Page 1 of 2
My website is being blocked because of JS:Clickjack-A [Trj]
Posted: Fri Aug 02, 2013 10:42 pm
by tuka78
I
My website was updated from joomla 2.5.13 to 2.5.14 and know is detected as malicious with trojan JS:Clickjack-A [Trj].
I've looked everywhere and I can't find a solution for this problem.
Any help to solve this problem is welcome.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Fri Aug 02, 2013 11:25 pm
by sitesrus
Who's detecting your website as malicious?
Recommendations:
1)Change all your account passwords (cpanel, ftp, etc.).
2)Register and use cloudflare, all you have to do is change your name servers (free)
3)Upload fresh clean files of your joomla version over FTP and overwrite old ones (binary transfer mode)
4)Re-install all 3rd party extensions with fresh clean downloads
5)Check the JED for extensions on protecting admin backend
6)Check your server for php functions disabled and if suhosin, mod_security, things like that
7)Add captchas on your site and sign up for an account (contact form, login, registration,etc)
8)Don't use pirated commercial extensions just because they're free
This will help combat possible issues and protect you against future ones.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sat Aug 03, 2013 12:36 am
by mandville
the last paragraph is relevant to you .
[ ] Download and RUN the
Forum Post Assistant / FPA Instructions
available here and are also included in the download package. Post the generated results in your security/been hacked topic. Use these links to download the FPA:
Download .tar.gz version or
Download the .zip version NOTE: Do not download the FPA from any other website or links found on the Internet.
[ ] Ensure you have the
latest version of Joomla for your version of Joomla.
Delete all files in your Joomla installation, saving a copy of the configuration.php file.
[ ] Review
Vulnerable Extensions List to make sure any 3rd party extensions versions used appear on the vulnerable list.
[ ] Review and action
Security Checklist 7 Make sure you've gone through all of the steps.
[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. Checklist 7 contains a list or recommended scanners.
[ ] Change all passwords and if possible user names for the website host control panel. Change the Joomla database user name and password.
[ ] Use proper permissions on files and directories. They should
never be 777, ideal is 644 for files and 755 for directories. The configuration file can be set to 444 which is read only.
[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).
[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.
[ ] Ensure you do not have anonymous ftp enabled.
[ ] Verify individually that any non-Joomla file such as but not limited to that will be placed back on the website such as images, pdf files, files for download, and other documents and files are valid and are supposed to be part of your website.
[ ] Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory) you downloaded earlier. Install freshly downloaded copies of any extensions and templates used on the site. If the Joomla database user name and password were changed earlier, then make the necessary changes to the configuration.php file and upload a copy to the website. Upload any non-Joomla files that are necessary for your website.
Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in various files and directories More detailed information can be found in the
Security Checklist 7 document.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sat Aug 03, 2013 1:46 am
by tuka78
Thanks for the answers.
My website wasn't hacked.
It works properly but, for example, avast antivirus detects it like a trojan like I said before.
In other machines with other antivirus works fine.
I simply don't understand why Avast detects it like a trojan.
I didn't install nothing. I simply update joomla.
Still don't get it
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sat Aug 03, 2013 7:02 pm
by wdws
I am experiencing the same error on one of my Joomla websites. I have no idea how to correct this as well. I am running Avast. Keep me posted of anything that you find out.
Thanks!
Scott
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sat Aug 03, 2013 7:08 pm
by sitesrus
You have to evaluate files being reported as malicious or problematic, if it's joomla compare it to a seperate joomla download (matching your version) and see if it's altered. If it's third party re-download and install the extension.
If it's a random file un-related to anything...you may have an issue and it shouldn't be there?
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sat Aug 03, 2013 11:40 pm
by zorro07
Hi,
I have exactly the same problem but My Joomla version is 1.5.
The site has been recently recognized as dangerous by Avast only: JS:Clickjack-A.
Tanks you !
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 12:56 am
by mandville
contact the developer of your antivirus for assistance if you do not believe you are hacked or using malicious extensions
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 1:27 am
by wdws
Zorro...what extensions are you using on your site? Maybe we can compare and see if it is a third party extension that we both are using that is vulnerable.
Have you changed any passwords to your site as of yet?
