Need help- {HEX}base64.inject.unclassed.6.UNOFFICIAL FOUND Topic is solved

[IDesign20]

Hello, I am in need of some help and advise on how to fix my site. My sites is using the latest Joomla version 5.1.0
My hosting provider sent me a message today telling me I need to fix/clean my site before they opening again to WWW

here is what the message says:

Hello,
We have ran a new malware scan and here is the result:
/home/....../public_html/sitename/administrator/components/com_templates/tmpl/template/default_updated_files.php: {HEX}base64.inject.unclassed.6.UNOFFICIAL FOUND

How can I fix this?

Thanks, Indrit

[toivo]

Nothing to worry about. It is a red herring, a false positive. Ask you host to fix their Web Application Firewall (WAF) rule that reports a perfectly normal and necessary line of PHP code, containing the native function base64_decode, as malware:

Code: Select all

                                   <a href="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . (int) $value->extension_id . '&file=' . $value->hash_id); ?>" title="<?php echo Text::_('JACTION_EDIT'); ?>"><?php echo base64_decode($value->hash_id); ?></a>

Ref. PHP: base64_decode

[IDesign20]

Thank you i already provided the info to them and they backed up, however they ran another scan for all the sites i host with them and now the provided me with another long list with infected files.

here are the files this time:

Code: Select all

/home/...../public_html/sitename1/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/sitename1/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename1/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename1/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename1/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename2/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename2/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename2/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename2/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename2/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/sitename2/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/sitename3/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/sitename3/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename3/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename3/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename3/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename3/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/sitename3/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/sitename4/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../public_html/sitename4/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/pdf417.php
Websites /home/...../public_html/sitename4/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
CRITICAL_OBFUSCATED_MALWARE_PATTERNS /home/...../public_html/sitename4/administrator/components/com_t4pagebuilder/libs/Helper/Table.php
Websites /home/...../public_html/sitename4/administrator/components/com_t4pagebuilder/libs/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/sitename4/components/com_guru/helpers/excel_reader.php
Websites /home/...../public_html/sitename4/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename4/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename4/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename4/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename4/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/sitename4/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/sitename5/components/com_guru/helpers/excel_reader.php
Websites /home/...../public_html/sitename5/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename5/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename5/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename5/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename6/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/sitename6/components/com_eventbooking/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../public_html/sitename6/components/com_eventbooking/tcpdf/include/barcodes/pdf417.php
Websites /home/...../public_html/sitename6/components/com_guru/helpers/excel_reader.php
Websites /home/...../public_html/sitename6/components/com_dms/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../public_html/sitename6/components/com_dms/tcpdf/include/barcodes/pdf417.php
Websites /home/...../public_html/sitename6/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename6/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename6/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename6/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename6/ecompass/kickstart.php
Websites /home/...../public_html/education/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../public_html/education/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/pdf417.php
Websites /home/...../public_html/education/components/com_guru/helpers/excel_reader.php
Websites /home/...../public_html/education/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/education/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/education/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/education/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/education/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/education/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/uhcdx/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/uhcdx/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/uhcdx/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/uhcdx/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/uhcdx/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/uhcdx/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/uhcdx/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/ccgaccred-test/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/ccgaccred-test/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/ccgaccred-test/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/ccgaccred-test/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/ccgaccred-test/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/ccgaccred-test/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/ccgaccred-test/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/hcc-services/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/hcc-services/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/hcc-services/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/hcc-services/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/hcc-services/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/sitename1/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/sitename1/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename1/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename1/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename1/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename2/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename2/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename2/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename2/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename2/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/sitename2/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/sitename3/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/sitename3/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename3/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename3/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename3/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename3/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/sitename3/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/sitename4/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../www/sitename4/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/pdf417.php
Websites /home/...../www/sitename4/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
CRITICAL_OBFUSCATED_MALWARE_PATTERNS /home/...../www/sitename4/administrator/components/com_t4pagebuilder/libs/Helper/Table.php
Websites /home/...../www/sitename4/administrator/components/com_t4pagebuilder/libs/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/sitename4/components/com_guru/helpers/excel_reader.php
Websites /home/...../www/sitename4/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename4/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename4/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename4/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename4/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/sitename4/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/sitename5/components/com_guru/helpers/excel_reader.php
Websites /home/...../www/sitename5/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename5/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename5/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename5/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename6/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/sitename6/components/com_eventbooking/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../www/sitename6/components/com_eventbooking/tcpdf/include/barcodes/pdf417.php
Websites /home/...../www/sitename6/components/com_guru/helpers/excel_reader.php
Websites /home/...../www/sitename6/components/com_dms/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../www/sitename6/components/com_dms/tcpdf/include/barcodes/pdf417.php
Websites /home/...../www/sitename6/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/sitename6/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/sitename6/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/sitename6/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/sitename6/ecompass/kickstart.php
Websites /home/...../www/education/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/datamatrix.php
Websites /home/...../www/education/administrator/components/com_adagency/helpers/tcpdf/include/barcodes/pdf417.php
Websites /home/...../www/education/components/com_guru/helpers/excel_reader.php
Websites /home/...../www/education/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/education/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/education/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/education/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/education/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/education/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/uhcdx/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/uhcdx/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/uhcdx/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/uhcdx/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/uhcdx/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/uhcdx/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/uhcdx/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/ccgaccred-test/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../www/ccgaccred-test/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../www/ccgaccred-test/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/ccgaccred-test/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/ccgaccred-test/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/ccgaccred-test/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/ccgaccred-test/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../www/hcc-services/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../www/hcc-services/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../www/hcc-services/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../www/hcc-services/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../www/hcc-services/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php

