Strange links to casino homepages on my content sites...

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
jeod
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue May 28, 2013 4:10 pm

Strange links to casino homepages on my content sites...

Post by jeod » Thu May 30, 2013 10:31 am

Problem Description :: Forum Post Assistant (v1.2.3) : 30th May 2013 wrote:Hello everybody, Since about 6 month i have some strange casino & poker links on some of my sites. when i open them in the admin panel i can see them, placed randomly in the text and i can delete them. after some days they are back... i changed every users password (of those who are able to change the content) but that didnt help. the date of the last change of the content site, does NOT change, while those links are placed in Please tell me what i can do... The website is on a centos server hosted by hosteurope... i have root permissions. i checked the /var/www/secure file but couldnt find that somebody logged in via ftp or sth. Thanks in advance jeod
Forum Post Assistant (v1.2.3) : 30th May 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (755) | Owner: 10000 (uid: /gid: ) | Group: 505 (gid: ) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: No (ReWrite Enabled but no .htaccess?) | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-028stab092.1 | Technology: x86_64 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /var/www/vhosts/sportcenter-rottenburg.de/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.3 | PHP API: apache2handler | Session Path Writable: No | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: 0 | Open Base: /var/www/vhosts/sportcenter-rottenburg.de/httpdocs/:/tmp/ | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 256M

MySQL Configuration :: Version: 5.1.61 (Client:5.1.61) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 5.04 MiB | #of Tables:  127
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.3) | date (5.3.3) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | session () | iconv () | Reflection ($Revision: 300393 $) | standard (5.3.3) | shmop () | SPL (0.2) | SimpleXML (0.1) | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tokenizer (0.1) | xml () | apache2handler () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | imap () | json (1.2.1) | mbstring () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | sqlite3 (0.7-dev) | wddx () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | ionCube Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: mcrypt | suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Apache Modules :: core | prefork | http_core | mod_so | mod_auth_basic | mod_auth_digest | mod_authn_file | mod_authn_alias | mod_authn_anon | mod_authn_dbm | mod_authn_default | mod_authz_host | mod_authz_user | mod_authz_owner | mod_authz_groupfile | mod_authz_dbm | mod_authz_default | util_ldap | mod_authnz_ldap | mod_include | mod_log_config | mod_logio | mod_env | mod_ext_filter | mod_mime_magic | mod_expires | mod_deflate | mod_headers | mod_usertrack | mod_setenvif | mod_mime | mod_dav | mod_status | mod_autoindex | mod_info | mod_dav_fs | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_substitute | mod_rewrite | mod_proxy | mod_proxy_balancer | mod_proxy_ftp | mod_proxy_http | mod_proxy_ajp | mod_proxy_connect | mod_cache | mod_suexec | mod_disk_cache | mod_cgi | mod_version | mod_fcgid | mod_perl | mod_php5 | mod_python | mod_ssl | mod_dav_svn | mod_authz_svn | Apache |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

Elevated Permissions (First 10) :: modules/mod_norightclick15/ (777) | modules/mod_norightclick15/tmpl/ (777) | modules/mod_yoo_gallery/ (777) | modules/mod_yoo_gallery/yoo_gallery/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/thumbnail_default/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/thumbnail_default/black/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/thumbnail_rounded/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/thumbnail_rounded/black/ (777) | modules/mod_yoo_gallery/yoo_gallery/styles/thumbnail_rounded/images/ (777) |
Database Information :: wrote:Database _FPA_STATS :: Uptime: 764076 | Threads: 1 | Questions: 1521166 | Slow queries: 3 | Opens: 744 | Flush tables: 1 | Open tables: 64 | Queries per second avg: 1.990 |
Extensions Discovered :: wrote:Components :: SITE :: Wrapper (1.5.0) | Yanc Integration (1.2) | CB Mamblog Tab (1.2) | CB Mambo Author Tab (1.2) | comprofiler (1.8) | User (1.5.0) | MailTo (1.5.0) |
Components :: ADMIN :: JCalPro (2.1.10 (build) | JEvents (1.5 beta) | Content Page (1.5.0) | Banners (1.5.0) | Weblinks (1.5.0) | Contact Items (1.0.0) | User Manager (1.5.0) | SIMGallery (3.0.7) | rsbook_pro13 (1.3.2 beta 5) | Template Manager (1.5.0) | Language Manager (1.5.0) | comprofiler (1.8) | jReviews (2.0.4 RC3 Bui) | Newsfeeds (1.5.0) | Media Manager (1.5.0) | Plugin Manager (1.5.0) | Menus Manager (1.5.0) | Cache Manager (1.5.0) | RSform (1.0.1) | Frontpage (1.5.0) | Mass Mail (1.5.0) | Installation Manager (1.5.0) | Configuration Manager (1.5.0) | Trash (1.0.0) | jReviews (2.1.10.140) | Messaging (1.5.0) | Module Manager (1.5.0) | Search (1.5.0) | Polls (1.5.0) | Control Panel (1.5.0) | S2Framework (1.1.2.21) |

