please help, mobile redirect to porn site!

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
Scotmk
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Oct 18, 2007 2:10 pm

please help, mobile redirect to porn site!

Post by Scotmk » Mon May 13, 2013 10:31 pm

Problem Description :: Forum Post Assistant (v1.2.3) : 13th May 2013 wrote:mobile device redirects to porn, desktop site ok.
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 13th May 2013 wrote:upgraded to lastest joomla 2.9.11, backuped site and restored to temp server and ok no problem, so stumped.
Forum Post Assistant (v1.2.3) : 13th May 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.11-Stable (Ember) 26-April-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (600) | Owner:
mirandawilford.com (uid: 1/gid: 1) | Group: mirandawilford.com (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-279.19.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.4.4 (Unix) | Encoding: gzip, deflate | Doc Root: /home/sites/mirandawilford.com/public_html/ | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.23 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.30-log (Client:mysqlnd 5.0.8-dev - 20102224 - $Id: 731e5b87ba42146a687c29995d2dfd8b4e40b325 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 1.04 MiB | #of Tables: 78
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.23) | date (5.3.23) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | session () | standard (5.3.23) | mysqlnd (mysqlnd 5.0.8-dev - 20102224 - $Id: 731e5b87ba42146a687c29995d2dfd8b4e40b325 $) | pcntl () | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | mysql (1.0) | shmop () | SimpleXML (0.1) | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | cgi-fcgi () | bcmath () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | imap () | intl (1.1.0) | json (1.2.1) | ldap () | mbstring () | mcrypt () | mssql () | OAuth (1.2.2) | odbc (1.0) | pdo_dblib (1.0.1) | PDO_ODBC (1.0.1) | pdo_pgsql (1.0.2) | pgsql () | posix () | soap () | SQLite (2.0-dev) | sysvmsg () | sysvsem () | sysvshm () | wddx () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: WF_TEXTCASE_TITLE (2.3.2.4) | WF_ARTICLE_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_CLEANUP_TITLE (2.3.2.4) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | Default (1.0.0) | com_wrapper (2.5.0) | com_mailto (2.5.0) |
Components :: ADMIN :: com_categories (2.5.0) | com_installer (2.5.0) | com_banners (2.5.0) | com_admin (2.5.0) | JCE (2.3.2.4) | Unknown (-) | com_media (2.5.0) | com_content (2.5.0) | com_languages (2.5.0) | com_weblinks (2.5.0) | Akeeba (3.7.7) | com_cpanel (2.5.0) | com_search (2.5.0) | com_joomlaupdate (2.5.0) | com_menus (2.5.0) | com_phocagallery (3.2.2) | com_redirect (2.5.0) | com_login (2.5.0) | com_config (2.5.0) | com_modules (2.5.0) | com_messages (2.5.0) | com_newsfeeds (2.5.0) | com_templates (2.5.0) | com_users (2.5.0) | com_plugins (2.5.0) | com_checkin (2.5.0) | com_finder (2.5.0) | com_cache (2.5.0) |

Modules :: SITE :: mod_banners (2.5.0) | mod_articles_latest (2.5.0) | mod_feed (2.5.0) | mod_custom (2.5.0) | mod_articles_popular (2.5.0) | mod_syndicate (2.5.0) | mod_login (2.5.0) | mod_footer (2.5.0) | mod_breadcrumbs (2.5.0) | mod_stats (2.5.0) | mod_finder (2.5.0) | mod_random_image (2.5.0) | mod_articles_category (2.5.0) | mod_users_latest (2.5.0) | mod_articles_news (2.5.0) | mod_menu (2.5.0) | mod_articles_categories (2.5.0) | mod_weblinks (2.5.0) | mod_search (2.5.0) | mod_whosonline (2.5.0) | mod_wrapper (2.5.0) | mod_articles_archive (2.5.0) | mod_related_items (2.5.0) | mod_languages (2.5.0) |
Modules :: ADMIN :: mod_feed (2.5.0) | mod_custom (2.5.0) | mod_quickicon (2.5.0) | mod_popular (2.5.0) | mod_multilangstatus (2.5.0) | mod_submenu (2.5.0) | mod_status (2.5.0) | mod_login (2.5.0) | mod_version (2.5.0) | mod_menu (2.5.0) | mod_latest (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_logged (2.5.0) |

