Malware in the site

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
iacopo987
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Mon Nov 19, 2012 4:28 pm

Malware in the site

Post by iacopo987 » Mon Nov 19, 2012 4:34 pm

Problem Description :: Forum Post Assistant (v1.2.3) : 19th November 2012 wrote:Malaware
Forum Post Assistant (v1.2.3) : 19th November 2012 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.20-Stable (senu takaa) 18-July-2010
Joomla! Configured :: Yes | Read-Only (444) | Owner: apache (uid: 1/gid: 1) | Group: apache (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 0 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: 0 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.9-023stab052.4-smp | Technology: i686 | Web Server: Apache/2.2.3 (CentOS) | Encoding: gzip,deflate,sdch | Doc Root: /var/www/vhosts/localiditalia.it/httpdocs | System TMP Writable: Unknown

PHP Configuration :: Version: 5.1.6 | PHP API: apache2handler | Session Path Writable: Unknown | Display Errors: | Error Reporting: 2047 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: 0 | Open Base: /var/www/vhosts/localiditalia.it/httpdocs:/tmp | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.0.22 (Client:5.0.22) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 306.66 MiB | #of Tables:  308
Detailed Environment :: wrote:PHP Extensions :: libxml () | xml () | wddx () | tokenizer (0.1) | sysvshm () | sysvsem () | sysvmsg () | standard (5.1.6) | SimpleXML () | sockets () | SPL () | shmop () | session () | Reflection () | pspell () | posix () | mime_magic (0.1) | iconv () | hash (1.0) | gmp () | gettext () | ftp () | exif (1.4 $Id: exif.c,v 1.173.2.5 2006/04/10 18:23:24 helly Exp $) | date (5.1.6) | curl () | ctype () | calendar () | bz2 () | zlib (1.1) | pcre () | openssl () | apache2handler () | dom (20031129) | gd () | imap () | ldap () | mbstring () | mysql (1.0) | mysqli (0.1) | ncurses () | odbc (1.0) | PDO () | pdo_mysql (1.0.2) | PDO_ODBC () | pdo_sqlite (1.0.1) | snmp () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | ionCube Loader () | Zend Engine (2.1.0) |
Potential Missing Extensions :: zip | mcrypt | suhosin |

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe

Apache Modules :: core | prefork | http_core | mod_so | mod_auth_basic | mod_auth_digest | mod_authn_file | mod_authn_alias | mod_authn_anon | mod_authn_dbm | mod_authn_default | mod_authz_host | mod_authz_user | mod_authz_owner | mod_authz_groupfile | mod_authz_dbm | mod_authz_default | util_ldap | mod_authnz_ldap | mod_include | mod_log_config | mod_logio | mod_env | mod_ext_filter | mod_mime_magic | mod_expires | mod_deflate | mod_headers | mod_usertrack | mod_setenvif | mod_mime | mod_dav | mod_status | mod_autoindex | mod_info | mod_dav_fs | mod_vhost_alias | mod_negotiation | mod_dir | mod_actions | mod_speling | mod_userdir | mod_alias | mod_rewrite | mod_proxy | mod_proxy_balancer | mod_proxy_ftp | mod_proxy_http | mod_proxy_connect | mod_cache | mod_suexec | mod_disk_cache | mod_file_cache | mod_mem_cache | mod_cgi | mod_version | mod_perl | mod_php5 | mod_proxy_ajp | mod_python | mod_ssl | Apache/2.2.3 (CentOS) |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (777) | components/ (777) | modules/ (777) | plugins/ (777) | language/ (777) | templates/ (777) | cache/ (777) | logs/ (777) | tmp/ (777) | administrator/components/ (777) | administrator/modules/ (777) | administrator/language/ (777) | administrator/templates/ (777) |

