Malicious code with backlink on my website

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 11:38 am

Hello,
I've realized that a malicious js script was introduced on my website, here is the source code (it is encoded on my website):

Code: Select all

<!-- rk_czxV1dv1UTfErdQy27 --><script type="text/javascript">document.write(unescape('<script language="JavaScript">
function dnnViewState()
{
var a=0,m,v,t,z,x=new Array('9091968376','888791819281878942577939317'),l=x.length;
while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
</script>'));</script>

<div class="dnn" id="615267">
<p><a href="http://bad-web-site">chantix online</a>
</p>
</div>
<!-- /rk_czxV1dv1UTfErdQy27 -->
I've read here http://forum.joomla.org/viewtopic.php?f=262&t=795946 that it comes from a module or pluggin that inject it. I've tryed to download my website, search for "file_get_contents" but I got to many results and I wasn't able to see where it came from (I can past the result it ou like).

Now I'v tryed to disactivate every module one by one, but none seems to remove this backlink from my homepage. Now from yesterday, I can't access my Admin page anymore, It's been block by htaccess password for a while so I don't think it's part of the hack, maybe simply that I did something wrong with my database. When I loggin, it doesn't tell me that anything was wrong, but it doesn't redirect me to the adminpannel.. I stay on the login page.

Finally, here is FPA analyzis:
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.3) : 25th April 2013 wrote:[20-Feb-2012 14:10:48] PHP Fatal error: require_once() [<a href=\'function.require\'>function.require</a>]: Failed opening required \'/home/gitesru/public_html/templates/404.php\' (include_path=\'.:/usr/lib/php:/usr/local/lib/php\') in /home/gitesru/public_html/plugins/system/backlink.php on line 508
Forum Post Assistant (v1.2.3) : 25th April 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (644) | Owner: gitesru (uid: 1/gid: 1) | Group: gitesru (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-348.3.1.el5 | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/gitesru/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 20th February 2012 14:10:48. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.1.68-cll (Client:5.1.68) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 3.68 MiB | #of Tables:  100
Detailed Environment :: wrote:PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | mysql (1.0) | SimpleXML (0.1) | posix () | Reflection (0.1) | imap () | SPL (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi () | timezonedb () | suhosin (0.9.32.1) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | Zend Engine (2.2.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | Wrapper (1.5.0) | User (1.5.0) |
Components :: ADMIN :: Frontpage (1.5.0) | Messaging (1.5.0) | Template Manager (1.5.0) | Banners (1.5.0) | Plugin Manager (1.5.0) | Language Manager (1.5.0) | sh404sef (1.0.19_Beta) | Polls (1.5.0) | Content Plugin (1.0.1) | XMap Plugin (1.0) | Xmap (1.0.1) | Xmap (1.1) | Installation Manager (1.5.0) | JCE (1.5.0 RC4) | JCE Admin Control Panel (1.0.0) | English(United Kingdom) (1.5.0) | Joom!Fish (2.0.2) | JCE (1.5.2) | Control Panel (1.5.0) | Media Manager (1.5.0) | Search (1.5.0) | Mass Mail (1.5.0) | Contact Items (1.0.0) | Newsfeeds (1.5.0) | User Manager (1.5.0) | Configuration Manager (1.5.0) | Content Page (1.5.0) | Menus Manager (1.5.0) | Trash (1.0.0) | Cache Manager (1.5.0) | Module Manager (1.5.0) | Weblinks (1.5.0) | JM Sitemap (2.0 BETA) |

Modules :: SITE :: Feed Display (1.5.0) | Random Image (1.5.0) | Login (1.5.0) | JoomFish-Language Selection (2.0.1) | QuickNav (1.7) | Archived Content (1.5.0) | Related Items (1.0.0) | Sections (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) | Custom HTML (1.5.0) | Menu (1.5.0) | Breadcrumbs (1.5.0) | Search (1.0.0) | Poll (1.5.0) | Banner (1.5.0) | Statistics (1.5.0) | Latest News (1.5.0) | Most Read Content (1.5.0) | Footer (1.5.0) | Syndicate (1.5.0) | Newsflash (1.5.0) |
Modules :: ADMIN :: Feed Display (1.5.0) | Admin Submenu (1.0.0) | Login Form (1.0.0) | Logged in Users (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | User Status (1.5.0) | Direct Translation (2.0.1) | Quick Icons (1.0.0) | Title (1.0.0) | Custom HTML (1.5.0) | Admin Menu (1.0.0) | Toolbar (1.0.0) | JCE Admin Control Panel (1.0.0) | Unread Items (1.0.0) | Items Stats (1.0.0) | Footer (1.0.0) | Latest News (1.0.0) |