Plugins :: SITE :: plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.3.2.4) | plg_authentication_ldap (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_gmail (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_search_weblinks (2.5.0) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_categories (2.5.0) | plg_search_content (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_content_joomla (2.5.0) | plg_content_geshi (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_vote (2.5.0) | plg_content_finder (2.5.0) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_jce (2.3.2.4) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_content (2.5.0) | plg_extension_joomla (2.5.0) | plg_system_cache (2.5.0) | plg_system_remember (2.5.0) | plg_system_p3p (2.5.0) | plg_system_debug (2.5.0) | plg_system_log (2.5.0) | plg_system_highlight (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_sef (2.5.0) | plg_system_redirect (2.5.0) | plg_system_languagecode (2.5.0) | plg_system_logout (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: beez5 (2.5.0) | atomic (2.5.0) | Miranda (1.0.1) | beez_20 (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Thanks

Scot
Top
User avatar
brad
Joomla! Master
Joomla! Master
Posts: 13272
Joined: Fri Aug 12, 2005 12:38 am
Location: Australia
Contact:
Contact brad

Re: please help, mobile redirect to porn site!

Post by brad » Mon May 13, 2013 11:26 pm

You must have some files that contain malicious content. You'll need to audit/scan your files (all of them) to find and help you remove this malicious content.
Top
Scotmk
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Oct 18, 2007 2:10 pm

Re: please help, mobile redirect to porn site!

Post by Scotmk » Mon May 13, 2013 11:30 pm

I removed content from .htaccess and reset to original, also the index.php file had encoded redirects in, which I have removed. Pain in the butt....
Top
User avatar
brad
Joomla! Master
Joomla! Master
Posts: 13272
Joined: Fri Aug 12, 2005 12:38 am
Location: Australia
Contact:
Contact brad

Re: please help, mobile redirect to porn site!

Post by brad » Mon May 13, 2013 11:34 pm

There will be other malicious files or files with malicious content most likely. Be sure to audit all your files to locate and remove this. Otherwise.. it's like closing your frontdoor, but leaving the key in the lock... on the outside.
Top
Scotmk
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Thu Oct 18, 2007 2:10 pm

Re: please help, mobile redirect to porn site!

Post by Scotmk » Tue May 14, 2013 1:06 am

ok fixed it, It appeared that all my PHP files on my custom template had got infected by a coded base 64 php code at the top of all files. Now it is all working again properly. :o)
Top
simonkuntam
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Mar 22, 2016 5:57 am

Re: please help, mobile redirect to porn site!

Post by simonkuntam » Tue Mar 22, 2016 6:05 am

brad wrote:There will be other malicious files or files with malicious content most likely. Be sure to audit all your files to locate and remove this. Otherwise.. it's like closing your frontdoor, but leaving the key in the lock... on the outside.
Hello Brad
I am an absolute newbie to Joomla (but just a bit tech savvy) when you say "audit all your files to locate malicious content" would you please explain how I should do this?
I have the exact same problem on my mobile site - it is redirecting to a porn site
and the unfortunate thing is that this is a website for my church !!!

thanks for all your help

Regards
Simon
Top
User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24985
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:
Contact pe7er

Re: please help, mobile redirect to porn site!

Post by pe7er » Tue Mar 22, 2016 8:43 am

Create a backup of the hacked website & restore it on a local system (eg using XAMPP)
Install a clean copy of the same Joomla version next to it + all 3rd party extensions that you use.
Compare the files using a diff tool like "Meld", check all new + changed files for hacker scripts.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com
Top
Locked

Return to “Security in Joomla! 2.5”