The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 31 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Tue Jul 19, 2011 6:00 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
My website content is not visible in IE.

However it is properly visible in other browsers.

It is tallyway .com.

Pl check it out & help me.
I m without a solution for this since a long time. It is urgent.


Top
 Profile  
 
PostPosted: Tue Jul 19, 2011 6:44 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
Warning: Do not visit the site. There is a trojan iframe in the website.


Top
 Profile  
 
PostPosted: Tue Jul 19, 2011 7:02 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
There is no trojan in the site.

Can you help me out if I post the screen shots.

Have attached one.


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
PostPosted: Tue Jul 19, 2011 7:07 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
Clean your website, then we'll talk.

http://www.urlvoid.com/scan/tmjablkj.co.tv

http://vscan.novirusthanks.org/analysis/e9996e7d819debf4bb6528427ae1e0ad/dGFsbHl3YXktY29t/


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
PostPosted: Tue Jul 19, 2011 9:44 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
Pl help me in removing the virus from my website.

I m a newbie in web development.
:(-


Top
 Profile  
 
PostPosted: Tue Jul 19, 2011 11:46 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
I'll try to help as best as I can.

Have you added any articles yet or noticed any suspicious code on your site?


Top
 Profile  
 
PostPosted: Wed Jul 20, 2011 10:08 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
Nope


Top
 Profile  
 
PostPosted: Wed Jul 20, 2011 9:43 pm 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
Where did you download the template?


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 5:33 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
It is a default template


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 5:35 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
Any new extensions?


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 5:44 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
I have a plugin called chronoforms, & 2 templates Technology act name jt002_j16, & Software jt004_j16 which I have downloaded.
However the 2 templates do not apply or can be deleted.


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 5:46 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
Have you confirmed that everything you just listed came from a trusted source?


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 6:02 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
How do I know the source is trusted ??


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 6:05 am 
Joomla! Intern
Joomla! Intern

Joined: Sat Jun 04, 2011 6:41 pm
Posts: 78
List all the outside extensions/templates that you have installed + where you got them. I'll check them out.


Top
 Profile  
 
PostPosted: Thu Jul 21, 2011 6:21 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
Plugin: Chronoforms http://extensions.joomla.org/extensions ... forms/1508
Templates: Software http://joomlathemes.co/1-6-templates/40-software
Technology http://joomlathemes.co/1-6-templates/38-technology


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Fri Jul 22, 2011 9:43 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
JTS-post Problem Description wrote:
Suspected Iframe Trojan visible by viewing first line of code @ tallyway.com

JTS-post Diagnostic Information wrote:
Joomla! Version: Joomla! 1.6.4 Stable [ Onward ] 23-Jun-2011 23:00 GMT
configuration.php: Writable (Mode: 777 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )

JTS-post Extended Information wrote:
SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Not Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )


Last edited by ooffick on Tue Jul 26, 2011 4:57 pm, edited 1 time in total.
Mod Note: Duplicate post deleted, please do not post your question multiple times..


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Fri Jul 22, 2011 10:16 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12459
Location: The Girly Side of Joomla in Sussex
| htaccess: Not Implemented ****

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation. Replace the deleted files with fresh copies of a current full version of Joomla, and fresh copies of extensions and templates used. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, but ideal is 644 and 755

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

Note: The forum post tool will work with J1.6.x

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Fri Jul 22, 2011 11:25 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Also configuration.php: Writable (Mode: 777 )
Nothing should ever be 777

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 5:19 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
JTS-post Problem Description wrote:
After renaming htaccess.txt to .htaccess & changing permissions of configuration.txt to 755

JTS-post Diagnostic Information wrote:
Joomla! Version: Joomla! 1.6.4 Stable [ Onward ] 23-Jun-2011 23:00 GMT
configuration.php: Writable (Mode: 755 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )

JTS-post Extended Information wrote:
SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 5:42 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13919
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
That is not a suspected Iframe...You are hacked as simple as that...iFrame is visible in the code. Changing permissions afterwards makes no sense and you need to follow the instructions provided above by Mandville to clear your site

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Sat Jul 23, 2011 6:06 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
I cant find the update for 1.6.5 but can find only the 1.7.0 version
Extension Mgr > Update Tab > Find updates

Also I can't manually upload & install the 1.6.4 to 1.6.5 .zip file.
It shows an error : Can't find xml file


You do not have the required permissions to view the files attached to this post.


