Text Enhance is hijacking site and creating links

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
scarney
Joomla! Intern
Joomla! Intern
Posts: 81
Joined: Sun Oct 23, 2005 11:48 pm
Contact:

Text Enhance is hijacking site and creating links

Post by scarney » Tue Apr 30, 2013 8:53 am

The web site that is having the problem is has a temporary password on it just to keep search engines from indexing before the site is launched. The plan was to launch this week but with this problem that plan is off until we solve the problem.
Problem Description :: Forum Post Assistant (v1.2.3) : 30th April 2013 wrote:Text Enhance script code on pages
Actions Taken To Resolve by Forum Post Assistant (v1.2.3) 30th April 2013 wrote:I have been reading on this forum and determined that others have the same problem so am now trying to gather data. I am getting javascript written into some of my pages that seem to deliver Text Enhance ads:
Here are samples of the scripts from my page:
<script type="text/javascript" src="//loading-resource.com/data.geo.php?callback=window.__geo.getData"></script>
<script type="text/javascript" src="http://cdncache3-a.akamaihd.net/loaders ... ript></div>
Forum Post Assistant (v1.2.3) : 30th April 2013 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 2.5.11-Stable (Ember) 26-April-2013
Joomla! Platform :: Joomla Platform 11.4.0-Stable (Brian Kernighan) 03-Jan-2012
Joomla! Configured :: Yes | Read-Only (444) | Owner: 934 (uid: /gid: ) | Group: 100 (gid: ) | Valid For: 2.5
Configuration Options :: Offline: 1 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 2.6.32-379.5.1.lve1.1.9.6.1.el6.x86_64 | Technology: x86_64 | Web Server: Apache/2.2.15 (Cloud Linux) | Encoding: gzip, deflate | Doc Root: /mnt/data/vhosts/casite-480421.cloudaccess.net/httpdocs | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.18 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22519 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 360M | Max. POST Size: 380M | Max. Input Time: 60 | Max. Execution Time: 660 | Memory Limit: 512M

