Pharmacy links constantly added to com_redirect

nycosmg · Post by **nycosmg** » Tue Feb 04, 2014 4:16 am

My site is Joomla 1.7.3, and am stuck on this version as we have custom components/modules that only work on 1.7.3.

My problem is that every few minutes or so, new links are entered in com_redirect.

I have replaced ALL joomla files with the clean ones (i redownloaded the full package from joomla site), and still doing it.

nycosmg · Post by **nycosmg** » Tue Feb 04, 2014 4:41 am

comredirect.png

see the image above

nycosmg · Post by **nycosmg** » Tue Feb 04, 2014 4:42 am

Forum Post Assistant (v1.2.4) : 4th February 2014 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 1.7.3-Stable (Ember) 14-Nov-2011
Joomla! Platform :: Joomla Platform 11.2.0-Stable+Modified (Omar) 27-Jul-2011
Joomla! Configured :: Yes | Read-Only (444) | Owner: 502 (uid: /gid: ) | Group: 502 (gid: ) | Valid For: 1.7
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 1 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 1 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-71.29.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.15 (CentOS) | Encoding: gzip,deflate,sdch | Doc Root: /home/sites/domain.com/www/html | System TMP Writable: No

PHP Configuration :: Version: 5.3.3 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: 1 | Safe Mode: | Open Base: /home/sites/domain.com/www/html | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: -1 | Max. Execution Time: 30 | Memory Limit: 256M

MySQL Configuration :: Version: 5.1.52 (Client:5.1.52) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 28.08 MiB | #of Tables: 105
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.3) | date (5.3.3) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | session () | iconv () | pcntl () | readline () | Reflection ($Revision: 300393 $) | standard (5.3.3) | shmop () | SPL (0.2) | SimpleXML (0.1) | sockets () | exif (1.4 $Id: exif.c 293036 2010-01-03 09:23:27Z sebastian $) | tokenizer (0.1) | xml () | cgi-fcgi () | curl () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | json (1.2.1) | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | pdo_sqlite (1.0.1) | Phar (2.0.1) | soap () | sqlite3 (0.7-dev) | wddx () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.9.1) | Zend Engine (2.3.0) |
Potential Missing Extensions :: mbstring | mcrypt | suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (---) | tmp/ (---) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (1.7.0) | Super User (0.9.1) | Notifications (0.9.2) | Import/Export (0.5) | SEF Router (0.9.0) | Download Field (0.9.4) | SP-GeoMap Field (1.0) | Default SobiPro Template (1.0) | com_mailto (1.7.0) | WF_LINK_SEARCH_TITLE (2.3.4.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.4.4) | WF_POPUPS_WINDOW_TITLE (2.3.4.4) | WF_LINKS_JOOMLALINKS_TITLE (2.3.4.4) | K2 Links for JCE Link (2.2) | WF_AGGREGATOR_VIMEO_TITLE (2.3.4.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.4.4) | WF_AGGREGATOR_VINE_TITLE (2.3.4.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.4.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.4.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.4.4) | WF_XHTMLXTRAS_TITLE (2.3.4.4) | WF_SOURCE_TITLE (2.3.4.4) | WF_VISUALBLOCKS_TITLE (2.3.4.4) | WF_KITCHENSINK_TITLE (2.3.4.4) | WF_NONBREAKING_TITLE (2.3.4.4) | WF_ANCHOR_TITLE (2.3.4.4) | WF_PRINT_TITLE (2.3.4.4) | WF_LINK_TITLE (2.3.4.4) | WF_STYLE_TITLE (2.3.4.4) | WF_SEARCHREPLACE_TITLE (2.3.4.4) | WF_INLINEPOPUPS_TITLE (2.3.4.4) | WF_TEXTCASE_TITLE (2.3.4.4) | WF_ARTICLE_TITLE (2.3.4.4) | WF_LAYER_TITLE (2.3.4.4) | WF_CHARMAP_TITLE (2.3.4.4) | WF_CONTEXTMENU_TITLE (2.3.4.4) | WF_IMGMANAGER_TITLE (2.3.4.4) | WF_VISUALCHARS_TITLE (2.3.4.4) | WF_DIRECTIONALITY_TITLE (2.3.4.4) | WF_AUTOSAVE_TITLE (2.3.4.4) | WF_BROWSER_TITLE (2.3.4.4) | WF_CLIPBOARD_TITLE (2.3.4.4) | WF_LISTS_TITLE (2.3.4.4) | WF_FULLSCREEN_TITLE (2.3.4.4) | WF_SPELLCHECKER_TITLE (2.3.4.4) | WF_TABLE_TITLE (2.3.4.4) | WF_PREVIEW_TITLE (2.3.4.4) | WF_MEDIA_TITLE (2.3.4.4) | WF_CLEANUP_TITLE (2.3.4.4) |
Components :: ADMIN :: com_[youtube] (1.0.0) | com_cpanel (1.7.0) | Akeeba (3.4.3) | com_banners (1.7.0) | com_modules (1.7.0) | com_config (1.7.0) | com_newsfeeds (1.7.0) | com_content (1.7.0) | com_checkin (1.7.0) | com_templates (1.7.0) | com_admin (1.7.0) | com_media (1.7.0) | com_cache (1.7.0) | RSFirewall! (1.4.0 R44) | com_categories (1.7.0) | com_plugins (1.7.0) | com_weblinks (1.7.0) | COPMI Stories Component (1.0.1) | Webplayer (1.6) | com_languages (1.7.0) | com_search (1.7.0) | com_login (1.7.0) | com_redirect (1.7.0) | com_messages (1.7.0) | SobiPro (1.0.5) | com_users (1.7.0) | com_menus (1.7.0) | com_installer (1.7.0) | JCE (2.3.4.4) | Unknown (-) | RSForm (1.4.0 R43) | COPMI Tips Component (1.0.0) |