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 3:43 am
by Hairs
My Avast too has detected JS:Clickjack-A [Trj]
http://www.hairf ysh.com/{gzip}
I have installed Forum Post Assistant If someone would like to help me out with this please.
As mention by other posters, All I did was upgrade to Joomla! 2.5.14.
I have upgraded other sites that i manage without a problem.
Cheers
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 8:38 am
by mandville
Please POST the results from your FPA as stated.
try accessing your sites from computers running different AV and see if you get a hit again and what file its reporting on
contact the developer of your antivirus for assistance if you do not believe you are hacked or using malicious extensions
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 9:11 am
by Hairs
Hi mandville,
I have changed Virus scanner and I don't get this pop up anymore.
"URL:
http://www.hairfy sh.com/|{gzip}
Process: C:\Program Files\Mozilla Firefox\firefox...
Infection: JS:Clickjack-A [Trj]"
I have also used a number of online Website Checkers and none have reported a problem.
A forum that I use(Myswag.org) has blocked all linked pictures to my site.
Anyway,
Here is my FPA
Thank you for your time.
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.3) : 4th August 2013 wrote:[04-Aug-2013 16:48:53 Australia/Perth] PHP Warning: Module \'zip\' already loaded in Unknown on line 0
Forum Post Assistant (v1.2.3) : 4th August 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.14-Stable (Ember) 01-August-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: hairfysh (uid: 1/gid: 1) | Group: hairfysh (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 1 | Cache: 2 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 1 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.32-458.6.2.lve1.2.28.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_bwlimited/1.4 mod_perl/2.0.5 Perl/v5.10.1 | Encoding: gzip, deflate | Doc Root: /home/hairfysh/public_html | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.24 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: error_log | Last Known Error: 04th August 2013 16:52:00. | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 32M
MySQL Configuration :: Version: 5.5.24-cll (Client:5.5.24) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 28.34 MiB | #of Tables: 172
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.24) | date (5.3.24) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.24) | Phar (2.0.1) | posix () | pspell () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | imap () | SimpleXML (0.1) | soap () | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | suhosin (0.9.33) | PDO (1.0.4dev) | pdo_sqlite (1.0.1) | SQLite (2.0-dev) | timezonedb () | pdo_mysql (1.0.2) | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions ::
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: WF_AGGREGATOR_VIMEO_TITLE (2.3.3.2) | WF_AGGREGATOR_[youtube]_TITLE (2.3.3.2) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.3.2) | WF_AGGREGATOR_VINE_TITLE (2.3.3.2) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.3.2) | WF_LINKS_JOOMLALINKS_TITLE (2.3.3.2) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.3.2) | WF_POPUPS_WINDOW_TITLE (2.3.3.2) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.3.2) | WF_LINK_SEARCH_TITLE (2.3.3.2) | WF_ARTICLE_TITLE (2.3.3.2) | WF_AUTOSAVE_TITLE (2.3.3.2) | WF_BROWSER_TITLE (2.3.3.2) | WF_CLEANUP_TITLE (2.3.3.2) | WF_CONTEXTMENU_TITLE (2.3.3.2) | WF_DIRECTIONALITY_TITLE (2.3.3.2) | WF_FULLSCREEN_TITLE (2.3.3.2) | WF_IMGMANAGER_TITLE (2.3.3.2) | WF_INLINEPOPUPS_TITLE (2.3.3.2) | WF_LAYER_TITLE (2.3.3.2) | WF_LINK_TITLE (2.3.3.2) | WF_LISTS_TITLE (2.3.3.2) | WF_MEDIA_TITLE (2.3.3.2) | WF_NONBREAKING_TITLE (2.3.3.2) | WF_PREVIEW_TITLE (2.3.3.2) | WF_PRINT_TITLE (2.3.3.2) | WF_SEARCHREPLACE_TITLE (2.3.3.2) | WF_SOURCE_TITLE (2.3.3.2) | WF_SPELLCHECKER_TITLE (2.3.3.2) | WF_STYLE_TITLE (2.3.3.2) | WF_TABLE_TITLE (2.3.3.2) | WF_TEXTCASE_TITLE (2.3.3.2) | WF_VISUALCHARS_TITLE (2.3.3.2) | WF_XHTMLXTRAS_TITLE (2.3.3.2) | WF_ANCHOR_TITLE (2.3.3.2) | WF_VISUALBLOCKS_TITLE (2.3.3.2) | WF_KITCHENSINK_TITLE (2.3.3.2) | WF_CLIPBOARD_TITLE (2.3.3.2) | WF_CHARMAP_TITLE (2.3.3.2) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_admin (2.5.0) | com_banners (2.5.0) | com_cache (2.5.0) | com_categories (2.5.0) | com_checkin (2.5.0) | com_config (2.5.0) | com_content (2.5.0) | com_cpanel (2.5.0) | com_installer (2.5.0) | JCE (2.3.3.2) | Unknown (-) | com_joaktree (1.4.3) | com_languages (2.5.0) | com_login (2.5.0) | com_media (2.5.0) | com_menus (2.5.0) | com_messages (2.5.0) | com_modules (2.5.0) | com_newsfeeds (2.5.0) | com_plugins (2.5.0) | com_redirect (2.5.0) | com_search (2.5.0) | com_templates (2.5.0) | com_users (2.5.0) | com_weblinks (2.5.0) | Akeeba (3.7.5) | Gantry (4.1.9) | com_finder (2.5.0) | COM_GANALYTICS (1.1.0) | com_joomlaupdate (2.5.0) | Quick Logout (1.7.1) | FlexBanners (2.0.0) | com_phocaguestbook (2.0.7) | JCrawler (1.11) | Fox Contact Joomla 1.5 (-) | COM_FOXCONTACT (2.0.17) | jNews CB Plugin (1.1) | jNews Forward to Friend (2.1) | jNews Content Bot (2.6) | jNews K2 Bot (2.1) | jNews Share Bot (2.1) | jNews User Synchronization (2.1) | jNews Module (2.1) | jNews Tag: Date and Time (2.1) | jNews Tag: Site Links (2.1) | jNews Tag: Subscriber (2.1) | jNews Tag: Subscriptions (2.1) | VirtueMart Products (2.1) | jNews-Virtuemart Newsletter Su (2.6) | jNews (8.1.1) | aclsfgpl (5.4) | Admintools (2.5.5) |
Modules :: SITE :: JGMap - Google Map (0.15.5) | mod_articles_archive (2.5.0) | mod_articles_categories (2.5.0) | mod_articles_category (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_news (2.5.0) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | mod_breadcrumbs (2.5.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_footer (2.5.0) | Joaktree Related Items (1.3) | mod_languages (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_random_image (2.5.0) | mod_related_items (2.5.0) | mod_search (2.5.0) | sigplus (1.4.1.2) | mod_stats (2.5.0) | mod_syndicate (2.5.0) | mod_users_latest (2.5.0) | mod_weblinks (2.5.0) | mod_whosonline (2.5.0) | mod_wrapper (2.5.0) | ARI Ext Menu (2.0.14) | Autson Slideshow (1.2) | SP Accordion module (2.5.0) | IceCarousel Module (1.7.2) | Article Intro (1.0.0) | mod_finder (2.5.0) | MOD_GANALYTICS_STATS (1.1.0) | MOD_GANALYTICS_STATS_COUNT (1.1.0) | Drop Down Articles (1.6.1) | FlexBanners (2.0.0) | HD-Background Selector (1.1) | Latest articles with thumbnail (1.5.0) | JBGMusic (4.0) | Fox Contact (2.0.17) | IceNewsBlock Module (1.7.0) | Simple File Lister v1.0 (1.0) | ARTICLES_PLACED_ANYWHERE (1.0.1) | JJ Shoutbox (1.2.3) | Newsletter Subscriber (1.2) | HD-ArticleModule (1.1) | jNews Module (2.1) | siteLogo (1.6) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_feed (2.5.0) | mod_latest (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_online (1.6.0) | mod_popular (2.5.0) | mod_quickicon (2.5.0) | mod_status (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_unread (1.6.0) | mod_multilangstatus (2.5.0) | mod_version (2.5.0) | MOD_BETTERPREVIEW (2.1.3FREE) | MOD_CACHECLEANER (2.2.0FREE) | Admin Tools Joomla! Upgrade No (revA16BC0E) |
Plugins :: SITE :: plg_authentification_example (1.6.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_example (1.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | Content - JPlayer (1.6.1) | plg_content_loadmodule (2.5.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | Content - BonckoLen Image Gall (2.1.2) | Content - Image gallery - sigp (1.4.1.2) | plg_content_vote (2.5.0) | Include Content Item (1.7.11) | plg_content_finder (2.5.0) | googleAds (1.73) | Admiror Frames (2.0) | Content - Newsletter Subscribe (1.2) | [youtube] Plugin (1.1) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_editors_jce (2.3.3.2) | Editor - JoomlaCK (6.1) | System - JCK Typography (3.4.
| Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | JTreeLink (1.0) | Unknown (0.1) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | PLG_EDITORS-XTD_MODULESANYWHER (1.13.3) | PLG_EDITORS-XTD_SLIDER (2.1.5FREE) | PLG_EDITORS-XTD_ARTICLESANYWHE (3.1.6FREE) | plg_extension_example (1.0) | plg_extension_joomla (2.5.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_joaktree (1.3.1) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | plg_system_cache (2.5.0) | plg_system_debug (2.5.0) | System - EasyCalcCheck PLUS - (1.6-2) | plg_system_languagefilter (2.5.0) | plg_system_log (2.5.0) | plg_system_logout (2.5.0) | plg_system_p3p (2.5.0) | Google Maps (2.13a) | plg_system_redirect (2.5.0) | plg_system_remember (2.5.0) | plg_system_sef (2.5.0) | System - JCE MediaBox (1.1.9) | System - Gantry (4.1.9) | plg_system_highlight (2.5.0) | plg_system_languagecode (2.5.0) | System - GAnalytics Tracking (1.1.0) | plg_sys_topofthepage (1.12) | PLG_SYSTEM_MODULESANYWHERE (1.13.3) | PLG_SYSTEM_NNFRAMEWORK (13.5.5) | PLG_SYSTEM_BETTERPREVIEW (2.1.3FREE) | PLG_SYS_ADMINEXILE (1.12) | PLG_SYSTEM_SLIDER (2.1.5FREE) | PLG_SYSTEM_CACHECLEANER (2.2.0FREE) | jNews Cron Plugin (2.0) | System - JCK Typography (3.4. | System - Admin Tools (2.5.5) | PLG_SYSTEM_ARTICLESANYWHERE (3.1.6FREE) | plg_system_jch_optimize (2.1.1) | plg_user_contactcreator (2.5.0) | plg_user_example (1.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | jNews User Synchronization (2.1) | plg_captcha_recaptcha (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.3.3.2) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | jNews Forward to Friend (2.1) | jNews Content Bot (2.6) | jNews Share Bot (2.1) | jNews Tag: Date and Time (2.1) | jNews Tag: Site Links (2.1) | jNews Tag: Subscriber (2.1) | jNews Tag: Subscriptions (2.1) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez_20 (2.5.0) | desert-orange (1.6.0) | green-day (1.6.0) | Temp (1.0) | Temp (1.0) | beez5 (2.5.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 10:58 am
by zorro07
Thank you for your answers guys.
I finally found that it was the "twitter module" that caused this problem.