I am at a cross road, my sites are restricted to the public and not sure which are files and folders i need to delete and which i need to keep!

Thanks

[toivo]

They do not know what they are talking about. This topic from 2015 is still valid: Use of Base64 encoding is normal programming practice

Ask them to compare the filesystem of one of your sites to files in an out-of-the-box Joomla 5.x and it should be obvious to them that those files are not infected. If they do not agree, it is time to find a new host.

[IDesign20]

Thanks, are you saying that scans like this are part of Joomla?
See bellow:

Websites /home/...../public_html/sitename2/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php
Websites /home/...../public_html/sitename2/libraries/vendor/voku/portable-utf8/src/voku/helper/UTF8.php
Websites /home/...../public_html/sitename2/plugins/system/t4/vendor/matthiasmullie/minify/src/CSS.php
Websites /home/...../public_html/sitename2/plugins/system/t4/vendor/nelexa/zip/src/IO/Filter/Cipher/Pkware/PKCryptContext.php
Websites /home/...../public_html/sitename3/administrator/components/com_akeebabackup/vendor/akeeba/engine/engine/Util/Encrypt.php
Websites /home/...../public_html/sitename3/libraries/vendor/algo26-matthias/idna-convert/src/TranscodeUnicode/TranscodeUnicode.php
Websites /home/...../public_html/sitename3/libraries/vendor/phpseclib/phpseclib/phpseclib/Crypt/Blowfish.php
Websites /home/...../public_html/sitename3/libraries/vendor/spomky-labs/pki-framework/src/CryptoTypes/AlgorithmIdentifier/Cipher/RC2CBCAlgorithmIdentifier.php

Also, this is Scalahost, they were recommendeed by Joomla, if there is a better one out there Im all ears.

Thanks, Indrit

[toivo]

are you saying that scans like this are part of Joomla?

Yes, all the listed paths and files are part of Joomla 5.x or a well known third party extension, like the T4 System Plugin from JoomlArt and Akeeba Backup. The list sent by your host consists of output from incorrectly configured too strict firewall rules, flagging legitimate PHP code as malicious.

this is Scalahost, they were recommendeed by Joomla

Joomla is only an Open Source CMS, not an organization. The home page of your host has a video by @brian, who is one of the founders of Joomla, a developer and an active member of this forum. The quality of service by hosts can vary and you have obviously had a negative experience with the support team of your host.

