Site visitors -trojan horse warning or pop up download

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
optahealth
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Oct 05, 2007 11:06 am

Site visitors -trojan horse warning or pop up download

Post by optahealth » Thu Nov 21, 2013 11:29 pm

Problem Description :: Forum Post Assistant (v1.2.3) : 21st November 2013 wrote:Site visitors get \"trojan horse\" warning
Last PHP Error(s) Reported :: Forum Post Assistant (v1.2.3) : 21st November 2013 wrote:[21-Nov-2013 16:09:13] PHP Warning: closedir(): supplied argument is not a valid Directory resource in /home1/painredu/public_html/fpa-en.php on line 1511
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 21st November 2013 wrote:Scanning with anti virus on all computers with admin access. Visual scan of file manager for anything unusual or changed.
Forum Post Assistant (v1.2.3) : 21st November 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.5.26-Stable (senu takaa ama busani) 27-March-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: painredu (uid: 1/gid: 1) | Group: painredu (gid: 1) | Valid For: 1.5
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: -1 | Site Debug: 0 | Language Debug: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-20130307.60.9.bh6.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: /home1/painredu/public_html | System TMP Writable: Yes

PHP Configuration :: Version: 5.2.17 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 6135 | Log Errors To: error_log | Last Known Error: 21st November 2013 16:10:08. | Register Globals: | Magic Quotes: 1 | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 10M | Max. POST Size: 10M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.34-log (Client:5.1.66) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 56.19 MiB | #of Tables: 168
Detailed Environment :: wrote:PHP Extensions :: date (5.2.17) | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dba () | dbase () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | gmp () | session () | iconv () | standard (5.2.17) | json (1.2.1) | ldap () | mbstring () | mcrypt () | mhash () | mime_magic (0.1) | mysql (1.0) | SimpleXML (0.1) | ncurses () | odbc (1.0) | pcntl () | SPL (0.2) | PDO (1.0.4dev) | pdo_dblib (1.0.1) | pdo_mysql (1.0.2) | PDO_ODBC (1.0.1) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | posix () | pspell () | readline () | Reflection (0.1) | imap () | shmop () | mysqli (0.1) | soap () | sockets () | SQLite (2.0-dev) | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.8.11) | cgi-fcgi () | Zend Optimizer () | Zend Engine (2.2.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) | tens/wp-content/plugins/wp_rokstories/cache/sym/root/etc/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/httpd/run/fcgi/ (777) |
Extensions Discovered :: wrote:Components :: SITE :: Wrapper (1.5.0) | User (1.5.0) | MailTo (1.5.0) |
Components :: ADMIN :: User Manager (1.5.0) | Installation Manager (1.5.0) | Contact Items (1.0.0) | FJ Related (1.0.12) | Configuration Manager (1.5.0) | Messaging (1.5.0) | Mass Mail (1.5.0) | Mobile Joomla! (1.2.7) | Trash (1.0.0) | Search (1.5.0) | sh404sef (1.0.11_Beta) | Language Manager (1.5.0) | Xmap (1.2.11) | Mosets Tree Plugin (1.0.1) | Web Links Plugin (1.5.1) | RD-Autos Plugin (1.5.0) | JoomSuite Resources Plugin (1.0.0) | MyBlog Plugin (1.5.1) | JoomGallery Plugin (1.5.1) | Hot Property Plugin (1.0.1) | DOCman Plugin (1.5.0) | JMovies Plugin (1.5.0) | Eventlist Plugin (1.0.0) | KnowledgeBase Plugin (1.0.0) | Kunena Plugin (1.0.1) | Content Plugin (1.5.1) | JDownloads Plugin (1.5.1) | Gallery2 Bridge Plugin (1.0.2) | AcyMailing Plugin (1.0.0) | Glossary Plugin (1.5.1) | lknAnswers Plugin (1.5.0) | CMS Shop Builder Plugin (1.5.0) | RSGallery2 Extension (1.0.0) | JCALPro Plugin (1.0.0) | Virtuemart Plugin (1.1.4) | Rokdownloads Plugin (1.0.4) | JoomDOC Extension (1.0.0) | Contacts Plugin (1.0.1) | SectionEx Plugin (1.0.2) | Rapid Recipe Plugin (1.0.0) | Remository Plugin (1.0.3) | Yoflash XMap Plugin (0.0.1) | Agora Plugin (1.0.0) | Jomres Plugin (1.0) | JEvents Plugin (1.0.3) | SOBI2 Plugin (1.5.1) | Polls (1.5.0) | JCredits (1.1) | CKEditor (1.5.11) | Cache Manager (1.5.0) | Plugin Manager (1.5.0) | Banners (1.5.0) | Media Manager (1.5.0) | Weblinks (1.5.0) | Frontpage (1.5.0) | Control Panel (1.5.0) | Content Page (1.5.0) | Template Manager (1.5.0) | Newsfeeds (1.5.0) | Menus Manager (1.5.0) | Module Manager (1.5.0) |

