The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Wed Oct 17, 2012 5:26 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Sep 25, 2007 11:50 am
Posts: 35
I have several folders with both Joomla 1.5 and 2.5 sites, all using the latest version, on a shared server.My sites keep redirecting to msn.com, both the url for the front end or backend.I removed all files except the log file from the "root" and all the sites are in folders. If it is a live site, the url points directly to it. If it is a site I am still working on, I access it with the sub-domain and the name of the folder. I restored 2 of the sites because I had backups for them, so I just created a new database and folder and restored them. I will change the admin and password and add admin tools, which I hadn't done (and learned my lesson).

I do have one site that I have been working on and had not backed up yet (stupid, I know). I uploaded a clean htaccess file so I don't think the code is in there. So I will probably have to rebuild it from scratch. So I did a fresh installation of Joomla 2.5.7 with a new database in a new folder, and I noticed a strange thing. At the very top of the browser there a some small black squares right above the admin panel on the back end and at the top of the page on the front end. When I use firebug, I see the following, and it just doesn't seem right. . This is a new install without sample data.
Code:
[size=85][size=85]!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-gb" dir="ltr" xml:lang="en-gb" xmlns="http://www.w3.org/1999/xhtml" slick-uniqueid="3">
<head>
<body style="font-size: 100%;">
<div id="_GPL_e6a00_parent_div" style="position: absolute; top: 0px; left: 0px; width: 1px; height: 1px; z-index: 2147483647;">
<object id="_GPL_e6a00_swf" width="1" height="1" type="application/x-shockwave-flash" data="http://savingsslider-a.akamaihd.net/items/e6a00/storage.swf">
<param name="wmode" value="transparent">
<param name="allowscriptaccess" value="always">
<param name="flashvars" value="logfn=_GPL.items.e6a00.log&onload=_GPL.items.e6a00.onload&onerror=_GPL.items.e6a00.onerror&LSOName=gpl">
</object>
</div>
<iframe width="5" scrolling="auto" height="5" align="middle" frameborder="no" src="http://polarizebit.org/Lexmark?8">
<!DOCTYPE html>
<html class="blacklist" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="chrome://global/skin/netError.css" type="text/css" media="all">
Filtered chrome url chrome://global/skin/netError.css
</link>
<link id="favicon" rel="icon" type="image/png" href="chrome://global/skin/icons/blacklist_favicon.png"/>
<script type="application/javascript">
// Error url MUST be formatted like this:
// about:blocked?e=error_code&u=url
// Note that this file uses document.documentURI to get
// the URL (with the format from above). This is because
// document.location.href gets the current URI off the docshell,
// which is the URL displayed in the location bar, i.e.
// the URI that the user attempted to load.
function getErrorCode()
{
var url = document.documentURI;
var error = url.search(/e\=/);
var duffUrl = url.search(/\&u\=/);
return decodeURIComponent(url.slice(error + 2, duffUrl));
}
function getURL()
{
var url = document.documentURI;
var match = url.match(/&u=([^&]+)&/);
// match == null if not found; if so, return an empty string
// instead of what would turn out to be portions of the URI
if (!match)
return "";
url = decodeURIComponent(match[1]);
// If this is a view-source page, then get then real URI of the page
if (/^view-source\:/.test(url))
url = url.slice(12);
return url;
}
/**
* Attempt to get the hostname via document.location. Fail back
* to getURL so that we always return something meaningful.
*/
function getHostString()
{
try {
return document.location.hostname;
} catch (e) {
return getURL();
}
}
function initPage()
{
// Handoff to the appropriate initializer, based on error code
switch (getErrorCode()) {
case "malwareBlocked" :
initPage_malware();
break;
case "phishingBlocked" :
initPage_phishing();
break;
}
}
/**
* Initialize custom strings and functionality for blocked malware case
*/
function initPage_malware()
{
// Remove phishing strings
var el = document.getElementById("errorTitleText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_phishing");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_phishing");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("malware_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_malware")
.innerHTML;
}
/**
* Initialize custom strings and functionality for blocked phishing case
*/
function initPage_phishing()
{
// Remove malware strings
var el = document.getElementById("errorTitleText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorShortDescText_malware");
el.parentNode.removeChild(el);
el = document.getElementById("errorLongDescText_malware");
el.parentNode.removeChild(el);
// Set sitename
document.getElementById("phishing_sitename").textContent = getHostString();
document.title = document.getElementById("errorTitleText_phishing")
.innerHTML;
}
</script>
<style type="text/css">
/* Style warning button to look like a small text link in the
bottom right. This is preferable to just using a text link
since there is already a mechanism in browser.js for trapping
oncommand events from unprivileged chrome pages (BrowserOnCommand).*/
#ignoreWarningButton {
-moz-appearance: none;
background: transparent;
border: none;
color: white; /* Hard coded because netError.css forces this page's background to dark red */
text-decoration: underline;
margin: 0;
padding: 0;
position: relative;
top: 23px;
left: 20px;
font-size: smaller;
}
#ignoreWarning {
text-align: right;
}
</style>
<title>Reported Attack Page!</title>
</head>
<body dir="ltr">
<div id="errorPageContainer">
<div id="errorTitle">
<h1 id="errorTitleText_malware">Reported Attack Page!</h1>
</div>
<div id="errorLongContent">
<div id="errorShortDesc">
<div id="errorLongDesc">
<div id="buttons">
</div>
<div id="ignoreWarning">
</div>
<script type="application/javascript">
</body>
</html>
</iframe>[/size][/size]



