my Site suspended because of malicious Script

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
Jideatom
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Tue Jun 17, 2014 12:38 pm

my Site suspended because of malicious Script

Post by Jideatom » Mon Nov 24, 2014 2:16 pm

Hello,

My website has been suspended because of malicious script that is sending spam messages. My hosting provider has suspended my account because of this issue.

I can even access my website admin backend to enable me run my security application. I have been denied access to the admin backend untill i resolve the issue. I still have access to my control panel and ftp account.

Please i need help on this issue as i have been on it for the past 7hrs. I even purchase Sitelock premium and apply to my domain, even after Sitelock scanning and my site given clean bill of health, the malicious script still persist on my site.

Thank you
Jide



Please find below Support information from my hosting provider

/plugins/content/jw_allvideos/jw_allvideos.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/plugins/system/jutabs/jutabs.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/plugins/system/modulesanywhere/modulesanywhere.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/administrator/components/com_rsform/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_sigpro/sigpro.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/administrator/components/com_sigpro/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_akeeba/akeeba.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/administrator/components/com_akeeba/backup/site-abrnetwork.org-20140825-134840.sql: EIG.IRCBot.EggDrop.Launcher-1.UNOFFICIAL FOUND
/administrator/components/com_akeeba/backup/site-abrnetwork.org-20140624-110957.sql: EIG.IRCBot.EggDrop.Launcher-1.UNOFFICIAL FOUND
/administrator/components/com_jevents/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_rsmediagallery/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_phocagallery/phocagallery.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/administrator/components/com_rsfirewall/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_rseventspro/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_jcomments/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/administrator/components/com_universal_ajax_live_search/extensions/mod_universal_ajaxlivesearch/mod_universal_ajaxlivesearch.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/administrator/components/com_universal_ajax_live_search/extensions/mod_universal_ajaxlivesearch/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/components/com_rseventspro/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/components/com_jevents/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/components/com_akeeba/akeeba.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_jce/jce.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_rsform/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/components/com_rsfirewall/rsfirewall.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_rsmediagallery/assets/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/components/com_userarticle/userarticle.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_universal_ajax_live_search/universal_ajax_live_search.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_jcomments/jcomments.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/components/com_jcomments/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/modules/mod_rokfeaturetable/admin/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/modules/mod_universal_ajaxlivesearch/mod_universal_ajaxlivesearch.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/modules/mod_sp_stock/mod_sp_stock.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/modules/mod_userarticle/mod_userarticle.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/modules/mod_jutabs/admin/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/modules/mod_as_artslider/mod_as_artslider.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/modules/mod_as_artslider/images/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/modules/mod_sj_videobox/assets/img/social.png: JCDEF.PHP.SEOSPAM-PHARMA-02.UNOFFICIAL FOUND
/modules/mod_sj_currency_rates/mod_sj_currency_rates.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/backup/tmp/cdnforjoomla_v3.2.3_pro.zip: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND
/backup/modules/mod_userarticle/mod_userarticle.php: EIG.PHP.CryptoPHP.InvestigateBeforeSuspend-1.UNOFFICIAL FOUND

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37163
Joined: Sat Apr 05, 2008 9:58 pm

Re: my Site suspended because of malicious Script

Post by Webdongle » Mon Nov 24, 2014 3:55 pm

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Locked

Return to “Security in Joomla! 2.5”