Plugins :: SITE :: Joomfish - Missing Translation (2.0.1) | User - Joomla! (1.5) | User - Example (1.0) | Editor - JCE 1.5.2 (1.5.2) | Editor - XStandard Lite for Jo (1.0) | Editor - TinyMCE 3 (3.2.6) | File Browser (1.5.0 Stable) | Paste (1.5.1) | Paste (1.5.0) | Advanced Code Editor (1.5.0) | Joomla! Links for Advanced Lin (1.2.0) | Advanced Link (1.5.1) | Object Support (1.5.1) | Image Manager (1.5.2) | SpellChecker (2.0.0) | System - Log (1.5) | System - Remember Me (1.5) | System - Mootools Upgrade (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - Legacy (1.5) | Joomfish - Basic Router (2.0.1) | Joomfish - Abstraction Layer (2.0.1) | sh404SEF - system - plugin (Version_1.0.B) | System - SEF (1.5) | System - Backlinks (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - OpenID (1.5) | Search - Joomfish Content (2.0.1) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Joomfish Weblinks (2.0.1) | Search - Joomfish Contacts (2.0.1) | Search - Joomfish Sections (2.0.1) | Search - Weblinks (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Categories (1.5) | Search - Joomfish Newsfeeds (2.0.1) | Search - Joomfish Categories (2.0.1) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Content - akJoomGallery (1.1.0) | Content - Code Highlighter (Ge (1.5) | Content - Joomla Extra News Pl (2.0.5) | Easy eXtended Gallery (1.5.0.3) | Content - Vote (1.5) | Google Maps (2.11a) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | Content - Example (1.0) | Joomfish Alternative Language (2.0.1) | Content - Load Modules (1.5) | Content - Email Cloaking (1.5) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Button - Image (1.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | siteground (1.0.14) | beez (1.0.0) | siteground-j15-23 (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |
Many thanks for your help
Last edited by mandville on Thu Apr 25, 2013 12:30 pm, edited 1 time in total.
Reason: trimmed code
Top
pranavpathak125
Joomla! Intern
Joomla! Intern
Posts: 52
Joined: Mon Oct 08, 2012 5:33 am
Location: India

Re: Malicious code with backlink on my website

Post by pranavpathak125 » Thu Apr 25, 2013 12:11 pm

Hi,
It seems your site is hacked or attached by some one, I am not sure.

1.Check your current template index.php file.
2.Please uplode backup template copy if you have. Uninstall plugins, component or module those are not necessary.

hope it will help.
Pranav Pathak,
Joomla, Drupal, worpress developer.
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 12:24 pm

Thank you

-Index.php is not infected
-Backup done, nothing has changed :(
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious code with backlink on my website

Post by mandville » Thu Apr 25, 2013 12:44 pm

sometimes the advice given on these forum is of no practical use whatsoever. (more on that in a minute)
its best to follow security checklist 7 - safe route http://docs.joomla.org/Security_Checkli ... ter_relief
i notice a few of your extensions are out of date, eg jce 1.5.2? that is more likely your point of attack than autosun as i couldnt spot any of their extensions,

now to assist in future posts by well meaning users
pranavpathak125 wrote:It seems your site is hacked or attached by some one, I am not sure.
that is actually very obvious
1.Check your current template index.php file.
that is not the only file thats usually attacked, most people dont know what they are looking for and is more often injected into the default template files that most sites dont run.
2.Please uplode backup template copy if you have.
that wont help much as the hack route will still be open, you are wall paperering over the 6ft crack in your wall.
Uninstall plugins, component or module those are not necessary.
that is actually probably the best advice, if users installed and then forgot abt 3rd party extensions.

again it goes back to
A Safe route for disaster relief

save the configuration.php file and your images and personal files one by one, (not the folder as it may contain unwanted files)
wipe the entire folder where Joomla! is installed
upload a new clean full package latest version of joomla (minus the install folder)
reupload your configuration file & images.
reupload or reinstall the latest versions of your extensions , templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)

To do this will take your site off line for around 15 minutes. To track down your hacked/defaced html may take hours or even longer.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 3:44 pm

Thank you mandville.

The thing is, I was even more a beginner than now when I first created the website (already 6 years ago) and I have used a lot of different things together. Plugins, little hacks and so on. I will have to spend even more time to rebuild everything.

I plan to get a brand new clean website with joomla 3.0, but it won't be ready before 1 mounth, and I don't want to loose the ranking I have.

This is why I will chase the trouble, and hopefully find it.