MySQL Configuration :: Version: 5.5.28 (Client:5.1.61) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 22.98 MiB | #of Tables: 136
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.18) | date (5.3.18) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bz2 () | calendar () | ctype () | hash (1.0) | filter (0.11.0) | ftp () | gettext () | gmp () | SPL (0.2) | iconv () | pcntl () | readline () | Reflection ($Id: 593a0506b01337cfaf9f63ebc12cd60523fc2c41 $) | session () | standard (5.3.18) | shmop () | SimpleXML (0.1) | sockets () | exif (1.4 $Id$) | tokenizer (0.1) | xml () | cgi-fcgi () | bcmath () | curl () | dba () | dom (20031129) | fileinfo (1.0.5-dev) | gd () | imagick (2.2.2) | imap () | json (1.2.1) | ldap () | mbstring () | mcrypt () | memcache (3.0.6) | mysql (1.0) | mysqli (0.1) | odbc (1.0) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | PDO_ODBC (1.0.1) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | pgsql () | Phar (2.0.1) | snmp () | soap () | sqlite3 (0.7-dev) | tidy (2.0) | wddx () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | mhash () | ionCube Loader () | Zend Guard Loader () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: images/results/Mike_Crockett/ (775) |
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (2.5.0) | WF_CLEANUP_TITLE (2.3.2.4) | WF_FULLSCREEN_TITLE (2.3.2.4) | WF_CAPTION_TITLE (2.0.3) | WF_IMGMANAGER_TITLE (2.3.2.4) | WF_TABLE_TITLE (2.3.2.4) | WF_BROWSER_TITLE (2.3.2.4) | WF_PRINT_TITLE (2.3.2.4) | WF_FILEMANAGER_TITLE (2.1.6) | WF_IMGMANAGER_EXT_TITLE (2.0.16) | WF_SPELLCHECKER_TITLE (2.3.2.4) | WF_LISTS_TITLE (2.3.2.4) | WF_CHARMAP_TITLE (2.3.2.4) | WF_PREVIEW_TITLE (2.3.2.4) | WF_EMOTIONS_TITLE (2.0.2) | WF_ARTICLE_TITLE (2.3.2.4) | WF_CONTEXTMENU_TITLE (2.3.2.4) | WF_VISUALBLOCKS_TITLE (2.3.2.4) | WF_LINK_TITLE (2.3.2.4) | WF_VISUALCHARS_TITLE (2.3.2.4) | WF_MEDIAMANAGER_TITLE (2.0.11) | WF_SEARCHREPLACE_TITLE (2.3.2.4) | WF_LAYER_TITLE (2.3.2.4) | WF_TEXTCASE_TITLE (2.3.2.4) | WF_NONBREAKING_TITLE (2.3.2.4) | WF_DIRECTIONALITY_TITLE (2.3.2.4) | WF_AUTOSAVE_TITLE (2.3.2.4) | WF_STYLE_TITLE (2.3.2.4) | WF_MEDIA_TITLE (2.3.2.4) | WF_SOURCE_TITLE (2.3.2.4) | WF_CLIPBOARD_TITLE (2.3.2.4) | WF_XHTMLXTRAS_TITLE (2.3.2.4) | WF_INLINEPOPUPS_TITLE (2.3.2.4) | WF_KITCHENSINK_TITLE (2.3.2.4) | WF_ANCHOR_TITLE (2.3.2.4) | WF_LINK_SEARCH_TITLE (2.3.2.4) | WF_FILESYSTEM_JOOMLA_TITLE (2.3.2.4) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.3.2.4) | WF_POPUPS_JCEMEDIABOX_TITLE (2.3.2.4) | WF_POPUPS_WINDOW_TITLE (2.3.2.4) | K2 Links for Advanced Link (2.1) | WF_LINKS_JOOMLALINKS_TITLE (2.3.2.4) | WF_AGGREGATOR_[youtube]_TITLE (2.3.2.4) | WF_AGGREGATOR_GOOGLEMAPS_TITLE (2.3.2.4) | WF_AGGREGATOR_VIMEO_TITLE (2.3.2.4) | com_mailto (2.5.0) |
Components :: ADMIN :: com_cpanel (2.5.0) | com_cache (2.5.0) | COM_TESTIMONIALS (1.7.1 (build ) | com_languages (2.5.0) | COM_NONUMBERMANAGER (4.1.7) | Unknown (-) | com_xmap (2.3.2) | com_weblinks (2.5.0) | Je k2 Story (1.9) | com_plugins (2.5.0) | COM_REREPLACER (5.4.3PRO) | Content (1.5.3) | Banners (1.5.1) | Users (1.5.0) | K2 (1.5.15) | Plugins (1.5.0) | Modules (1.5.0) | Components (1.5.0) | News Feeds (1.5.1) | Web Links (1.5.1) | Menus (1.5.0) | com_acesearch (2.5.5.4) | com_pfrepo (4.0.0) | com_projectfork (4.0.0) | com_pftasks (4.0.0) | com_categories (2.5.0) | com_config (2.5.0) | AceSQL (1.0.4) | AceFTP (1.0.2) | com_pfusers (4.0.0) | com_modules (2.5.0) | com_newsfeeds (2.5.0) | com_checkin (2.5.0) | com_redirect (2.5.0) | com_banners (2.5.0) | eXtplorer (2.1.3) | JCE (2.3.2.4) | Unknown (-) | JCE (2.2.9.1) | com_menus (2.5.0) | Admintools (2.5.4) | com_pftime (4.0.0) | COM_M2C (2.5) | com_messages (2.5.0) | com_pfcomments (4.0.0) | com_admin (2.5.0) | com_login (2.5.0) | com_search (2.5.0) | com_pfforum (4.0.0) | com_templates (2.5.0) | Akeeba (3.7.6) | com_advancedmodules (4.4.5PRO) | com_content (2.5.0) | com_pfdesigns (4.0.0b1) | DM K2 GoogleNews Sitemap (2.2.1) | com_pfmilestones (4.0.0) | com_installer (2.5.0) | mod_k2_comments (-) | mod_k2_comments (-) | K2 (2.5.7) | COM_K2 (2.6.6) | com_media (2.5.0) | com_pfprojects (4.0.0) | com_joomlaupdate (2.5.0) | com_users (2.5.0) | com_finder (2.5.0) |

