Iframe virus- Internet Explorer Issue

Discussion regarding Joomla! 2.5 security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Iframe virus- Internet Explorer Issue

Post by Manjunath S » Tue Jul 19, 2011 6:00 am

My website content is not visible in IE.

However it is properly visible in other browsers.

It is tallyway .com.

Pl check it out & help me.
I m without a solution for this since a long time. It is urgent.

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Tue Jul 19, 2011 6:44 am

Warning: Do not visit the site. There is a trojan iframe in the website.

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Tue Jul 19, 2011 7:02 am

There is no trojan in the site.

Can you help me out if I post the screen shots.

Have attached one.
You do not have the required permissions to view the files attached to this post.

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Tue Jul 19, 2011 7:07 am

You do not have the required permissions to view the files attached to this post.

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Tue Jul 19, 2011 9:44 am

Pl help me in removing the virus from my website.

I m a newbie in web development.
:(-

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Tue Jul 19, 2011 11:46 pm

I'll try to help as best as I can.

Have you added any articles yet or noticed any suspicious code on your site?

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Wed Jul 20, 2011 10:08 am

Nope

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Wed Jul 20, 2011 9:43 pm

Where did you download the template?

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Thu Jul 21, 2011 5:33 am

It is a default template

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Thu Jul 21, 2011 5:35 am

Any new extensions?

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Thu Jul 21, 2011 5:44 am

I have a plugin called chronoforms, & 2 templates Technology act name jt002_j16, & Software jt004_j16 which I have downloaded.
However the 2 templates do not apply or can be deleted.

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Thu Jul 21, 2011 5:46 am

Have you confirmed that everything you just listed came from a trusted source?

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Thu Jul 21, 2011 6:02 am

How do I know the source is trusted ??

GoldenEagles
Joomla! Intern
Joomla! Intern
Posts: 78
Joined: Sat Jun 04, 2011 6:41 pm

Re: Internet Explorer Issue

Post by GoldenEagles » Thu Jul 21, 2011 6:05 am

List all the outside extensions/templates that you have installed + where you got them. I'll check them out.

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Thu Jul 21, 2011 6:21 am


Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Security Report

Post by Manjunath S » Fri Jul 22, 2011 9:43 am

[quote="JTS-post Problem Description"]Suspected Iframe Trojan visible by viewing first line of code @ tallyway.com[/quote]
JTS-post Diagnostic Information wrote:Joomla! Version: Joomla! 1.6.4 Stable [ Onward ] 23-Jun-2011 23:00 GMT
configuration.php: Writable (Mode: 777 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )
JTS-post Extended Information wrote:SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Not Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )
Last edited by ooffick on Tue Jul 26, 2011 4:57 pm, edited 1 time in total.
Reason: Mod Note: Duplicate post deleted, please do not post your question multiple times..

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Security Report

Post by mandville » Fri Jul 22, 2011 10:16 am

| htaccess: Not Implemented ****

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

Note: The forum post tool will work with J1.6.x
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Security Report

Post by PhilD » Fri Jul 22, 2011 11:25 pm

Also configuration.php: Writable (Mode: 777 )
Nothing should ever be 777
PhilD

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Security Report

Post by Manjunath S » Sat Jul 23, 2011 5:19 am

[quote="JTS-post Problem Description"]After renaming htaccess.txt to .htaccess & changing permissions of configuration.txt to 755[/quote]
JTS-post Diagnostic Information wrote:Joomla! Version: Joomla! 1.6.4 Stable [ Onward ] 23-Jun-2011 23:00 GMT
configuration.php: Writable (Mode: 755 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )
JTS-post Extended Information wrote:SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20652
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Security Report

Post by leolam » Sat Jul 23, 2011 5:42 am

That is not a suspected Iframe...You are hacked as simple as that...iFrame is visible in the code. Changing permissions afterwards makes no sense and you need to follow the instructions provided above by Mandville to clear your site

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Upgrading from Joomla 1.6.4 to 1.6.5