Modules :: SITE :: Anti Right Click (Hide this by (1.5) | YOOgallery (1.5.1) | Footer (1.5.0) | JEvents View Switcher (1.5.0 beta) | JSN ImageShow PRO (1.0.6) | YOOcarousel (1.5.15) | RokSlideshow (3.0.3) | YOOlogin (1.5.4) | CB Login (1.8) | Breadcrumbs (1.5.0) | Syndicate (1.5.0) | Latest News (1.5.0) | SIMGallery Requests (2.0) | jReviews Listings Module (2.0) | Search (1.0.0) | JEvents Calendar (1.5.0 beta) | Random Image (1.5.0) | Custom HTML (1.5.0) | SIMGallery Ranking (2.0.0) | Statistics (1.5.0) | Wrapper (1.0.0) | CB Online (1.2) | Related Items (1.0.0) | Poll (1.5.0) | Menu (1.5.0) | SIMGallery (3.0.0) | JCal Pro Mini-calendar (1.5.19 (build) | Archived Content (1.5.0) | Most Read Content (1.5.0) | Sections (1.5.0) | Newsflash (1.5.0) | Feed Display (1.5.0) | Who\'s Online (1.0.0) | CB Workflows (1.2) | Login (1.5.0) | jReviews Reviews Module (2.0) | YOOdrawer (1.5.6) | JCal Pro Latest Events (1.5.19 (build) | Banner (1.5.0) | YOOmaps (1.5.5) | JEvents Legend (1.5.0 beta) |
Modules :: ADMIN :: Online Users (1.0.0) | Footer (1.0.0) | Logged in Users (1.0.0) | Admin Menu (1.0.0) | Toolbar (1.0.0) | Popular Items (1.0.0) | Unread Items (1.0.0) | Custom HTML (1.5.0) | Items Stats (1.0.0) | Quick Icons (1.0.0) | User Status (1.5.0) | Update nötig? (1.1.7) | Latest News (1.0.0) | Feed Display (1.5.0) | Login Form (1.0.0) | Title (1.0.0) | Admin Submenu (1.0.0) |

Plugins :: SITE :: System - Debug (1.5) | System - Backlinks (1.5) | System - Mootools Upgrade (1.5) | System - Log (1.5) | System - SEF (1.5) | System - Legacy (1.5) | System - Remember Me (1.5) | System - Cache (1.5) | Button - Readmore (1.5) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | JCal Pro Search plugin (2.1.10 (build) | Search - Weblinks (1.5) | Search - Sections (1.5) | Search - Categories (1.5) | Search - Newsfeeds (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | SIMGallery JomSocial Plugin (1.0) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - Joomla (1.5) | Authentication - GMail (1.5) | Authentication - OpenID (1.5) | Content - Load Modules (1.5) | Content - Page Navigation (1.5) | Content - Code Highlighter (Ge (1.5) | Content - Example (1.0) | jReviews (2.0) | Content - Email Cloaking (1.5) | YOOgallery (1.5.1) | Content - Pagebreak (1.5) | JCalPro Latest Events plugin (2.1.10 (build) | Content - Vote (1.5) |
Templates Discovered :: wrote:Templates :: SITE :: beez (1.0.0) | JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | yoo_rollout (1.5.0) |
Templates :: ADMIN :: Khepri (1.0) |
Top
Locked

Return to “Security in Joomla! 1.5”