Joomla! • View topic - iframe with virus [resolved]

Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Forum rules

Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.

iframe with virus [resolved]

Moderators: mandville, PhilD, General Support Moderators

Page 1 of 1

[ 14 posts ]

Print view

Previous topic | Next topic

Author

Message

Saffron2508

Post subject: iframe with virus [resolved]

Posted: Fri Apr 27, 2012 9:56 pm

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

Hi,

I had somebody re-design my site a couple of years ago & he built it with Joomla. I know the basics of running the site but am not especially great with it.

Anyway, I've been receiving reports of a virus on my site. I looked at the source code on one page & found this at the end of the html

</body>
</html><iframe src="http://[removed URL]/admin/" width="0" height="0" frameborder="0"></iframe>

Can anybody give me a pointer as to how I would remove that? It appears to be on every page. When the page is opened a box appears saying
http://www.[removed URL].eu
Adobe flash must be updated. Clicking anywhere on the box starts the installation process.

You do not have the required permissions to view the files attached to this post.

Last edited by mandville on Mon Apr 30, 2012 11:04 pm, edited 2 times in total.

Mod Note: Removed URL, we do not need to promote the hackers website any further.

Top

euoceo

Post subject: Re: iframe with virus

Posted: Sat Apr 28, 2012 1:18 am

Joomla! Guru

Joined: Fri Sep 12, 2008 2:48 pm
Posts: 948
Location: Sacramento

Check out:

http://docs.joomla.org/Category:Security_Checklist

What version are you running? I'm guessing you're a few versions behind.

_________________
Joomla! Web Hosting, Design, and Consulting.
Portfolio: http://www.calweb.com/joomla
Please do not PM me for help, use the forums first.

Top

Saffron2508

Post subject: Re: iframe with virus

Posted: Sat Apr 28, 2012 4:54 am

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

I'm running 1.5.14, I don't know how to upgrade or even where to look in the security section

The guy who built the site isn't responding to my email unfortunately.

Top

Saffron2508

Post subject: Re: iframe with virus

Posted: Sat Apr 28, 2012 11:36 pm

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

euoceo, did you receive my message? I tried to email you as I can't respond to PM's for some reason.

I really don't know Joomla at all, I don't even know how to install extensions

The guy who designed my site did it all for me & now he's not responding to my email. So frustrating.

Top

euoceo

Post subject: Re: iframe with virus

Posted: Sun Apr 29, 2012 12:01 am

Joomla! Guru

Joined: Fri Sep 12, 2008 2:48 pm
Posts: 948
Location: Sacramento

Hmm, I haven't received anything from you. I'll send you a PM with contact information, hopefully you can read PMs. Maybe there's a post count limit before you are allowed to use that function on the forums to stop spammers.

_________________
Joomla! Web Hosting, Design, and Consulting.
Portfolio: http://www.calweb.com/joomla
Please do not PM me for help, use the forums first.

Top

Saffron2508

Post subject: Re: iframe with virus

Posted: Sun Apr 29, 2012 8:44 am

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

Okay, the joys of Facebook. I messaged a friend who is a web designer & asked him. He found the vulnerability (it was a back door), and has temporarily patched it but he said I need to upgrade the software urgently. Did you get my email euoceo?

Top

Webdongle

Post subject: Re: iframe with virus

Posted: Sun Apr 29, 2012 10:40 am

Joomla! Master

Joined: Sat Apr 05, 2008 9:58 pm
Posts: 23363
Location: @Webdongle

Saffron2508 wrote:

...He found the vulnerability (it was a back door), and has temporarily patched it but he said I need to upgrade the software urgently. ...

If you read the information you were given the links to then you would realise that updating is not enough. You need to do everything in the list if you can't do it then you need to pay someone to do it.

_________________
http://weblinksonline.co.uk/joomla-faq.html

Top

PhilD

Post subject: Re: iframe with virus

Posted: Sun Apr 29, 2012 3:45 pm

Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2694
Location: Wisconsin USA

Below is what you should be following to properly fix your website. If you take the time to read and understand the information presented in the various points and documents then you can do the clean and repair yourself and learn much about your site as well. If you can not do this then I would ask over in the professional forum (I think that's correct) viewforum.php?f=177 for someone you can pay to properly clean and repair the site for you.

PhilD wrote:

It is suggested to do all of the following. Failure to follow the suggestions below may leave your site vulnerable to being hacked again in the future.

You must state what version of Joomla you were using when when the site became hacked. This can make a difference as to how we approach your individual situation.

[ ] Run the Forum Post Assistant / FPA Instructions available here and are also included in the download package.

[ ] Ensure you have the latest version of Joomla. Delete all files in your Joomla installation, saving a copy of the configuration.php file. Replace the deleted files with fresh copies of a current full version of Joomla (minus the installation directory), and fresh copies of extensions and templates used. Upload the copy of your configuration file. Only by replacing all files in the installation (including extensions and templates) can you be sure to remove the backdoors inserted and hidden in files and directories More detail can be found in the security Checklist 7 link below.

[ ] Review Vulnerable Extensions List

[ ] Review and action Security Checklist 7 to make sure you've gone through all of the steps.

[ ] Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc.

[ ] Change all passwords and if possible user names for the website host control panel and your Joomla site.

[ ] Use proper permissions on files and directories. They should never be 777, ideal is 644 and 755 and 444 for the configuration.php file.

[ ] Check your htaccess for for any odd code (i.e. code which is not in the standard htaccess supplied as part of the Joomla installation).

[ ] Check the crontab or Task Scheduler for unexpected jobs/tasks.

[ ] Ensure you do not have anonymous ftp enabled

Note: The forum post tool will work with 1.0.x, J1.6.x, J1.7.x, 2.5.x versions of Joomla.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

Top

euoceo

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 5:00 pm

Joomla! Guru

Joined: Fri Sep 12, 2008 2:48 pm
Posts: 948
Location: Sacramento

Update: Removed all files and updated to latest 1.5.26. Updated components, one had a xss issue. Admin directory .htaccess protected. Site looks clean so far.

Side comment: Why does a paid template contain base64 code advertising the template's site??? Very unprofessional for a paid template.. Decodes to: (removed some letters, I'm not giving them free advertising, but you can guess it. Very sleazy if you ask me).

Quote:

<div class="tplcright"><a href="http://www.joomlash--k.com" title="Joomla 1.5 Templates">Joomla 1.5 Templates by J---------k</a></div>

_________________
Joomla! Web Hosting, Design, and Consulting.
Portfolio: http://www.calweb.com/joomla
Please do not PM me for help, use the forums first.

Top

Saffron2508

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 8:40 pm

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

Aah, just coming to update on the saga of my site.

euoceo did an absolutely amazing job of fixing the problem for me. It was way beyond my level of expertise. He spent hours doing this & that & kept in touch with me at all times, keeping me updated.

He has fixed the problem, secured the board & will hopefully stay with me in the future to help me with upgrades etc. A really happy outcome for a very scary situation. As my site is my livlihood, having this virus on it was catastrophic.

Thanks again, it's great to know I now have a reliable "Joomla man" to help me with stuff

Top

mandville

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 9:12 pm

Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 11635
Location: The Girly Side of Joomla in Sussex

euoceo wrote:

Updated components, one had a xss issue

which extension? is it already listed in the vel?

Saffron2508 wrote:

Aah, just coming to update on the saga of my site.

can we mark this as resolved?

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}

Top

Saffron2508

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 9:21 pm

Joomla! Apprentice

Joined: Fri Apr 27, 2012 9:51 pm
Posts: 6

Yes, it can be marked as resolved. Thanks

Top

tj.baker

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 9:34 pm

Joomla! Enthusiast

Joined: Tue Feb 14, 2006 6:23 am
Posts: 221
Location: Visalia, CA

euoceo wrote:

Quote:

<div class="tplcright"><a href="http://www.joomlash--k.com" title="Joomla 1.5 Templates">Joomla 1.5 Templates by J---------k</a></div>

Joomlashack's not used base64 encoding for links for quite some time.

Reading this I see that the template was installed two years ago, so that's why it was there.

A new copy of the template can be downloaded and installed... and probably should to be sure there's no bad code injected in the template anyways.

Top

euoceo

Post subject: Re: iframe with virus

Posted: Mon Apr 30, 2012 10:12 pm

Joomla! Guru

Joined: Fri Sep 12, 2008 2:48 pm
Posts: 948
Location: Sacramento

mandville wrote:

euoceo wrote:

Updated components, one had a xss issue

which extension? is it already listed in the vel?
can we mark this as resolved?

Hi mandville,

The site looked like it was done several years ago then never touched again (on the Joomla side). One of the components was the beta version of sh404SEF, marked as a low-level XSS security issue, It's now running the latest of that extension. And yes, mark resolved please.

tj.baker wrote:

Joomlashack's not used base64 encoding for links for quite some time. A new copy of the template can be downloaded and installed... and probably should to be sure there's no bad code injected in the template anyways.

Oh, thanks, that's good to know! Once a template is bought from them the customer can get updates to that template always or is there a time limit? I'm not even sure they have a login/pw since their developer probably bought the template for them and bundled it into their costs. They'll need a new template anyways (this one is 1.5 only) as they plan on going to 2.5 next after a breather with the site running without any issues for awhile..

_________________
Joomla! Web Hosting, Design, and Consulting.
Portfolio: http://www.calweb.com/joomla
Please do not PM me for help, use the forums first.

Top

Page 1 of 1

[ 14 posts ]

Board index » Joomla! Older Version Support » Joomla! 1.5 » Security in Joomla! 1.5

Who is online

Users browsing this forum: Exabot [Bot], ichiro [Crawler] and 24 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:

Welcome to Joomla!

Recent Joomla! News

Support Joomla!

What Is Joomla?

Joomla! for Business

Joomla! for Developers

Learn more about Joomla!

Connect!

Support!

Read!

Get involved with Joomla!

Directories

Developers

Download Joomla! 2.5

Download Joomla! 3.1

Getting Started with Joomla!

Internationalization

The Joomla! Forum ™

Forum rules

iframe with virus [resolved]

Who is online