Malware warning from provider is driving me nuts

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
aszona
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Jan 29, 2017 9:34 pm

Malware warning from provider is driving me nuts

Postby aszona » Tue Jun 27, 2017 4:53 pm

I need a little help here with my site security. It is running version 3.7.2 and php 5.6.30. FPA didn't work for me.

The sites were minimal, less than minimal, while I was working on them and putting off working on them. I got a note from my host provider about malware. Google also was upset with me.

So I deleted everything and started over. All was fine.

Within a couple months, the host provider again said a couple of my sites were infected with malware possibilities. I only had the login box showing. I had stopped Joomla from serving pages.

I asked the provider for an education in what he was talking about and got a cryptic email consisting of this list.

Injection
Cross-site scripting
Insecure direct object references
Broken authentication
Cross-site request forgery (CSRF)
Security misconfiguration
Insecure cryptographic storage
Failure to restrict URL access
Insufficient transport layer protection
Invalidated redirects & forwards


The provider didn’t say which of those I had, though.

Can anybody please tell me how I could get infected with only a login box?

The hosting provider offered “protection” for hundreds of dollars a year.

As a side note, I downloaded and installed FPA, but when I went to the link I got a only my login box. I logged in and tried it again, and same thing. And I could find no log file anywhere. And the script was gone when I looked with file manager.

I’m going in circles.

Help.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 23470
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Malware warning from provider is driving me nuts

Postby Per Yngve Berg » Tue Jun 27, 2017 6:28 pm

What login box? Have you password protected the folder?

Have you renamed htaccess.txt to .htaccess (web.config.txt to web.config on IIS) or do you use a custom .htaccess file?

aszona
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Jan 29, 2017 9:34 pm

Re: Malware warning from provider is driving me nuts

Postby aszona » Wed Jun 28, 2017 1:28 pm

The login box to which I am referring appears when the Joomla site is taken off-line. I'm guessing it is there for the administrator to get into the site to work, or to start serving the site online.

I have not renamed .htaccess.txt and I don't use a custom .htaccess that I know of. I never tinkered with those.

User avatar
Bernard T
Joomla! Guru
Joomla! Guru
Posts: 782
Joined: Thu Jun 29, 2006 11:44 am
Location: Hrvatska
Contact:

Re: Malware warning from provider is driving me nuts

Postby Bernard T » Fri Jul 14, 2017 9:27 pm

aszona wrote:I need a little help here with my site security. It is running version 3.7.2 and php 5.6.30. FPA didn't work for me.
...
As a side note, I downloaded and installed FPA, but when I went to the link I got a only my login box. I logged in and tried it again, and same thing. And I could find no log file anywhere. And the script was gone when I looked with file manager.


I know this post is more than two weeks old, so if this issue of yours isn't fixed I'd like to help you to investigate and get the FPA script working for you.

The FPA script doesn't delete itself. It sounds like as some antimalware or similar system on the server you use has probably deleted the FPA file in the first place.

I'd suggest that you ask your hoster kindly to help you to get the FPA script running and gain the results.
Post it here thereafter.
VEL Team || Security Forum || PHP/Web Security Specialist || OWASP member
JAMSS author viewtopic.php?f=621&t=777957
Twitter: @toplak


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 6 guests