discovered that some of your pages can cause users to be inf

[wasabi3d]

Hi there can anyone help me out here! i have a clients website that looks like it has been compromised. I am going through the security checks now and scanning all machines for any spyware. I do have a backup of the website from a few months back.

This has never happened to me before and just looking for guidance as in what the best thing would be to do please?

I am also getting this on the administrator panel?

Untitled-3.jpg

http://www.thisiscreativeenterprise .com/

Dear site owner or webmaster of thisiscreativeenterprise .com,

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

http://thisiscreativeenterprise .com/
http://thisiscreativeenterprise .com/index.php?option=com_blog&view=comments&pid=576&Itemid=0

Here is a link to a sample warning page:
http://www.google.com/interstitial?url= ... enterprise .com/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised
2) the site doesn't monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:
http://www.stopbadware.org/home/security

Once you've secured your site, you can request that the warning be removed by visiting
http://www.google.com/support/webmaster ... swer=45432
and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,
Google Search Quality Team

Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.com/webmasters/tools/siteoverview and going to the Message Center, where a warning will appear shortly.

discovered that some of your pages can cause users to be infected with malicious software

Joomla! Instance :: Joomla! 1.5.21-Stable (senu takaa ama wepulai) 08-October-2010
Joomla! Configured :: Yes | Read-Only (444) | Owner: zthisisc5694com (uid: 1/gid: 1) | Group: psacln (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: 0 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.18-348.3.1.el5 | Technology: x86_64 | Web Server: Apache/2.2.3 (CentOS) | Encoding: gzip, deflate | Doc Root: /var/www/vhosts/thisiscreativeenterprise .com/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 6143 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 25M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.1.41-3ubuntu12.10-log (Client:5.0.95) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 16.26 MiB | #of Tables: 81

PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | curl () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | session () | iconv () | json (1.2.1) | mime_magic (0.1) | pcntl () | posix () | pspell () | Reflection (0.1) | standard (5.2.17) | shmop () | SimpleXML (0.1) | SPL (0.2) | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | cgi-fcgi () | bcmath () | dom (20031129) | gd () | imap () | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | soap () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | ionCube Loader () | Zend Engine (2.2.0) |
Potential Missing Extensions :: zip | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::

Components :: SITE :: User (1.5.0) | MailTo (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: Installation Manager (1.5.0) | Newsfeeds (1.5.0) | aiContactSafe (2.0.16.beta19) | aiContactSafe - Form (1.0.15.stable) | aiContactSafe module (1.0.12.stable) | aiContactSafe (1.0.0) | aiContactSafe - Link (1.0.10.stable) | Messaging (1.5.0) | QGallery (1.1) | RokCandy (1.3) | RokModule (1.2) | Weblinks (1.5.0) | Messaging Backup (1.5.0) | Contact Items (1.0.0) | Trash (1.0.0) | RokCandy Bundle (1.3) | Template Manager (1.5.0) | Banners (1.5.0) | Plugin Manager (1.5.0) | FlexBanner (1.5.69) | Cache Manager (1.5.0) | Module Manager (1.5.0) | RokNavMenu Bundle (2.1) | User Manager (1.5.0) | Polls (1.5.0) | Search (1.5.0) | Mass Mail (1.5.0) | K2 (2.4.1) | Chrono Contact (V 3.2) | RokQuickCart (1.3) | Frontpage (1.5.0) | Messaging (1.5.0) | Control Panel (1.5.0) | TzMonials (1.0) | Configuration Manager (1.5.0) | BoWoB Chat (2.0) | Menus Manager (1.5.0) | Language Manager (1.5.0) | Content Page (1.5.0) | JCE (1.5.7.9) | Media Manager (1.5.0) |