Cheers
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 12:23 pm
by mandville
if you wish to name that extension or check it out on the JEd or send it via vel.joomla.org
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 12:55 pm
by brian
@Hairs Autson Slideshow (1.2)
This is your problem - it is very very nasty
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 4:21 pm
by erixis
Having the same JS:ClickJack problem on a Joomla 2.5 site I just upgraded to 2.5.14 as well. Here's the forum post assistant info. Hope someone can ID a problem here:
Problem Description :: Forum Post Assistant (v1.2.3) : 4th August 2013 wrote:getting clickjack alert from Avast after upgrade to 2.5.14
Forum Post Assistant (v1.2.3) : 4th August 2013 wrote:Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.14-Stable (Ember) 01-August-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: olm (uid: 1/gid: 1) | Group: olm (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes
Host Configuration :: OS: Linux | OS Version: 2.6.18-308.8.2.el5.028stab101.1 | Technology: i686 | Web Server: Apache | Encoding: gzip,deflate,sdch | Doc Root: /home/olm/www/jom/mbugboil/ | System TMP Writable: Yes
PHP Configuration :: Version: 5.3.13 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: 0 | Magic Quotes: 1 | Safe Mode: 0 | Open Base: | Uploads: 1 | Max. Upload Size: 200M | Max. POST Size: 200M | Max. Input Time: 600s | Max. Execution Time: 600 | Memory Limit: 250M
MySQL Configuration :: Version: 5.0.45-community (Client:5.0.45) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 25.66 MiB | #of Tables: 166
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.13) | date (5.3.13) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | standard (5.3.13) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: 522fef1e5100f848a5e2059d98b3a880a3143e9a $) | imap () | SimpleXML (0.1) | soap () | sockets () | SQLite (2.0-dev) | exif (1.4 $Id$) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | cgi-fcgi () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |
Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |
Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: WF_CLEANUP_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_ARTICLE_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_TEXTCASE_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | com_wrapper (2.5.0) | com_mailto (2.5.0) |
Components :: ADMIN :: JCE (2.3.2.4) | Unknown (-) | Caddy (1.75-J1.7) | com_menus (2.5.0) | Mobile Joomla! (1.2.5.1) | com_languages (2.5.0) | com_search (2.5.0) | com_plugins (2.5.0) | com_newsfeeds (2.5.0) | Akeeba (3.7.10) | com_cache (2.5.0) | AcePolls (1.0.7) | com_content (2.5.0) | com_login (2.5.0) | COM_UAM (0.16a) | Admintools (2.5.6) | com_installer (2.5.0) | com_redirect (2.5.0) | com_media (2.5.0) | com_categories (2.5.0) | com_modules (2.5.0) | com_messages (2.5.0) | com_banners (2.5.0) | com_weblinks (2.5.0) | com_joomlaupdate (2.5.0) | com_admin (2.5.0) | com_config (2.5.0) | aPoll (3.0.0) | eXtplorer (2.1.0RC5) | com_templates (2.5.0) | com_cpanel (2.5.0) | com_checkin (2.5.0) | com_finder (2.5.0) | com_users (2.5.0) | CKEditor (1.6-rc1) |
Modules :: SITE :: Copyright Current Year (1.0.1) | mod_weblinks (2.5.0) | mod_related_items (2.5.0) | mod_articles_categories (2.5.0) | Mobile Menu (1.2.5.1) | mod_articles_popular (2.5.0) | mod_syndicate (2.5.0) | mod_stats (2.5.0) | mod_articles_latest (2.5.0) | Header (1.2.5.1) | mod_janalytics (3.0.0) | ITPFacebookLikeBox (1.0) | AcePolls (1.0.0) | mod_users_latest (2.5.0) | mod_footer (2.5.0) | mod_custom (2.5.0) | Abivia Auto-Copyright (1.0.0) | mod_wrapper (2.5.0) | mod_feed (2.5.0) | mod_login (2.5.0) | mod_search (2.5.0) | Facebook FanBox (1.1.0) | mod_articles_news (2.5.0) | mod_articles_archive (2.5.0) | mod_breadcrumbs (2.5.0) | mod_banners (2.5.0) | simplecaddy (1.75 for J1.7) | Pro Super Slider (1.0.6) | mod_articles_category (2.5.0) | mod_random_image (2.5.0) | [spam] for Joomla! (1.0.0) | mod_whosonline (2.5.0) | aPoll Module (3.0.0) | mod_finder (2.5.0) | mod_menu (2.5.0) | Select Markup (1.2.5.1) | mod_languages (2.5.0) |