Modules :: SITE :: mod_search (2.5.0) | K2 Users (2.6.6) | jTweet (2.0.5) | K2 User (2.6.6) | mod_custom (2.5.0) | Testimonials (1.7.1 (build ) | mod_languages (2.5.0) | mod_random_image (2.5.0) | mod_feed (2.5.0) | mod_articles_news (2.5.0) | mod_articles_archive (2.5.0) | mod_related_items (2.5.0) | mod_articles_category (2.5.0) | mod_wrapper (2.5.0) | mod_login (2.5.0) | mod_users_latest (2.5.0) | mod_footer (2.5.0) | mod_menu (2.5.0) | mod_pf_tasks (4.0.0) | Social Login (1.6) | K2 Login (2.5.7) | mod_pf_dash_buttons (4.0.0) | Zen Tools (1.5.7) | mod_articles_popular (2.5.0) | mod_whosonline (2.5.0) | mod_articles_categories (2.5.0) | mod_banners (2.5.0) | AceSearch (1.5.0) | K2 Content (2.6.6) | K2 Comments (2.6.6) | mod_weblinks (2.5.0) | mod_breadcrumbs (2.5.0) | mod_stats (2.5.0) | Zen Tools (1.9.7-alpha10) | mod_finder (2.5.0) | mod_syndicate (2.5.0) | mod_articles_latest (2.5.0) | K2 Tools (2.6.6) |
Modules :: ADMIN :: mod_version (2.5.0) | AceSearch - Quick Icons (1.5.0) | AceSearch (1.5.0) | mod_multilangstatus (2.5.0) | mod_custom (2.5.0) | mod_latest (2.5.0) | MOD_CACHECLEANER (3.1.4PRO) | JCE File Browser (2.0.0) | MOD_BETTERPREVIEW (2.2.3PRO) | MOD_AKADMIN_TITLE (3.7.6) | mod_feed (2.5.0) | mod_switcheditor (0.1.3) | mod_status (2.5.0) | mod_quickicon (2.5.0) | K2 Stats (admin) (2.6.6) | mod_login (2.5.0) | mod_menu (2.5.0) | mod_popular (2.5.0) | K2 Quick Icons (admin) (2.6.6) | mod_submenu (2.5.0) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | Add to Menu Component XML - co (2.3.3PRO) | MOD_ADDTOMENU (2.3.3PRO) | Admin Tools Joomla! Upgrade No (2.5.4) | mod_logged (2.5.0) | mod_title (2.5.0) | mod_toolbar (2.5.0) |

