Phishing warning from our website

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
christoforosKor
Joomla! Intern
Joomla! Intern
Posts: 85
Joined: Mon Aug 27, 2012 2:22 pm

Phishing warning from our website

Post by christoforosKor » Tue Aug 24, 2021 12:44 pm

Hello,

We have received mails that warns us that our site is used for phissing attack.
We have blocked the phissing url on our sitem but after a couple of days we had another warning about the same issue.

Is there something more we have to do.
Last edited by toivo on Wed Aug 25, 2021 4:26 am, edited 2 times in total.
Reason: mod note: unlocked

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13800
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Phishing warning from our website

Post by toivo » Tue Aug 24, 2021 1:02 pm

Where do these email originate from? What is the URL of the website?
Toivo Talikka, Global Moderator

christoforosKor
Joomla! Intern
Joomla! Intern
Posts: 85
Joined: Mon Aug 27, 2012 2:22 pm

Re: Phishing warning from our website

Post by christoforosKor » Wed Aug 25, 2021 4:52 am

Hello,
The warning mail we got it from the monitoring service:
takedown-response+20873267@netcraft.com

The phising url on out site was:
https://www.acropolismuseumkids.gr/term ... jandra.com

Details about the fishing url and according to the monitoring service can be found here:
https://incident.netcraft.com/dae0f21d1db6/




Below is the forum post assistance output:
Forum Post Assistant (v1.6.2) : 25-Aug-2021 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.27-Stable (Amani) 25-May-2021
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Writable (664) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: true | SEF ReWrite: true | .htaccess/web.config: No (ReWrite Enabled but no .htaccess?) | GZip: false | Cache: false | CacheTime: 30 | CacheHandler: file | CachePlatformPrefix: true | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: simple | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: pdomysql | PHP Supports J! 3.9.27: Yes | Database Supports J! 3.9.27: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 3.10.0-1160.6.1.el7.x86_64 | Technology: x86_64 | Web Server: nginx/1.16.1 | Encoding: gzip, deflate, br | System TMP Writable: Yes | Free Disk Space : 54.92 GiB |

PHP Configuration :: Version: 7.4.13 | PHP API: fpm-fcgi | Session Path Writable: No | Display Errors: | Error Reporting: 22527 | Log Errors To: /var/log/php-fpm/www-error.log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 2M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

Database Configuration :: Version: 5.5.5-10.3.17-MariaDB-0+deb10u1 (Client:mysqlnd 7.4.13) | Database Size: 18.88 MiB | #of Tables with config prefix: 141 | #of other Tables: 0 | User Privileges : GRANT ALL
Detailed Environment :: wrote:PHP Extensions :: Core (7.4.13) | date (7.4.13) | libxml (7.4.13) | openssl (7.4.13) | pcre (7.4.13) | zlib (7.4.13) | filter (7.4.13) | hash (7.4.13) | Reflection (7.4.13) | SPL (7.4.13) | session (7.4.13) | standard (7.4.13) | cgi-fcgi (7.4.13) | bz2 (7.4.13) | calendar (7.4.13) | ctype (7.4.13) | curl (7.4.13) | dom (20031129) | mbstring (7.4.13) | fileinfo (7.4.13) | ftp (7.4.13) | gd (7.4.13) | gettext (7.4.13) | iconv (7.4.13) | json (7.4.13) | exif (7.4.13) | mysqlnd (mysqlnd 7.4.13) | PDO (7.4.13) | Phar (7.4.13) | SimpleXML (7.4.13) | sockets (7.4.13) | sodium (7.4.13) | sqlite3 (7.4.13) | tokenizer (7.4.13) | xml (7.4.13) | xmlwriter (7.4.13) | xsl (7.4.13) | mysqli (7.4.13) | pdo_mysql (7.4.13) | pdo_sqlite (7.4.13) | xmlreader (7.4.13) | Zend Engine (3.4.0) |
Potential Missing Extensions :: zip |

Switch User Environment :: PHP CGI: No | Server SU: No | PHP SU: No | Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (775) | components/ (775) | modules/ (775) | plugins/ (775) | language/ (775) | templates/ (775) | cache/ (775) | logs/ (---) | tmp/ (775) | administrator/components/ (775) | administrator/modules/ (775) | administrator/language/ (775) | administrator/templates/ (775) | administrator/logs/ (775) |