Modules :: ADMIN :: mod_multilangstatus (2.5.0) | mod_popular (2.5.0) | mod_toolbar (2.5.0) | mod_online (1.6.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_login (2.5.0) | mod_version (2.5.0) | mod_unread (1.6.0) | mod_status (2.5.0) | mod_logged (2.5.0) | mod_quickicon (2.5.0) | MOD_AKADMIN_TITLE (3.7.10) | Admin Tools Joomla! Upgrade No (2.2.a3) | Admin Tools Joomla! Upgrade No (2.5.6) | mod_latest (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_menu (2.5.0) |
Plugins :: SITE :: plg_quickicon_akeebabackup (1.0) | plg_quickicon_joomlaupdate (2.5.0) | Quickicon - Mobile Joomla! CPa (1.2.5.1) | plg_quickicon_atoolsjupdateche (1.0) | plg_quickicon_jcefilebrowser (2.3.2.4) | plg_quickicon_extensionupdate (2.5.0) | plg_finder_content (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_categories (2.5.0) | AcePolls - Mighty Touch (1.0.0) | AcePolls - JomSocial (1.0.0) | AcePolls - AlphaUserPoints (1.0.0) | System - Remove Joomla Generat (1.6.1) | plg_system_sef (2.5.0) | System - Admin Tools Update Em (1.0) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | System - AG Search Verify (1.0.1) | System - JCE MediaBox (1.1.9) | plg_system_highlight (2.5.0) | plg_system_redirect (2.5.0) | System - Joomla! Update Email (1.0) | System - Facebook SDK (1.0) | Mobile Joomla! (1.2.5.1) | System - GD SEO Verify (1.0.4) | plg_system_debug (2.5.0) | plg_system_logout (2.5.0) | plg_system_remember (2.5.0) | plg_system_p3p (2.5.0) | plg_system_languagefilter (2.5.0) | PLG_SYSTEM_AKLAZY_TITLE (3.7.GOODBYE) | System - Admin Tools (2.5.6) | PLG_SRP_TITLE (3.7.10) | plg_system_languagecode (2.5.0) | plg_system_log (2.5.0) | System - One Click Action (2.1) | plg_system_cache (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_content_finder (2.5.0) | Content - Load AcePolls (1.0.0) | plg_content_emailcloak (2.5.0) | plg_content_geshi (2.5.0) | plg_content_vote (2.5.0) | Content - ITPShare (1.1) | plg_content_pagenavigation (2.5.0) | plg_content_loadmodule (2.5.0) | simplecaddy (1.7.5-J1.7) | plg_content_joomla (2.5.0) | plg_content_pagebreak (2.5.0) | plg_editors_tinymce (3.5.4.1) | Editor - JoomlaCK (3.4.1) | plg_editors_codemirror (1.0) | plg_editors_jce (2.3.2.4) | Joomla! Links for Advanced Lin (1.2.1) | Editor - CKEditor (3.5) | plg_user_contactcreator (2.5.0) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | Mobile - ScientiaMobile (1.2-2013.04.1) | Mobile - Domains (1.2.5.1) | Mobile Joomla! Ad Remover (1.0 RC) | Mobile - Simple (1.2.5.1) | Mobile - Forever (1.2.5.1) | Mobile - AMDD (1.2.5.1) | plg_extension_joomla (2.5.0) | Search - AcePolls (1.0.0) | plg_search_content (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_contacts (2.5.0) | plg_search_categories (2.5.0) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) |
Templates Discovered :: wrote:Templates :: SITE :: atomic (2.5.0) | beez5 (2.5.0) | mobile_iphone (1.2.5.1) | jubilee (1.0) | mobile_imode (1.2.5.1) | mobile_smartphone (1.2.5.1) | jubilee2 (2.0) | mobile_wap (1.2.5.1) | beez_20 (2.5.0) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 4:51 pm
by erixis
Further investigation shows that my problem is the "[spam] for Joomla" module. Not sure if this is related to the 2.5.14 upgrade or something that Avast is picking up as a false alarm. Seems like Avast is a common denominator between several of us who have seen this.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 5:03 pm
by erixis
Looks like the BBcode is blocking the name of the module I think is causing my problem. It appears to be an outdated module. The developer's site is not online any longer. It was a social sharing module called share this for joomla! It was from a developer whose site used to be here:
http://www.iNowWeb.com but appears to be off line now. I think in my case, this is an Avast antivirus false alarm. I've had that extension on there for several years.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 5:11 pm
by brian
Yes thats a VERY VERY nasty module that included a remote file with spam links etc on your site
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 5:36 pm
by erixis
Thank you Brian! I've removed it from the site. I appreciate your help here in the forums!
Eric
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 5:40 pm
by brian
Glad to help and I just wish the bad behaviour of autson had been spotted much earlier
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 6:09 pm
by Hairs
brian wrote:@Hairs Autson Slideshow (1.2)
This is your problem - it is very very nasty
G'day Brian,
I have removed this from my site.