Have you ever seen this issue with the Admin pannel ? not being able to get redirected once I login ?
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious code with backlink on my website

Post by mandville » Thu Apr 25, 2013 4:03 pm

try the reset password tool listed on the checklist 7 and see if that helps
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 4:20 pm

I just realized that I have unpublished some plugins, and it could be the authentification ones..

the Authentication - LDAP, Authentication - OpenID, Authentication - Gmail
had the field published = 0
Set them to 1 but it doesn't seem to have changed anything... I'mpretty sure it come from this, is there anything else I should change ?
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 8:06 pm

I have resolved all my troubles thanks to your advices.

I have updated JCE that was obviously the origin of the problem. I removed the backlink from my homepage and it didn't appear again :)
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious code with backlink on my website

Post by mandville » Thu Apr 25, 2013 9:15 pm

please run the fpa again so that we can check
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 9:36 pm

here it is :
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.3) : 25th April 2013 wrote:[20-Feb-2012 14:10:48] PHP Fatal error: require_once() [<a href=\'function.require\'>function.require</a>]: Failed opening required \'/home/gitesru/public_html/templates/404.php\' (include_path=\'.:/usr/lib/php:/usr/local/lib/php\') in /home/gitesru/public_html/plugins/system/backlink.php on line 508
Forum Post Assistant (v1.2.3) : 25th April 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Writable (644) | Owner: gitesru (uid: 1/gid: 1) | Group: gitesru (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-348.3.1.el5 | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/gitesru/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 20th February 2012 14:10:48. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.1.68-cll (Client:5.1.68) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 3.67 MiB | #of Tables:  98
Detailed Environment :: wrote:PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | session () | iconv () | standard (5.2.17) | json (1.2.1) | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | mysql (1.0) | SimpleXML (0.1) | posix () | Reflection (0.1) | imap () | SPL (0.2) | mysqli (0.1) | soap () | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi () | timezonedb () | suhosin (0.9.32.1) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | pdo_mysql (1.0.2) | Zend Engine (2.2.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: MailTo (1.5.0) | WF_POPUPS_WINDOW_TITLE (2.3.1) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.1) | WF_LINKS_JOOMLALINKS_TITLE (2.3.1) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.1) | WF_AGGREGATOR_[youtube]_TITLE (2.3.1) | WF_AGGREGATOR_VIMEO_TITLE (2.3.1) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.1) | WF_LINK_SEARCH_TITLE (2.3.1) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.1) | WF_VISUALBLOCKS_TITLE (2.3.1) | WF_CLIPBOARD_TITLE (2.3.1) | WF_AUTOSAVE_TITLE (2.3.1) | WF_LAYER_TITLE (2.3.1) | WF_BROWSER_TITLE (2.3.1) | WF_PRINT_TITLE (2.3.1) | WF_LINK_TITLE (2.3.1) | WF_VISUALCHARS_TITLE (2.3.1) | WF_NONBREAKING_TITLE (2.3.1) | WF_TEXTCASE_TITLE (2.3.1) | WF_SEARCHREPLACE_TITLE (2.3.1) | WF_KITCHENSINK_TITLE (2.3.1) | WF_TABLE_TITLE (2.3.1) | WF_INLINEPOPUPS_TITLE (2.3.1) | WF_LISTS_TITLE (2.3.1) | WF_FULLSCREEN_TITLE (2.3.1) | WF_DIRECTIONALITY_TITLE (2.3.1) | WF_MEDIA_TITLE (2.3.1) | WF_STYLE_TITLE (2.3.1) | WF_SOURCE_TITLE (2.3.1) | WF_CLEANUP_TITLE (2.3.1) | WF_PREVIEW_TITLE (2.3.1) | WF_ARTICLE_TITLE (2.3.1) | WF_IMGMANAGER_TITLE (2.3.1) | WF_XHTMLXTRAS_TITLE (2.3.1) | WF_ANCHOR_TITLE (2.3.1) | WF_SPELLCHECKER_TITLE (2.3.1) | WF_CONTEXTMENU_TITLE (2.3.1) | Wrapper (1.5.0) | User (1.5.0) |
Components :: ADMIN :: Frontpage (1.5.0) | Messaging (1.5.0) | Template Manager (1.5.0) | Banners (1.5.0) | Plugin Manager (1.5.0) | Language Manager (1.5.0) | sh404sef (1.0.19_Beta) | Polls (1.5.0) | Content Plugin (1.0.1) | XMap Plugin (1.0) | Xmap (1.0.1) | Xmap (1.1) | Installation Manager (1.5.0) | JCE (1.5.0 RC4) | JCE Admin Control Panel (1.0.0) | English(United Kingdom) (1.5.0) | Joom!Fish (2.0.2) | Editor - JCE (2.3.1) | Editor - JCE (2.3.1) | JCE File Browser (2.3.1) | plg_quickicon_jcefilebrowser (2.5.0) | JCE (2.3.1) | JCE (2.3.1) | Unknown (-) | Control Panel (1.5.0) | Media Manager (1.5.0) | Search (1.5.0) | Mass Mail (1.5.0) | Contact Items (1.0.0) | Newsfeeds (1.5.0) | User Manager (1.5.0) | Configuration Manager (1.5.0) | Content Page (1.5.0) | Menus Manager (1.5.0) | Trash (1.0.0) | Cache Manager (1.5.0) | Module Manager (1.5.0) | Weblinks (1.5.0) | JM Sitemap (2.0 BETA) |