Elevated Permissions (First 10) :: css/ (777) | img/ (777) | img/common/ (777) | img/glyph/ (777) | img/icons/ (777) | img/icons/tabs/ (777) | test/ (777) | test/apacheasp/ (777) | test/cgi/ (777) | test/coldfusion/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: comprofiler (1.3.1) | CB Mamblog Tab (1.2) | CB Mambo Author Tab (1.2) | Yanc Integration (1.2) | JBolo! (1.1) | CB ProfileBook (1.2) | Ads Factory Plugin - My Ads (1.0) | TwoCheckout (1.2) | CBSubs CB Field (1.2.3) | CBSubs Email (1.2.3) | CBSubs GoogleAnalytics (1.2.3) | CBSubs Content (1.2.3) | CBSubs AcyMailing (1.2.3) | CB Paid Subscriptions (1.3) | CBSubs Fields Tabs Protect (1.2.3) | CBSubs Folder Access (1.2.3) | Ads Factory Plugin - Google Ma (1.0) | DT Delete Me 1.2 (1.2) | Rating Field (1.2) | CB Mutual Friends (1.1) | CB Profile Pro (1.0) | CB Profile Gallery (1.2) | CB My Videos (1.2.1) | CB Captcha (1.3) | luxgmap (1.0) | luxmenu (1.0) | luxserate (1.0) | AcyMailing CB Plugin (1.0) | luxmenu (1.0) | luxcoupons (1.0) | maiale (1.0) | MailTo (1.5.0) | Ads Factory Plugin - Google Ma (1.0) | Ads Factory Plugin - My Ads (1.0) | ADS Category Module-2 (1.5.0) | Ads category Module (1.0.0) | Ads Tag Cloud (1.0.0) | Ads Search Module (1.0.0) | Ads Factory Category Tree Modu (1.5.0) | Ads Manager Module (1.5.0) | Search - Adsman (1.5) | Ads Factory Plugin (1.0.0) | User (1.5.0) | Wrapper (1.5.0) |
Components :: ADMIN :: JBolo! (2.9.3) | RSEvents! (1.2.0) | Banners (1.5.0) | Cache Manager (1.5.0) | comprofiler (1.7) | comprofiler (1.7) | Configuration Manager (1.5.0) | Contact Items (1.0.0) | Content Page (1.5.0) | Control Panel (1.5.0) | EventList (1.0.1) | Frontpage (1.5.0) | Installation Manager (1.5.0) | sh404sef - System plugin (2.2.2.941) | J16 Language backport - system (1.0.0.941) | sh404sef - System mobile templ (1.0.0.941) | sh404sef - Similar urls plugin (2.2.2.941) | sh404sef - Offline code plugin (2.2.2.941) | sh404sef - Analytics plugin (2.2.2.941) | sh404sef control panel icon (2.2.2.941) | sh404sef (2.2.2.941) | JCE (1.5.7) | ninjaXplorer (1.0.6) | MetaTemplate (1.12 Pro) | JoomGallery (1.5.0.3) | Miss (4.01) | Language Manager (1.5.0) | Mass Mail (1.5.0) | Media Manager (1.5.0) | Menus Manager (1.5.0) | Messaging (1.5.0) | Module Manager (1.5.0) | Newsfeeds (1.5.0) | Plugin Manager (1.5.0) | Polls (1.5.0) | Akeeba (3.2.7) | Search (1.5.0) | SOBI2 (RC 2.9.2.3) | Template Manager (1.5.0) | Trash (1.0.0) | User Manager (1.5.0) | Weblinks (1.5.0) | Joom!Fish (2.0.4) | eventieconcerti (1.01) | AdsMan (1.8.6) | uddeim (2.4) | richiedicartolina (1.01) | cbcoresearch (1.1) | CB Profile Pro (2.1.3) | luxmenu (1.01) | RSForm (1.3.0 R33) | luxserate (1.01) | AWD JomAlbum (2.2) | AWD WALL (2.2) | AcyMailing Module (3.0.0) | AcyMailing : trigger Joomla Co (3.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Website links (3.0.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : Statistics Plugin (3.0.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : CB User infor (3.0.0) | AcyMailing Tag : content inser (3.0.0) | AcyMailing Tag : Subscriber in (3.0.0) | AcyMailing Tag : Manage the Su (3.0.0) | AcyMailing Tag : Date / Time (3.0.0) | AcyMailing Tag : Joomla User I (3.0.0) | AcyMailing Template Class Repl (3.0.0) | AcyMailing : (auto)Subscribe d (3.0.0) | AcyMailing (3.0.0) | luxcoupons (1.01) | removeme (1.5) | inaugurazioni (1.01) | reservationform (1.01) | luxsearchusers (1.01) | luxrawnewsletter (1.01) |