Modules :: SITE :: Custom HTML advanced (JTricks. (1.0) | COPMI Programs Sobipro Selecto (1.0) | COPMI Programs Sobipro Selecto (1.0) | COPMI Programs Sobipro Selecto (1.0) | FXPreview (1.0) | Webplayer Gallery (1.6) | Social Media Icon Links (1.6.0) | Webplayer Search (1.6) | mod_wrapper (1.7.0) | Webplayer Upload (1.6) | mod_custom (1.7.0) | mod_related_items (1.7.0) | COPMI Resources Search Module (1.0) | mod_languages (1.7.0) | mod_syndicate (1.7.0) | NYC Child Menu (1.0) | mod_login (1.7.0) | mod_articles_archive (1.7.0) | Fast Font (1.0) | COPMI Tips Category Module (1.0) | mod_breadcrumbs (1.7.0) | mod_menu (1.7.0) | mod_feed (1.7.0) | mod_articles_news (1.7.0) | joSlider (1.2) | Dropdown MegaMenu (1.0. | mod_articles_category (1.7.0) | mod_whosonline (1.7.0) | SobiPro GeoMap Module (0.5.1) | mod_articles_latest (1.7.0) | mod_search (1.7.0) | Webplayer (1.6) | mod_articles_popular (1.7.0) | mod_stats (1.7.0) | Flexi Custom Code (1.2) | mod_banners (1.7.0) | mod_footer (1.7.0) | mod_articles_categories (1.7.0) | SP Search In Categories (1.0) | mod_weblinks (1.7.0) | mod_users_latest (1.7.0) | mod_random_image (1.7.0) |
Modules :: ADMIN :: mod_latest (1.7.0) | mod_popular (1.7.0) | mod_toolbar (1.7.0) | mod_title (1.7.0) | mod_custom (1.7.0) | mod_login (1.7.0) | mod_menu (1.7.0) | mod_feed (1.7.0) | mod_logged (1.7.0) | RSFirewall! Cpanel Module (1.0.0) | mod_status (1.7.0) | Akeeba Backup Notification Mod (3.4.3) | mod_quickicon (1.7.0) | SobiPro Admin Menu (1.1) | mod_submenu (1.7.0) | mod_multilangstatus (1.7.1) |