Plugins :: SITE :: Josetta - K2 Categories (2.6.6) | Josetta - K2 Items (2.6.6) | plg_search_categories (2.5.0) | Search - K2 (2.6.6) | plg_search_weblinks (2.5.0) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | plg_search_content (2.5.0) | User Extended Fields for K2 (b (2.0) | plg_quickicon_atoolsjupdateche (1.0) | plg_quickicon_jcefilebrowser (2.3.2.4) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_akeebabackup (1.0) | plg_quickicon_extensionupdate (2.5.0) | User - K2 (2.6.6) | plg_user_profile (2.5.0) | plg_user_joomla (2.5.0) | plg_user_contactcreator (2.5.0) | plg_finder_categories (2.5.0) | plg_finder_k2 (2.6.6) | plg_finder_weblinks (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_content (2.5.0) | System - Admin Tools (2.5.4) | PLG_SYSTEM_SEOGENERATOR (4.6) | plg_system_redirect (2.5.0) | System - One Click Action (2.1) | PLG_SYSTEM_ADVANCEDMODULES (4.4.5PRO) | System - K2 (2.6.6) | plg_system_languagefilter (2.5.0) | System - Zen Grid Framework (2.3.3) | System Fitvids (1.0.4) | plg_system_p3p (2.5.0) | plg_system_cache (2.5.0) | plg_system_logout (2.5.0) | plg_system_debug (2.5.0) | System - JB Library (1.2.5) | plg_system_remember (2.5.0) | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) | System - Joomla! Update Email (1.0) | PLG_SYSTEM_AKLAZY_TITLE (3.7.GOODBYE) | plg_system_log (2.5.0) | PLG_SYSTEM_REREPLACER (5.4.3PRO) | CloudPanel (4.0) | System - Social Login (1.6) | plg_system_sef (2.5.0) | PLG_SYSTEM_CACHECLEANER (3.1.4PRO) | plg_system_switcheditor (0.1.3) | PLG_SRP_TITLE (3.7.6) | plg_system_highlight (2.5.0) | plg_system_languagecode (2.5.0) | PLG_SYSTEM_NNFRAMEWORK (13.4.8) | PLG_SYSTEM_ADMINBARDOCKER (2.4.1) | System - Admin Tools Update Em (1.0) | PLG_SYSTEM_BETTERPREVIEW (2.2.3PRO) | PLG_SYS_TWBOOTSTRAP (1.2.0) | plg_extension_joomla (2.5.0) | plg_editors_jce (2.3.2.4) | plg_editors_tinymce (3.5.4.1) | plg_editors_codemirror (1.0) | plg_content_pagebreak (2.5.0) | plg_content_pagenavigation (2.5.0) | AllVideos (by JoomlaWorks) (4.4) | plg_content_finder (2.5.0) | plg_content_tags_testimonials (1.7.1 (build ) | plg_content_emailcloak (2.5.0) | plg_content_pfcomments (4.0.0) | plg_content_pfnotifications (4.0.0) | plg_content_joomla (2.5.0) | plg_content_geshi (2.5.0) | Simple Image Gallery Pro (by J (2.5.8) | plg_content_vote (2.5.0) | plg_content_loadmodule (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_ldap (2.5.0) | plg_captcha_recaptcha (2.5.0) | Xmap - SobiPro Plugin (2.0.2) | Xmap - Mosets Tree Plugin (2.0.2) | Xmap - WebLinks Plugin (2.0.1) | Xmap - Kunena Plugin (2.0.3) | Xmap - Content Plugin (2.0.4) | Xmap - Virtuemart Plugin (2.0.1) | Zenkit (2.0.2) | PLG_JMONITORING_AKEEBABACKUP_T (1.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_testimonial (1.7.1 (build ) | plg_editors-xtd_tmrating (1.6.7) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_testimonial (1.7.1 (build ) | plg_editors-xtd_tmrating (1.7.1) |
Templates Discovered :: wrote:Templates :: SITE :: JB Lifestyle (2.2.6) | apptheme (1.2) | beez5 (2.5.0) | beez_20 (2.5.0) | atomic (2.5.0) | goggles (4.0.0) |
Templates :: ADMIN :: hathor (2.5.0) | bluestork (2.5.0) |

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14991
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Text Enhance is hijacking site and creating links

Post by mandville » Tue Apr 30, 2013 10:20 am

looks like a BHO issue to me - eg you have a search bar add on and thats reading and adverts appear in your text
sources
http://www.tinymce.com/forum/viewtopic.php?id=29649
http://www.threatexpert.com/report.aspx ... c1fe76a340
https://support.mozilla.org/en-US/questions/818180
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20243
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Text Enhance is hijacking site and creating links

Post by leolam » Tue Apr 30, 2013 4:56 pm

scarney wrote:The web site that is having the problem is has a temporary password on it just to keep search engines from indexing before the site is launched.
That does not stop indexing and is not the way to do that..... The proper way of doing that is opening the robot.txt file in your Joomla-root directory and having only this in it:

Code: Select all

User-agent: *
Disallow: /
this disallows all indexing and Google and Bing etc are listening to that very nicely. If you do not want to show the site yet you can (with the robot.txt as mentioned) insert an index.html in the root with something like "coming soon" and you can than still preview the site without frontend login with yoursite.com/index.php (Apache will load first index.html)

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services


Locked

Return to “Security in Joomla! 2.5”