Modules :: SITE :: Archived Content (1.5.0) | JBolo! (2.9.3) | Banner (1.5.0) | Breadcrumbs (1.5.0) | MetaMod (2.7) | CB Login (1.7) | CB userlist (2.8) | CB Workflows (1.7) | CB Online (1.7) | Custom HTML (1.5.0) | Latest Events (1.0.1) | Latest Events Wide (1.0.2) | Feed Display (1.5.0) | Footer (1.5.0) | Ads Manager Module (1.5.0) | JE Rollover tooltip menu (1.1) | JoomImages (1.5.2) | Jumi (2.0.6) | Latest News (1.5.0) | Login (1.5.0) | Menu (1.5.0) | Most Read Content (1.5.0) | Newsflash (1.5.0) | Poll (1.5.0) | Random Image (1.5.0) | Related Items (1.0.0) | RSEvents Calendar (1.3) | Search Events (1.1) | Upcoming Events (1.4) | Search (1.0.0) | Sections (1.5.0) | Statistics (1.5.0) | Syndicate (1.5.0) | Who\'s Online (1.0.0) | Wrapper (1.0.0) | JoomFish-Language Selection (2.0.4) | HOT Image Slider (1.0.2) | S5 Tell a Friend (1.0) | Show Users Events (1.0.0) | Show Users Videos (1.0.0) | Eventi e Concerti (1.0.0) | Show Registered Users Reports (1.0.0) | ADS Category Module-2 (1.5.0) | Ads Factory Category Tree Modu (1.5.0) | Ads Tag Cloud (1.0.0) | Ads Search Module (1.0.0) | Ads category Module (1.0.0) | AJAX Search Users (1.8) | CB Subscriptions (1.1.2) | FlexBanner (1.5.45) | ImageSlideShow (1.0) | Custom HTML for JBolo (2.9.3) | CB Core Search Module (1.1) | Visualizza Annunci (1.0.0) | Social Media Buttons (1.5.5) | Coupon (1.0.0) | CB people You may know (1.2.5) | CB Friends List (1.0) | Nice Social Bookmark (1.4) | [youtube] playlist player (1.5) | CB suggest (1.6.2) | AwdWall Events (1.5.0) | GTranslate (1.5.x.26) | AcyMailing Module (3.0.0) | Show Users Lists (1.0.0) | Sliding Coupons (1.0.0) | Coupons per Provincia (1.0.0) | Show Coupons Report (1.0.0) | Show Bacheca (1.0.0) | Events by Category (1.0.0) | Users by Category (1.0.0) | luxsearchusers (1.0.0) | CB LoginMiss (1.8) |
Modules :: ADMIN :: Custom HTML (1.5.0) | Feed Display (1.5.0) | Footer (1.0.0) | Latest News (1.0.0) | Logged in Users (1.0.0) | Login Form (1.0.0) | Admin Menu (1.0.0) | Online Users (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Items Stats (1.0.0) | User Status (1.5.0) | Admin Submenu (1.0.0) | Title (1.0.0) | Toolbar (1.0.0) | Unread Items (1.0.0) | Direct Translation (2.0.4) | Community Builder Admin menu (1.0) | sh404sef control panel icon (2.2.2.941) | Akeeba Backup Notification Mod (3.2.7) |