Plugins :: SITE :: AllVideos (by JoomlaWorks) (4.4) | Webplayer (1.6) | plg_content_joomla (1.7.0) | plg_content_loadmodule (1.7.0) | plg_content_pagebreak (1.7.0) | plg_content_vote (1.7.0) | plg_content_emailcloak (1.7.0) | Content - RSForm! Pro (1.3.0) | plg_content_pagenavigation (1.7.0) | plg_content_geshi (1.7.0) | plg_editors_tinymce (3.4.4) | plg_editors_codemirror (1.0) | plg_editors_jce (2.3.4.4) | plg_extension_joomla (1.7.0) | plg_user_joomla (1.7.0) | plg_user_contactcreator (1.7.0) | plg_user_profile (1.7.0) | plg_search_categories (1.7.0) | plg_search_contacts (1.7.0) | plg_search_content (1.7.0) | Search - SobiPro Search Plugin (3.3.1) | plg_search_newsfeeds (1.7.0) | plg_search_weblinks (1.7.0) | plg_authentication_joomla (1.7.0) | plg_authentication_ldap (1.7.0) | plg_authentication_gmail (1.7.0) | plg_quickicon_jcefilebrowser (2.3.4.4) | plg_system_log (1.7.0) | Akeeba Backup Lazy Scheduling (3.3) | plg_system_cache (1.7.0) | plg_system_languagefilter (1.7.0) | plg_system_logout (1.7.0) | System - Google Maps (3.1) | System - RSFirewall! Active Sc (1.0.0) | plg_system_p3p (1.7.0) | plg_system_sef (1.7.0) | plg_system_remember (1.7.0) | System - Megamenu Framework (1.0.1) | PLG_SYSTEM_NNFRAMEWORK (11.11.3) | plg_system_debug (1.7.0) | plg_system_redirect (1.7.0) | PLG_SYSTEM_MODULESANYWHERE (1.13.3) | plg_editors-xtd_readmore (1.7.0) | plg_editors-xtd_article (1.7.0) | plg_editors-xtd_pagebreak (1.7.0) | plg_editors-xtd_image (1.7.0) | PLG_EDITORS-XTD_MODULESANYWHER (1.13.3) |
Templates Discovered :: wrote:Templates :: SITE :: beez_20 (1.7.0) | atomic (1.7.0) | beez5 (1.7.0) | COPMI (1.0.0) |
Templates :: ADMIN :: bluestork (1.7.0) | hathor (1.7.0) |

Post by **pe7er** » Tue Feb 04, 2014 3:02 pm

Welcome to Joomla forum!

First of all, Joomla 1.7 is End-of-Life which means it is no longer supported.
It's recommended to upgrade to the latest version in the same series, which is Joomla 2.5.17
Make a backup before doing so.

Regarding your problem: I guess that you should be glad that com_redirect lists pharmacy links because it means that those links do not exist and result in a 404 error.

If I would go to your website, and add /i-hacked-this-website in the URL, it will result in a 404 error and will appear in com_redirect as faulty link...

Maybe your server access logfiles, might list the IP address of the spam bot that tries to retrieve those spammy links.
You can create a rule in your .htaccess to ban that IP address from accessing your website.

Post by **mandville** » Tue Feb 04, 2014 8:35 pm

its not only your joomla install thats out of date and exploitable, a lot of your extensions are too.
perhaps its time to give up savin money on upradin and waste money on being secure instead

nycosmg · Post by **nycosmg** » Wed Feb 05, 2014 1:22 am

pe7er wrote:Welcome to Joomla forum!

First of all, Joomla 1.7 is End-of-Life which means it is no longer supported.
It's recommended to upgrade to the latest version in the same series, which is Joomla 2.5.17
Make a backup before doing so.

Regarding your problem: I guess that you should be glad that com_redirect lists pharmacy links because it means that those links do not exist and result in a 404 error.

If I would go to your website, and add /i-hacked-this-website in the URL, it will result in a 404 error and will appear in com_redirect as faulty link...

Maybe your server access logfiles, might list the IP address of the spam bot that tries to retrieve those spammy links.
You can create a rule in your .htaccess to ban that IP address from accessing your website.

Hi pe7er,

Thanks for the reply.

Yeah, I finally figured that out.
I have created a list of IP address that will be blocked in my .htaccess

Unfortunately this isn't my personal site, it's a site for non-profit organisation, and money/funds are hard to come by.

Thank you

Post by **mandville** » Sun Feb 16, 2014 9:09 pm

weigh up the costs of upgrading (bet its mostly free) than the downtime repairing a hacked site

The Joomla! Forum™

Pharmacy links constantly added to com_redirect

Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect

Re: Pharmacy links constantly added to com_redirect