Is this normal? Do you think it is related to the redirect? Where is it coming from?How can I fix this?
The new install is http://s285641334.onlinehome.us/olio2/

The site that redirects to msn.com is http://s285641334.onlinehome.us/olio/

Someone please help!!!
Ellen


Top
 Profile  
 
PostPosted: Wed Oct 17, 2012 9:11 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Wed Oct 17, 2012 9:09 pm
Posts: 1
I have the same problem. Someone can help?


Top
 Profile  
 
PostPosted: Wed Oct 17, 2012 10:03 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Tue Sep 25, 2007 11:50 am
Posts: 35
Maybe this helps....

Forum Post Assistant (v1.2.3) : 17th October 2012 wrote:
Basic Environment :: wrote:
Joomla! Instance :: Joomla! 2.5.7-Stable (Ember) 13-September-2012
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Writable (644) | Owner: u53517304 (uid: 1/gid: 1) | Group: ftpusers (gid: 1) | Valid For: 2.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux infong 2.4 #1 SMP Fri May 18 17:32:59 UTC 2012 i686 GNU/Linux | OS Version: Linux infong 2.4 #1 SMP Fri May 18 17:32:59 UTC 2012 i686 GNU/Linux | Technology: Linux infong 2.4 #1 SMP Fri May 18 17:32:59 UTC 2012 i686 GNU/Linux | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /kunden/homepages/35/d285641313/htdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.7 | PHP API: cgi-fcgi | Session Path Writable: Unknown | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 40M | Max. POST Size: 8M | Max. Input Time: -1 | Max. Execution Time: 50000 | Memory Limit: 90M