I appreciate your time in pointing this out to me.
I will chase up another module to display a slideshow.
Thank you again for your input.
Cheers.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Sun Aug 04, 2013 6:32 pm
by brian
Glad to have helped in some small way
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Mon Aug 05, 2013 6:09 am
by perceptiveforce
I had a false flag by avast for a module for joomla called Share this for Joomla! It was created by Sharif Mamdouh. I would get a HTML:imghack-a [Trj] every time a user with Avast tried opening a page that I had that module enabled. I disabled that module and then every page opened up just fine. Then I removed the module. The website that I removed the module is
www.exposedfiles.com which is coming up clean as it should be.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Mon Aug 05, 2013 6:41 am
by mandville
perceptiveforce wrote: for a module for joomla called Share this for Joomla! It was created by Sharif Mamdouh.
another from the same malicious stable
iNowWeb.com (author: Sharif Mamdouh):
- AddThis For Joomla!
- Share This for Joomla!
- iNowSlider (mod_iNowSlider)
- iNow Twitter Widget (mod_TwitterWidget)
- BrainyQuote for Joomla! (mod_JoomlaBrainyQuote)
- Quotes By keyWord! (mod_JoomlaQuotes)
- iNow Wikio (mod_JoomlaWikio)
- iNow Twitter (mod_TwitterForJoomla)
- QuickJump for Joomla! (mod_quickjump)
Autson.com (author: xing):
- VirtueMart Advanced Search
- Skitter Slideshow
- FaceBook Slider
- Twitter Friends & Followers
- Flying Tweets
- Autson Twitter Search
- Twitter Quote
- FaceBook Show
Plimun.com:
- Plimun Twitter Ticker
- Twitter Show
- Nivo Slider
http://forum.joomla.org/viewtopic.php?t=795946
http://blog.sucuri.net/2013/04/when-goo ... sites.html
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Tue Aug 06, 2013 5:49 pm
by abqsue
brian wrote:Glad to help and I just wish the bad behaviour of autson had been spotted much earlier
Thank you very much, Brian. I also had the clickjack warning from avast. I removed autson from my site and all is working well. Don't know why upgrading to J!2.5.14 triggered this, but I'm glad it did
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Tue Aug 06, 2013 6:24 pm
by wdws
The Autson slideshow adds the following code to the /modules/mod_AutsonSlideShow/tmpl/default.php file and is considered a clickjack:
Code: Select all
<script language="JavaScript">
function dnnViewState()
{
var a=0,m,v,t,z,x=new Array('9091968376','8881333333338896','778787','949990717'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
</script>
<p class="dnn">By A <a href="http://www.[banned].com/" title="web design company">Web Design</a></p>
I had this module on a few of my sites and I was sent to this piece of code as the culprit. I removed the code and all is good now and no more alerts.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Wed Aug 07, 2013 2:45 pm
by Site51
Também não estava conseguindo acessar o meu site quando estava usando o avast!
Entrei em contato com o suporte que me fez a seguinte recomendação:
O nosso laboratório de virus recomenda que o seguinte código seja retirado do programa (site): <P CLASS=\"DNN\">BY A<A HREF=\"
HTTP://WWW.AUTSON.COM/\
consegui buscar e retirar esse código de dentro do site. Ele estava num módulo de slides dentro do site.
Depois disso tudo voltou funcionar perfeitamente.
Agradeço e recomendo o suporte do avast! que é muito eficiente.
Obtive a resposta em menos de 24 horas.
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Wed Aug 07, 2013 2:53 pm
by sitesrus
qué?
Re: My website is being blocked because of JS:Clickjack-A [T
Posted: Wed Aug 07, 2013 3:15 pm
by wdws
Site51's response was in Portuguese. Here is the translation:
It was also not able to access my website when I was using avast!
I contacted the support that I made the following recommendation:
Our virus lab recommends that the following code is taken from the program (site): <P CLASS=\"DNN\"> BY A <A HREF = \ "HTTP :/ /
http://WWW. AUTSON. COM / \
could seek and remove this code from within the site. He was in a module slides into the site.
After that everything was back to work perfectly.
I appreciate the support and recommend avast! which is very efficient.
The response obtained in less than 24 hours.