Modules :: SITE :: Statistics (1.5.0) | J!Analytics (1.3.0) | Poll (1.5.0) | Who\'s Online (1.0.0) | Newsflash (1.5.0) | Select Markup (1.2.7) | Header (1.2.7) | Related Items (1.0.0) | Banner (1.5.0) | Custom HTML (1.5.0) | MultiTrans (15v73) | Wrapper (1.0.0) | Menu (1.5.0) | Latest News (1.5.0) | Mobile Menu (1.2.7) | Login (1.5.0) | Footer (1.5.0) | Archived Content (1.5.0) | Syndicate (1.5.0) | Most Read Content (1.5.0) | Feed Display (1.5.0) | Random Image (1.5.0) | Breadcrumbs (1.5.0) | Sections (1.5.0) | [spam] for Joomla! (1.0.0) | Easytagcloud (2.1 for J1.5) | Search (1.0.0) |
Modules :: ADMIN :: Items Stats (1.0.0) | Popular Items (1.0.0) | Quick Icons (1.0.0) | Unread Items (1.0.0) | Custom HTML (1.5.0) | User Status (1.5.0) | Title (1.0.0) | Toolbar (1.0.0) | Login Form (1.0.0) | Footer (1.0.0) | Admin Submenu (1.0.0) | Online Users (1.0.0) | Logged in Users (1.0.0) | Feed Display (1.5.0) | Latest News (1.0.0) | Admin Menu (1.0.0) | Mobile Joomla! CPanel Icon (1.2.7) |

Plugins :: SITE :: Button - Pagebreak (1.5) | Button - Readmore (1.5) | Button - Image (1.0.0) | Joomla! Links for Advanced Lin (1.2.1) | Editor - XStandard Lite for Jo (1.0) | Editor - CKEditor (1.5.11) | Editor - TinyMCE 3 (3.2.6) | Editor - JoomlaCK (5.0 Stable) | Editor - ceditCKEditor (1.0.0) | Editor - JoomlaCK (5.0 Stable) | System - JCK Typography (3.4.8) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | Unknown (0.1) | JTreeLink (1.0) | Unknown (0.1) | Unknown (0.1) | XML-RPC - Blogger API (1.0) | XML-RPC - Joomla API (1.0) | Content - Pagebreak (1.5) | Content - Load Modules (1.5) | AllVideos (by JoomlaWorks) (3.3) | Content - Vote (1.5) | Content - Email Cloaking (1.5) | Content - Example (1.0) | Content - Page Navigation (1.5) | Content - Code Highlighter (Ge (1.5) | Quickicon - Mobile Joomla! CPa (1.2.7) | Authentication - LDAP (1.5) | Authentication - GMail (1.5) | Authentication - Example (1.5) | Authentication - Joomla (1.5) | Authentication - OpenID (1.5) | Mobile - Domains (1.2.7) | Mobile - Forever (1.2.7) | Mobile - ScientiaMobile (1.2-2013.02.2) | Mobile - Simple (1.2.7) | Mobile - AMDD (1.2.7) | User - Example (1.0) | User - Joomla! (1.5) | Mobile Joomla! (1.2.7) | sh404SEF - system - plugin (Version_1.0.B) | System - Remember Me (1.5) | System - SEF (1.5) | System - JC Hwdvideoshare (1.1) | System - Legacy (1.5) | System - Debug (1.5) | System - Backlinks (1.5) | System - Log (1.5) | System - JCK Typography (3.4.8) | System - Mootools Upgrade (1.5) | System - Cache (1.5) | Search - Newsfeeds (1.5) | Search - Weblinks (1.5) | Search - Contacts (1.5) | Search - Categories (1.5) | Search - Sections (1.5) | Search - Content (1.5) |
Templates Discovered :: wrote:Templates :: SITE :: mobile_iphone (1.2.7) | mobile_smartphone (1.2.7) | beez (1.0.0) | mobile_imode (1.2.7) | JA_Purity (1.2.0) | rhuk_milkyway (1.0.2) | rt_firenzie_j15 (1.5.0) | mobile_wap (1.2.7) |
Templates :: ADMIN :: Khepri (1.0) |
Top
Locked

Return to “Security in Joomla! 1.5”