Modules :: SITE :: RokTwittie (2.0) | Statistics (1.5.0) | RokIntroScroller (1.4) | BoWoB Chat Login (2.0) | Menu (1.5.0) | Login (1.5.0) | Banner (1.5.0) | Syndicate (1.5.0) | K2 Comments (2.4.1) | Random Image (1.5.0) | FlexBanner (1.5.69) | Search (1.0.0) | Breadcrumbs (1.5.0) | Most Read Content (1.5.0) | K2 Content (2.4.1) | RokNavMenu (2.1) | Who\'s Online (1.0.0) | Latest News (1.5.0) | Wrapper (1.0.0) | RokAjaxSearch (2.0) | RokStories (1.9) | Feed Display (1.5.0) | mod_bloglatestpost (1.5.0) | K2 Users (2.4.1) | Newsflash (1.5.0) | Simple RSS Feed Reader (by Joo (2.2) | Footer (1.5.0) | FaceBook Like Box (1.5) | Custom HTML (1.5.0) | Simple Upload Joomla 1.5 (1.0.0) | Facebook Like Box (2.1) | K2 Tools (2.4.1) | Poll (1.5.0) | Social Widgets Ultimate Editio (1.0.5) | RokTabs (1.15) | BoWoB Chat Link (2.0) | Sections (1.5.0) | CKforms Form Display (1.3.4) | K2 Login (2.4.1) | Related Items (1.0.0) | Archived Content (1.5.0) |
Modules :: ADMIN :: Items Stats (1.0.0) | Login Form (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Admin Menu (1.0.0) | Unread Items (1.0.0) | Title (1.0.0) | Admin Submenu (1.0.0) | Toolbar (1.0.0) | Feed Display (1.5.0) | Footer (1.0.0) | Custom HTML (1.5.0) | K2 QuickIcons (admin) (2.4.1) | User Status (1.5.0) | Logged in Users (1.0.0) | Latest News (1.0.0) | Online Users (1.0.0) |

Plugins :: SITE :: Content - Code Highlighter (Ge (1.5) | Content - RokBox (1.6) | fboxbot (1.2) | Content - Email Cloaking (1.5) | Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Simple Image Gallery (by Jooml (2.0) | Content - Example (1.0) | Content - Page Navigation (1.5) | Content - Vote (1.5) | Content - Prova Advanced Socia (2.2) | AllVideos (by JoomlaWorks) (3.3) | System - Mootools Upgrade (1.5) | System - Remember Me (1.5) | System - Log (1.5) | System - RokBox (2.4) | System - Legacy (1.5) | System - RokCandy (1.3) | System - SEF (1.5) | System - Backlinks (1.5) | System - Cache (1.5) | System - BIGSHOT Google Analyt (1.5.3) | System - Debug (1.5) | BoWoB Chat (2.0) | System - RokGZipper (1.9) | System - K2 (2.4.1) | RokNavMenu - Extended Link (2.1) | RokNavMenu - Boost (2.1) | XML-RPC - Joomla API (1.0) | XML-RPC - Blogger API (1.0) | Editor - JCE (1.5.7.9) | Editor - XStandard Lite for Jo (1.0) | Advanced Code Editor (1.5.7.9) | JCE SPELLCHECKER TITLE (1.5.7.9) | Paste (1.5.7.9) | File Browser (1.5.7.9) | Image Manager (1.5.7.9) | Media Object support (1.5.7.9) | Joomla! Links for Advanced Lin (1.2.1) | Advanced Link (1.5.7.9) | Paste (1.5.7.9) | Editor - RokPad (1.7) | Editor - TinyMCE 3 (3.2.6) | Button - RokCandy (1.3) | Button - Image (1.0.0) | Button - Readmore (1.5) | Button - RokComments (1.0) | Button - Pagebreak (1.5) | User - Example (1.0) | User - Joomla! (1.5) | User - K2 (2.4.1) | Authentication - GMail (1.5) | Authentication - LDAP (1.5) | Authentication - Example (1.5) | Authentication - Joomla (1.5) | Authentication - OpenID (1.5) | Search - Content (1.5) | Search - Sections (1.5) | Search - Contacts (1.5) | Search - Weblinks (1.5) | Search - Newsfeeds (1.5) | Search - Categories (1.5) | Search - K2 (2.4.1) |

Templates :: SITE :: beez (1.0.0) | JA_Purity (1.2.0) | This is This is Creative Enter (1.5.6) | rhuk_milkyway (1.0.2) |
Templates :: ADMIN :: Khepri (1.0) |

[wasabi3d]

Untitled-2.jpg

Can anyone tell me if this line of code is a classic sign of a compromised site attack please

[mandville]

not sure about your boxbot but a lot of your extensions are out of date/and or vulnerable.
treat the site as hacked and follow security checklist