your site(s) and a lot of undefined crap, inserted from scripts not belonging to legitimate websites. You allow through your "widgets" spam/malware to be spread and that is a crime

Be informed

Leo 8)

edit: removed address to person involved to avoid impression of "wall of shame"
Last edited by leolam on Sat Feb 12, 2011 4:36 am, edited 1 time in total.
- Joomla Professional Support Services :https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Joomla Professional Web Development :www.gws-studio.com -
- Member Joomla Bug Squad & J-CMS Release Team

User avatar
londonprive
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Feb 11, 2011 5:02 am
Location: London

Re: xxxx.com - malware ???

Postby londonprive » Fri Feb 11, 2011 5:50 pm

Hi all,

Oh, sorry for posting the link in the first place ~ Didn't know that this was actually that threatening. Either way, have to give Mr. Wong credit as apparently we have installed a plugin which adds a link to our website on copy and paste text from any page.

However, I talked to the developers in question and apparently someone thought it would be a good idea to install a module like this, but apparently we can't find it in the plug in manager. Mr. Wong would you please do me the honour of passing me the module name information so we can remove this from our site. Page optimisation appears more important than having the "copy paste tool" on our site. Furthermore, in case this is a legitimate tool - I would start worrying about your companies reputation on the internet. Google for your link - not necessarily inviting.

@leolam: Thanks a lot for the check list - just passed it on to our developer to have a go ... very helpful !!

Well, what can I say we are new to Joomla :D

Many Thanks,
George

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 16702
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: xxxx.com - malware ???

Postby leolam » Fri Feb 11, 2011 6:13 pm

mdwongca wrote:I want to start by assuring you that Tynt is in no way malware or malicious.
http://lifehacker.com/?_escaped_fragmen ... ste-blocks

explains a lot about this
not to mention the security and privacy concerns that come with Tynt sending tracking information to their servers without your consent.


Leo 8)

edit: removed possible offending cynical greeting
Last edited by leolam on Sat Feb 12, 2011 4:19 am, edited 2 times in total.
- Joomla Professional Support Services :https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Joomla Professional Web Development :www.gws-studio.com -
- Member Joomla Bug Squad & J-CMS Release Team

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 13823
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: xxxx.com - malware ???

Postby mandville » Fri Feb 11, 2011 6:41 pm

Moderator comment; please do not turn this topic into a " wall of shame ".
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security forums Moderator}

User avatar
londonprive
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Feb 11, 2011 5:02 am
Location: London

Re: xxxx.com - malware ???

Postby londonprive » Fri Feb 11, 2011 11:35 pm

Hi,

Just a quick note, Mr. Wong has sent me information regarding the plugin via message and does help me resolving this. I agree with Mandville lets not turn this topic into a "wall of shame". I will post all the info as soon as this issue has been resolved in case anyone else needs help on this topic. Thanks for everyone's help so far !

Best,
George

User avatar
londonprive
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Feb 11, 2011 5:02 am
Location: London

Re: xxxx.com - malware ???

Postby londonprive » Sat Feb 12, 2011 12:40 am

Hi,

Ok resolved it - Mike pointed out the component we've downloaded and installed:

http://extensions.joomla.org/extensions ... tics/12231

The whole thing installs itself as:

System - Seobooster under the plugin menu.

I have removed this and the whole thing removed itself from the site.

Thanks to everyone for the support on this.

Cheers,
George x

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 16702
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: xxxx.com - malware ???

Postby leolam » Sat Feb 12, 2011 4:32 am

mandville wrote:Moderator comment; please do not turn this topic into a " wall of shame ".
Never the intention for sure and modified my posts to remove that impression where that might have arisen. However I think the Joomla users should be informed about this extension and what the product does and also be informed how to Block Tynt on a PC or Mac Software that sends tracking information to their servers without my consent (!) can definitely be considered malware imho and that statement has nothing to do with "wall of shame"

Leo 8)
- Joomla Professional Support Services :https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Joomla Professional Web Development :www.gws-studio.com -
- Member Joomla Bug Squad & J-CMS Release Team


Return to “Security in Joomla! 1.5”

Who is online

Users browsing this forum: No registered users and 5 guests