Post by Manjunath S » Sat Jul 23, 2011 6:06 am

I cant find the update for 1.6.5 but can find only the 1.7.0 version
Extension Mgr > Update Tab > Find updates

Also I can't manually upload & install the 1.6.4 to 1.6.5 .zip file.
It shows an error : Can't find xml file
You do not have the required permissions to view the files attached to this post.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20652
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Security Report

Post by leolam » Sat Jul 23, 2011 6:21 am

Do not double post I have reacted to the same question elsewhere Manjunath! http://forum.joomla.org/viewtopic.php?f ... 8#p2564398
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Upgrading from Joomla 1.6.4 to 1.6.5

Post by mandville » Sat Jul 23, 2011 9:23 am

Manjunath S wrote:I cant find the update for 1.6.5 but can find only the 1.7.0 version
E
for your information
[20110701]
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! version 1.6.5 and all earlier 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.0 or later)
for your action
A Safe route for disaster relief

[*] save the configuration.php file and your images and personal files one by one, (not the folder as it may contain unwanted files)
[*] wipe the entire folder where Joomla! is installed
[*] upload a new clean full package latest version of joomla (minus the install folder)
[*] reupload your configuration file & images., templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)
[*] reupload or reinstall the latest versions of your extensions , templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Security Report

Post by Manjunath S » Sat Jul 23, 2011 9:59 am

Hi Mandville,

As of now my Joomla ersion is 1.6.5, but m unable to update to 1.7.0
So now I m taking back up of my site to proceed with the manual upgradation procedure.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15150
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Security Report

Post by mandville » Sat Jul 23, 2011 10:26 am

Manjunath S wrote:Hi Mandville,

As of now my Joomla ersion is 1.6.5, but m unable to update to 1.7.0
So now I m taking back up of my site to proceed with the manual upgradation procedure.
NO.
do a full reinstall after following the A Safe route for disaster relief bit that says to wipe your directory or you WILL be hacked again.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Security Report

Post by PhilD » Sat Jul 23, 2011 7:06 pm

Also changing the permissions of configuration.php from 777 to 755 is incorrect. the correct MAXIMUM permission level for files is 644 and the MAXIMUM permission level of directories are 755. the normal permission level of configuration.php is 444 and should not be higher than 644 for any reason. I should have made that clear in my earlier post.
PhilD

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

Re: Internet Explorer Issue

Post by Manjunath S » Sat Jul 30, 2011 7:05 am

So are you saying I should change permissions of all files to 644 ?

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2737
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: Internet Explorer Issue

Post by PhilD » Sat Jul 30, 2011 12:45 pm

Yes that is what all files permissions should be set to. 644

All directories should be set to 755
PhilD

Manjunath S
Joomla! Intern
Joomla! Intern
Posts: 76
Joined: Wed Jun 22, 2011 8:36 am

I Frame Trojan Attack

Post by Manjunath S » Wed Sep 07, 2011 10:13 am

My Joomla doesn't upgrade from 1.6.5 to 1.7 as well
[quote="JTS-post Problem Description"]I Frame Trojan Attack[/quote]
JTS-post Diagnostic Information wrote:Joomla! Version: Joomla! 1.6.5 Stable [ Onward ] 11-Jul-2011 23:00 GMT
configuration.php: Writable (Mode: 644 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache ( http://www.t allyway.com ) | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )
JTS-post Extended Information wrote:SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )

User avatar
Azmo
Joomla! Guru
Joomla! Guru
Posts: 582
Joined: Wed Apr 06, 2011 6:31 pm
Location: Maryland, USA
Contact:

Re: I Frame Trojan Attack

Post by Azmo » Wed Sep 07, 2011 10:48 am

You were already given all the instructions you need in this thread: http://forum.joomla.org/viewtopic.php?p=2564595 Keep your questions in that thread and follow their instructions.

This thread should be closed/deleted as duplicate.
If I give you an outside solution, I have no affiliation with that product. I may use it, but that is the end of the relationship.


Locked

Return to “Security in Joomla! 2.5”