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 6:21 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13919
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Do not double post I have reacted to the same question elsewhere Manjunath! viewtopic.php?f=624&p=2564398#p2564398

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Sat Jul 23, 2011 9:23 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12459
Location: The Girly Side of Joomla in Sussex
Manjunath S wrote:
I cant find the update for 1.6.5 but can find only the 1.7.0 version
E

for your information
Quote:
[20110701]
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! version 1.6.5 and all earlier 1.6.x versions
Solution
Upgrade to the latest Joomla! version (1.7.0 or later)

for your action
A Safe route for disaster relief

[*] save the configuration.php file and your images and personal files one by one, (not the folder as it may contain unwanted files)
[*] wipe the entire folder where Joomla! is installed
[*] upload a new clean full package latest version of joomla (minus the install folder)
[*] reupload your configuration file & images., templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)
[*] reupload or reinstall the latest versions of your extensions , templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 9:59 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
Hi Mandville,

As of now my Joomla ersion is 1.6.5, but m unable to update to 1.7.0
So now I m taking back up of my site to proceed with the manual upgradation procedure.


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 10:26 am 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12459
Location: The Girly Side of Joomla in Sussex
Manjunath S wrote:
Hi Mandville,

As of now my Joomla ersion is 1.6.5, but m unable to update to 1.7.0
So now I m taking back up of my site to proceed with the manual upgradation procedure.

NO.
do a full reinstall after following the A Safe route for disaster relief bit that says to wipe your directory or you WILL be hacked again.

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
 Post subject: Re: Security Report
PostPosted: Sat Jul 23, 2011 7:06 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Also changing the permissions of configuration.php from 777 to 755 is incorrect. the correct MAXIMUM permission level for files is 644 and the MAXIMUM permission level of directories are 755. the normal permission level of configuration.php is 444 and should not be higher than 644 for any reason. I should have made that clear in my earlier post.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
PostPosted: Sat Jul 30, 2011 7:05 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
So are you saying I should change permissions of all files to 644 ?


Top
 Profile  
 
PostPosted: Sat Jul 30, 2011 12:45 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Yes that is what all files permissions should be set to. 644

All directories should be set to 755

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
 Post subject: I Frame Trojan Attack
PostPosted: Wed Sep 07, 2011 10:13 am 
Joomla! Intern
Joomla! Intern

Joined: Wed Jun 22, 2011 8:36 am
Posts: 76
My Joomla doesn't upgrade from 1.6.5 to 1.7 as well
JTS-post Problem Description wrote:
I Frame Trojan Attack

JTS-post Diagnostic Information wrote:
Joomla! Version: Joomla! 1.6.5 Stable [ Onward ] 11-Jul-2011 23:00 GMT
configuration.php: Writable (Mode: 644 ) | Architecture/Platform: Linux 2.6.9-89.0.18.ELsmp ( x86_64) | Web Server: Apache ( http://www.t allyway.com ) | PHP Version: 5.2.9
PHP Requirements: register_globals: Disabled | magic_quotes_gpc: Disabled | safe_mode: Disabled | MySQL Support: Yes | XML Support: Yes | zlib Support: Yes
mbstring Support (1.5 or above): Yes | iconv Support (1.5 or above): Yes | save.session_path: Writable | Max. Execution Time: 240 seconds ( now, but user had to increase from 30 ) | File Uploads: Enabled
MySQL Version: ( )

JTS-post Extended Information wrote:
SEF: Enabled (without ReWrite) | Legacy Mode: N/A | FTP Layer: N/A | htaccess: Implemented
PHP/suExec: User and Web Server accounts are the same. (PHP/suExec probably installed)
PHP Environment: API: cgi-fcgi | MySQLi: Yes | Max. Memory: 96M ( now, but user had to increase from 24M ) | Max. Upload Size: 20M | Max. Post Size: 22M | Max. Input Time: 60 | Zend Version: 2.2.0
Disabled Functions:
MySQL Client: 4.1.22 ( )


Top
 Profile  
 
PostPosted: Wed Sep 07, 2011 10:48 am 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Wed Apr 06, 2011 6:31 pm
Posts: 582
Location: Maryland, USA
You were already given all the instructions you need in this thread: viewtopic.php?p=2564595 Keep your questions in that thread and follow their instructions.

This thread should be closed/deleted as duplicate.

_________________
If I give you an outside solution, I have no affiliation with that product. I may use it, but that is the end of the relationship.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 31 posts ]  Go to page 1, 2  Next



Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group