[IDesign20]

i have another message from my host but the forum wont allow me to post. why?

[IDesign20]

At this point, after providing the feedback from you, it appears they have silently agreed with the input and are now focusing on a spam email that somehow had made it to one of my sites and want me to solve it. Don't get me wrong, I WANT to solve the issue just don't know how...here is what they say

Before we can enable global access, we need a detailed explanation of the purpose of this email:

Please see attached print screen for the spam message they have identified

........and how will you solve the issue with the outgoing spam from your account? We have zero spam tolerance and we can't afford unwanted emails to be sent out from our infrastructure.

Thanks

[Per Yngve Berg]

It originated from the Contact Component. There is an Option "Send Copy to Myself" in the Form. Disable it in the Options as it is often abused by Spammers.

[IDesign20]

Thank you for your feedback. My hosting tech support team is saying:

Until the spam issues have been fully resolved, we cannot restore public access to your account, as it will just start sending spam again if no measures are taken to resolve the issue. The initial reason for the suspension was due to sending spam from the contact form, which may have been compromised due to not being protected with Recaptcha. I recommend you secure all of your website contact forms with ReCaptcha to prevent such abuse. This will secure them and block bots from abusing them since they wouldn't be able to pass the ReCaptcha.

How can I add Repatcha?

Also, Where do I need to go to disable "Send Copy to Myself" in the Form ? I went to components/Contacts/Contact Us/Form and selected "Hide" for the option: "Send Copy to Submitter" but I cannot find the options that you are suggesting

Thanks

[IDesign20]

My host is saying either add reCaptcha to your contact form or we are not opening your sites to the public, which in other words it means pack up and leave us.

If Joomla 5.x took that away, why are hosting providers that claim support Joomla 5.x are kicking me out?

I am in a cross road

Please help

[toivo]

Install a third party Captcha plugin, for example hCaptcha. Register with the service at https://hcaptcha.com. Go to System - Manage - Plugins, then go to the plugin 'CAPTCHA - hCaptcha', enter the site key and the secret key and enable the plugin.

As you have already done it, make sure the option 'Send Copy to Submitter' is set to 'Hide' in the tab 'Form' in Components - Contacts - Contacts - Options. Select 'CAPTCHA - hCaptcha' in the field 'Allow Captcha on Contact'.

[IDesign20]

Can someone provide me a good host that REALLY understand Joomla.

Today, after all was cleared yesterday, another technician from ScalaHost flagged again the following file

/home/........./public_html/mysite/administrator/components/com_templates/tmpl/template/default_updated_files.php


here is the ticket content

Subject: Malicious content
Content: During the monitoring of your account we noticed once again malicious activity showing a new compromise. Please take immediate actions to secure the account and remove the malicious code. A list of the infected files is below.

/home/........./public_html/mysite/administrator/components/com_templates/tmpl/template/default_updated_files.php

Important: To resolve this issue it is very important to follow the 5 steps we provided in the first message of the ticket. Just removing the malicious content does not fix the vulnerability in your website and it will be hacked again. You need to update the script and all plugins, modules, themes to the latest versions which can be done from the admin panel of the script. Then you need to change both the FTP and the admin panel password to a hard to guess one.

I am drained, exhausted by the back and forth with the team.

I need help on another new host

Thanks

[toivo]

Your host has not fully updated the rules regarding the legitimate native PHP function base64_decode(). The following line in the file default_updated_files.php is part of Joomla 5.1, not a result of a malicious hack:

Code: Select all

                                   <a href="<?php echo Route::_('index.php?option=com_templates&view=template&id=' . (int) $value->extension_id . '&file=' . $value->hash_id); ?>" title="<?php echo Text::_('JACTION_EDIT'); ?>"><?php echo base64_decode($value->hash_id); ?></a>

[IDesign20]

I know that, but I am now full time consultant for their out-of-date rules regarding the legitimate native PHP function base64_decode()

I am everyday 2-3 times on their support ticket trying to explain to me why my sites are secured.

Every time I do an update with either Joomla related files or Joomlart templates, or akeeba updates i get flagged. It is exhausting!

Need a new host!!!

Indrit