MySQL Configuration :: Version: 5.0.91-log (Client:mysqlnd 5.0.10 - 20111026 - $Id: b0b3b15c693b7f6aeb3aa66b646fee339f175e39 $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 622.27 KiB | #of Tables: 83
Detailed Environment :: wrote:
PHP Extensions :: Core (5.4.7) | date (5.4.7) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | bcmath () | bz2 () | calendar () | ctype () | curl () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | session () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | standard (5.4.7) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: b0b3b15c693b7f6aeb3aa66b646fee339f175e39 $) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: 7c9981924ded1ad2023fb1d5c3d1a8f290632f5c $) | imap () | shmop () | SimpleXML (0.1) | soap () | mysqli (0.1) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | mysql (1.0) | cgi-fcgi () | mhash () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:
Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:
Components :: SITE :: WF_AGGREGATOR_VIMEO_TITLE (2.2.8.3) | [youtube] (2.2.8.3) | WF_FILESYSTEM_JOOMLA_TITLE (2.2.8.3) | WF_LINKS_JOOMLALINKS_TITLE (2.2.8.3) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.2.8.3) | WF_POPUPS_JCEMEDIABOX_TITLE (2.2.8.3) | WF_POPUPS_WINDOW_TITLE (2.2.8.3) | WF_LINK_SEARCH_TITLE (2.2.8.3) | WF_ANCHOR_TITLE (2.2.8.3) | WF_ARTICLE_TITLE (2.2.8.3) | WF_AUTOSAVE_TITLE (2.2.8.3) | WF_BROWSER_TITLE (2.2.8.3) | WF_CAPTION_TITLE (2.0.3) | WF_CLEANUP_TITLE (2.2.8.3) | WF_CLIPBOARD_TITLE (2.2.8.3) | WF_CONTEXTMENU_TITLE (2.2.8.3) | WF_DIRECTIONALITY_TITLE (2.2.8.3) | WF_FULLSCREEN_TITLE (2.2.8.3) | WF_IMGMANAGER_TITLE (2.2.8.3) | WF_INLINEPOPUPS_TITLE (2.2.8.3) | [Do not buy our kitchens!] (2.2.8.3) | WF_LAYER_TITLE (2.2.8.3) | WF_LINK_TITLE (2.2.8.3) | WF_MEDIA_TITLE (2.2.8.3) | WF_MEDIAMANAGER_TITLE (2.0.7) | WF_NONBREAKING_TITLE (2.2.8.3) | WF_PREVIEW_TITLE (2.2.8.3) | WF_PRINT_TITLE (2.2.8.3) | WF_SEARCHREPLACE_TITLE (2.2.8.3) | WF_SOURCE_TITLE (2.2.8.3) | WF_SPELLCHECKER_TITLE (2.2.8.3) | WF_STYLE_TITLE (2.2.8.3) | WF_TABLE_TITLE (2.2.8.3) | WF_TEXTCASE_TITLE (2.2.8.3) | WF_VISUALBLOCKS_TITLE (2.2.8.3) | WF_VISUALCHARS_TITLE (2.2.8.3) | WF_XHTMLXTRAS_TITLE (2.2.8.3) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
Components :: ADMIN :: com_admin (2.5.0) | Akeeba (3.6.7) | com_banners (2.5.0) | com_cache (2.5.0) | com_categories (2.5.0) | com_checkin (2.5.0) | com_config (2.5.0) | com_content (2.5.0) | com_cpanel (2.5.0) | eXtplorer (2.1.0RC5) | com_finder (2.5.0) | com_installer (2.5.0) | JCE (2.2.8.3) | Unknown (-) | Editor - JCE (2.2.8.3) | Editor - JCE (2.2.8.3) | JCE File Browser (2.0.0) | plg_quickicon_jcefilebrowser (2.5.0) | com_joomlaupdate (2.5.0) | com_languages (2.5.0) | com_login (2.5.0) | com_media (2.5.0) | com_menus (2.5.0) | com_messages (2.5.0) | com_modules (2.5.0) | Content - Multicategories (1.0.0) | Button - Multicategories (1.0.0) | COM_MULTICATEGORIES (1.0.2) | com_newsfeeds (2.5.0) | COM_OSTOOLBAR (1.5.7) | com_plugins (2.5.0) | com_redirect (2.5.0) | RSForm (1.4.0 R43) | com_search (2.5.0) | com_templates (2.5.0) | com_users (2.5.0) | com_weblinks (2.5.0) | Widgetkit (1.2.2) | com_xmap (2.2.1) |

Modules :: SITE :: mod_articles_archive (2.5.0) | mod_articles_categories (2.5.0) | mod_articles_category (2.5.0) | mod_articles_latest (2.5.0) | mod_articles_news (2.5.0) | mod_articles_popular (2.5.0) | mod_banners (2.5.0) | mod_breadcrumbs (2.5.0) | mod_custom (2.5.0) | mod_feed (2.5.0) | mod_finder (2.5.0) | mod_footer (2.5.0) | mod_languages (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_random_image (2.5.0) | mod_related_items (2.5.0) | RSForm! Pro Module (1.3.0) | mod_search (2.5.0) | mod_stats (2.5.0) | mod_syndicate (2.5.0) | mod_users_latest (2.5.0) | mod_weblinks (2.5.0) | mod_whosonline (2.5.0) | Widgetkit (1.0.0) | Widgetkit Twitter (1.0.0) | mod_wrapper (2.5.0) |
Modules :: ADMIN :: mod_custom (2.5.0) | mod_feed (2.5.0) | mod_latest (2.5.0) | mod_logged (2.5.0) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_multilangstatus (2.5.0) | mod_popular (2.5.0) | mod_quickicon (2.5.0) | mod_status (2.5.0) | mod_submenu (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) | mod_version (2.5.0) |