Plugins :: SITE :: Authentication - Example (1.5) | Authentication - GMail (1.5) | Authentication - Joomla (1.5) | Authentication - LDAP (1.5) | Authentication - OpenID (1.5) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Code Highlighter (Ge (1.5) | Content - Load Modules (1.5) | Content - Pagebreak (1.5) | Content - Page Navigation (1.5) | RD Add PHP (5.0) | Content - Vote (1.5) | Joomfish Alternative Language (2.0.4) | includePHP (1.1) | Content - JPlayer (1.5.2) | Editor - JCE 1.5.6 (1.5.6) | Editor - TinyMCE 3 (3.2.6) | Editor - XStandard Lite for Jo (1.0) | Advanced Code Editor (1.5.6) | Advanced Link (1.5.1) | Joomla! Links for Advanced Lin (1.2.1) | File Browser (1.5.0 Stable) | Paste (1.5.0) | Image Manager (1.5.2) | Object Support (1.5.1) | Paste (1.5.6) | SpellChecker (2.0.0) | Button - Image (1.0.0) | Button - Pagebreak (1.5) | Button - Readmore (1.5) | Editor Button - Magic Window f (1.0.4) | Search - Categories (1.5) | Search - Contacts (1.5) | Search - Content (1.5) | Search - Adsman (1.5) | Search - Newsfeeds (1.5) | Search - Sections (1.5) | Search - Weblinks (1.5) | Search - Joomfish Categories (2.0.4) | Search - Joomfish Contacts (2.0.4) | Search - Joomfish Content (2.0.4) | Search - Joomfish Newsfeeds (2.0.4) | Search - Joomfish Sections (2.0.4) | Search - Joomfish Weblinks (2.0.4) | System - Backlinks (1.5) | System - Cache (1.5) | System - Debug (1.5) | System - MetaTemplate (1.0) | System - Legacy (1.5) | System - Log (1.5) | Jbolo! - Assets Loader System (2.9.3) | System - Remember Me (1.5) | System - RegProvCom (1.0) | System - SEF (1.5) | System - Mootools Upgrade (1.5) | Joomfish - Abstraction Layer (2.0.4) | Joomfish - Basic Router (2.0.4) | cbpaidsubsbot (1.1.2) | cbpaidsubsbot (1.1.2) | Akeeba Backup Lazy Scheduling (3.2.7) | System - IE8 Compatibility (1.2) | J16 Language backport - system (1.0.0.941) | sh404sef - System mobile templ (1.0.0.941) | sh404sef - System plugin (2.2.2.941) | AcyMailing : (auto)Subscribe d (3.0.0) | User - Example (1.0) | User - Joomla! (1.5) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | Joomfish - Missing Translation (2.0.4) | Unknown (-) | Chat Status (2.9.3) | JW FLV (Version 5) Player ([ Granity ]) | AcyMailing : trigger Joomla Co (3.0.0) | AcyMailing Manage text (1.0.0) | AcyMailing Tag : Website links (3.0.0) | AcyMailing : share on social n (1.0.0) | AcyMailing : Statistics Plugin (3.0.0) | AcyMailing table of contents g (1.0.0) | AcyMailing Tag : CB User infor (3.0.0) | AcyMailing Tag : content inser (3.0.0) | AcyMailing Tag : Subscriber in (3.0.0) | AcyMailing Tag : Manage the Su (3.0.0) | AcyMailing Tag : Date / Time (3.0.0) | AcyMailing Tag : Joomla User I (3.0.0) | AcyMailing Template Class Repl (3.0.0) | sh404sef - Analytics plugin (2.2.2.941) | sh404sef - Offline code plugin (2.2.2.941) | sh404sef - Similar urls plugin (2.2.2.941) | MetaTemplate - Extended Rules (1.3) | MetaTemplate - VirtueMart Rule (1.1) |
Templates Discovered :: wrote:Templates :: SITE :: localiditalia - registrazione (1.0) | localiditalia - registrazione (1.0) | Miss_Template (1.5.0) | Gusto e Sapori (1.0.0) | localiditalia test (1.0) | localiditalia (1.0) |
Templates :: ADMIN :: Khepri (1.0) |

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Malware in the site

Post by mandville » Tue Nov 20, 2012 1:13 am

initial summary,
old out of date vulnerable version of jooml
open folder permissions 777 = bad
numerous out of date extensions

suggestion - follow checklist 7 safe route to recovery. see http://forum.joomla.org/viewtopic.php?f=621&t=582854 for more info
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

SimonHayter
Joomla! Guru
Joomla! Guru
Posts: 530
Joined: Tue Nov 29, 2011 2:43 pm
Location: Bournemouth
Contact:

Re: Malware in the site

Post by SimonHayter » Tue Nov 20, 2012 10:47 am

Plugins/Extensions are normally the cause of malware, use an absolutely min.


Locked

Return to “Security in Joomla! 2.5”