Modules :: SITE :: Feed Display (1.5.0) | Random Image (1.5.0) | Login (1.5.0) | JoomFish-Language Selection (2.0.1) | QuickNav (1.7) | Archived Content (1.5.0) | Related Items (1.0.0) | Sections (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) | Custom HTML (1.5.0) | Menu (1.5.0) | Breadcrumbs (1.5.0) | Search (1.0.0) | Poll (1.5.0) | Banner (1.5.0) | Statistics (1.5.0) | Latest News (1.5.0) | Most Read Content (1.5.0) | Footer (1.5.0) | Syndicate (1.5.0) | Newsflash (1.5.0) |
Modules :: ADMIN :: Feed Display (1.5.0) | Admin Submenu (1.0.0) | Login Form (1.0.0) | Logged in Users (1.0.0) | JCE File Browser (2.3.1) | Online Users (1.0.0) | Popular Items (1.0.0) | User Status (1.5.0) | Direct Translation (2.0.1) | Quick Icons (1.0.0) | Title (1.0.0) | Custom HTML (1.5.0) | Admin Menu (1.0.0) | Toolbar (1.0.0) | JCE Admin Control Panel (1.0.0) | Unread Items (1.0.0) | Items Stats (1.0.0) | Footer (1.0.0) | Latest News (1.0.0) |

Plugins :: SITE :: Joomfish - Missing Translation (2.0.1) | User - Joomla! (1.5) | User - Example (1.0) | Editor - JCE (2.3.1) | Editor - XStandard Lite for Jo (1.0) | Editor - TinyMCE 3 (3.2.6) | System - Log (1.5) | System - Remember Me (1.5) | System - Mootools Upgrade (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - Legacy (1.5) | Joomfish - Basic Router (2.0.1) | Joomfish - Abstraction Layer (2.0.1) | sh404SEF - system - plugin (Version_1.0.B) | System - SEF (1.5) | System - Backlinks (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - OpenID (1.5) | Search - Joomfish Content (2.0.1) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Joomfish Weblinks (2.0.1) | Search - Joomfish Contacts (2.0.1) | Search - Joomfish Sections (2.0.1) | Search - Weblinks (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Categories (1.5) | Search - Joomfish Newsfeeds (2.0.1) | Search - Joomfish Categories (2.0.1) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Content - akJoomGallery (1.1.0) | Content - Code Highlighter (Ge (1.5) | Content - Joomla Extra News Pl (2.0.5) | Easy eXtended Gallery (1.5.0.3) | Content - Vote (1.5) | Google Maps (2.11a) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | Content - Example (1.0) | Joomfish Alternative Language (2.0.1) | Content - Load Modules (1.5) | Content - Email Cloaking (1.5) | Button - Readmore (1.5) | Button - Pagebreak (1.5) | Button - Image (1.0.0) |
Templates Discovered :: wrote:Templates :: SITE :: JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | siteground (1.0.14) | beez (1.0.0) | siteground-j15-23 (1.0.0) |
Templates :: ADMIN :: Khepri (1.0) |
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious code with backlink on my website

Post by mandville » Thu Apr 25, 2013 10:41 pm

sh404sef (1.0.19_Beta) ????? !!!!
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Thu Apr 25, 2013 10:58 pm

haha :) sh404sef was free until the beta I guess, and it is so complicated to set and so important for SEO that I never dare to update it ! I actually never had any trouble with it and my fisrt test on joomla! 3.0 showed that I wouldn't need it anymore :D
Top
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15152
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malicious code with backlink on my website

Post by mandville » Fri Apr 26, 2013 12:04 am

ok in response to thaat
http://docs.joomla.org/Archived_vel#sh404SEF
http://anything-digital.com/sh404sef/ne ... 04sef.html
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}
Top
titimoi
Joomla! Apprentice
Joomla! Apprentice
Posts: 16
Joined: Tue Apr 28, 2009 8:29 pm

Re: Malicious code with backlink on my website

Post by titimoi » Fri Apr 26, 2013 8:06 am

very interresting mandville, thank you again. I will try to find this cost-free patch.
Top
Locked

Return to “Security in Joomla! 1.5”