Plugins :: SITE :: plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_content_emailcloak (2.5.0) | plg_content_finder (2.5.0) | plg_content_geshi (2.5.0) | plg_content_joomla (2.5.0) | plg_content_loadmodule (2.5.0) | Content - Multicategories (1.0.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_vote (2.5.0) | Content - Widgetkit (1.0.0) | plg_editors_codemirror (1.0) | Editor - JCE (2.2.8.3) | plg_editors_tinymce (3.5.4.1) | plg_editors-xtd_article (2.5.0) | PLG_EDITORS-XTD_ARTICLESANYWHE (1.13.5) | plg_editors-xtd_image (2.5.0) | Button - Multicategories (1.0.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_extension_joomla (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_jcefilebrowser (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_weblinks (2.5.0) | PLG_SYSTEM_ARTICLESANYWHERE (1.13.5) | plg_system_cache (2.5.0) | plg_system_debug (2.5.0) | plg_system_highlight (2.5.0) | System - JCE MediaBox (1.1.4) | plg_system_languagecode (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_log (2.5.0) | plg_system_logout (2.5.0) | PLG_SYSTEM_NNFRAMEWORK (12.1.3) | plg_system_p3p (2.5.0) | plg_system_redirect (2.5.0) | plg_system_remember (2.5.0) | plg_system_sef (2.5.0) | System - Widgetkit Joomla (1.0.0) | System - Widgetkit (1.0.0) | System - Widgetkit ZOO (1.0.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_user_profile (2.5.0) | Xmap - Content Plugin (2.0.3) | Xmap - Kunena Plugin (2.0.2) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - SobiPro Plugin (2.0.1) | Xmap - Virtuemart Plugin (2.0.0) | Xmap - WebLinks Plugin (2.0) |
Templates Discovered :: wrote:
Templates :: SITE :: atomic (2.5.0) | beez5 (2.5.0) | beez_20 (2.5.0) | yoo_master (1.0.0) |
Templates :: ADMIN :: bluestork (2.5.0) | hathor (2.5.0) |


Top
 Profile  
 
PostPosted: Sat Nov 03, 2012 7:29 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sat Nov 03, 2012 7:27 pm
Posts: 1
Any new on this matter ??
I have the same issue on several sites.


Top
 Profile  
 
PostPosted: Sat Nov 03, 2012 9:28 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Mar 20, 2006 1:56 am
Posts: 12411
Location: The Girly Side of Joomla in Sussex
please go through the sticky - before you post read this and security checklist 7

hackers seldom redirect to msn as it does not give them any profit or fame

_________________
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be added to the foe list and possibly just deleted
{Community.Connect Administrator }{ Showcase & Security Moderator}


Top
 Profile  
 
PostPosted: Wed Nov 07, 2012 7:04 am 
User avatar
Joomla! Champion
Joomla! Champion

Joined: Thu Aug 18, 2005 2:09 am
Posts: 5657
Location: California
.
This is most likely a problem in the user's browser, not in Joomla.
I see no such code in Firefox, Opera, or IE.

The SWF file being loaded (storage.swf) is part of SwfStore (uses JavaScript to store info in LSOs, "Flash-cookies").
SwfStore is commonly used by various nefarious folks such sleazy browser toolbars and advertising networks.

The link to the file provides a clue:
h##p://savingsslider-a.akamaihd.net/items/e6a00/storage.swf

Savings Slider is a browser add-on to "help" you shop with coupons.

Remove the offending toolbar and/or other extensions and the issue should go away.

.

_________________
██ AllMedia4Joomla Project
██ http://sourceforge.net/projects/allmedia4joomla/
██ AllMedia YöuTube Feed Gallery module released
██ Download: http://sourceforge.net/projects/allmedia4joomla/files/


Top
 Profile  
 
PostPosted: Mon Nov 26, 2012 9:42 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Sep 12, 2005 9:41 pm
Posts: 23
Location: Atlanta, GA
Kenmcd is right on. Same thing happened to me. Then I looked in Chromes Extensions and found this:

Savings-Slider 2.3
Savings-Slider will help you save money when shopping online. When alerted that there are coupons available, simply click on "View All Available Coupons" for all the deals on the site you're browsing. Click the coupon to apply automatically! Savings-Slider is ad-supported software that is provided at no cost and may display advertisements in websites as you view them.

_________________
http://www.planetbobstudios.com

Akima: You can't call a planet "Bob."
Cale: So now you're the boss. You're the King of Bob.... No one said you have to live on Bob.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 



Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group