Elevated Permissions (First 10) :: font/ (775) | images/ (775) | images/cards/ (775) | images/games/ (775) | images/games/epigrafes-game/ (775) | images/games/epigrafes-game/.idea/ (775) | images/games/epigrafes-game/Images/ (775) | images/games/epigrafes-game/Images/comic/ (775) | images/games/epigrafes-game/Images/en_us/ (775) | images/games/epigrafes-game/Images/en_us/comic/ (775) |
Database Information :: wrote:Database statistics :: Uptime: 21631230 | Threads: 16 | Questions: 870501171 | Slow queries: 1 | Opens: 14375 | Flush tables: 1 | Open tables: 1478 | Queries per second avg: 40.242 |
Extensions Discovered :: wrote:Components :: Site ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: WF_LINKS_JOOMLALINKS_TITLE (2.8.1) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.8.1) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.8.1) ? | WF_LINK_SEARCH_TITLE (2.8.1) ? | WF_AGGREGATOR_VIMEO_TITLE (2.8.1) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.8.1) ? | WF_AGGREGATOR_[youtube]_TITLE (2.8.1) ? | WF_ANCHOR_TITLE (2.8.1) ? | WF_CLIPBOARD_TITLE (2.8.1) ? | WF_LAYER_TITLE (2.8.1) ? | WF_PRINT_TITLE (2.8.1) ? | WF_WORDCOUNT_TITLE (2.8.1) ? | WF_AUTOSAVE_TITLE (2.8.1) ? | WF_BROWSER_TITLE (2.8.1) ? | WF_FONTSELECT_TITLE (2.8.1) ? | JCE - Noneditable (1.0.0) ? | WF_EMOTIONS_TITLE (2.8.1) ? | WF_TABLE_TITLE (2.8.1) ? | WF_HR_TITLE (2.8.1) ? | WF_SOURCE_TITLE (2.8.1) ? | WF_IMGMANAGER_TITLE (2.8.1) ? | WF_MEDIA_TITLE (2.8.1) ? | WF_STYLE_TITLE (2.8.1) ? | WF_CLEANUP_TITLE (2.8.1) ? | WF_FULLSCREEN_TITLE (2.8.1) ? | WF_SPELLCHECKER_TITLE (2.8.1) ? | WF_VISUALCHARS_TITLE (2.8.1) ? | WF_VISUALBLOCKS_TITLE (2.8.1) ? | WF_TEXTCASE_TITLE (2.8.1) ? | WF_ARTICLE_TITLE (2.8.1) ? | WF_LINK_TITLE (2.8.1) ? | WF_NONBREAKING_TITLE (2.8.1) ? | WF_SEARCHREPLACE_TITLE (2.8.1) ? | WF_KITCHENSINK_TITLE (2.8.1) ? | WF_LISTS_TITLE (2.8.1) ? | WF_CONTEXTMENU_TITLE (2.8.1) ? | WF_FONTCOLOR_TITLE (2.8.1) ? | WF_XHTMLXTRAS_TITLE (2.8.1) ? | WF_FONTSIZESELECT_TITLE (2.8.1) ? | WF_FORMATSELECT_TITLE (2.8.1) ? | WF_STYLESELECT_TITLE (2.8.1) ? | WF_CHARMAP_TITLE (2.8.1) ? | WF_DIRECTIONALITY_TITLE (2.8.1) ? | WF_PREVIEW_TITLE (2.8.1) ? |

Components :: Admin ::
Core :: com_actionlogs (3.9.0) 1 | com_menus (3.0.0) 1 | com_installer (3.0.0) 1 | com_privacy (3.9.0) 1 | com_users (3.0.0) 1 | com_messages (3.0.0) 1 | com_associations (3.7.0) 1 | com_search (3.0.0) 1 | com_ajax (3.2.0) 1 | com_admin (3.0.0) 1 | com_languages (3.0.0) 1 | com_media (3.0.0) 1 | com_login (3.0.0) 1 | com_templates (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_content (3.0.0) 1 | com_fields (3.7.0) 1 | com_config (3.0.0) 1 | com_redirect (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_finder (3.0.0) 1 | com_checkin (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_modules (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_cache (3.0.0) 1 | com_categories (3.0.0) 1 | com_banners (3.0.0) 1 | com_tags (3.1.0) 1 | com_plugins (3.0.0) 1 |
3rd Party:: COM_COMPONENTBUILDER (2.10.9) 1 | COM_###COMPONENT### (###ACTUALVERS) ? | COM_JCE (2.8.1) 1 | ChronoForms6 (6.1.4) 1 | com_redj (1.9.0) 1 | com_upload (CVS: 1.0.0) 1 |

Modules :: Site ::
Core :: mod_breadcrumbs (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_stats (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_related_items (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_articles_categories (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_login (3.0.0) 1 | mod_search (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_finder (3.0.0) 1 |
3rd Party:: Hello, World! (1.0.0) 1 |

Modules :: Admin ::
Core :: mod_latestactions (3.9.0) 1 | mod_title (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_status (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_sampledata (3.8.0) 1 | mod_custom (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_login (3.0.0) 1 | mod_version (3.0.0) 1 |
3rd Party::

Libraries ::
Core ::
3rd Party:: CEGCore2 (2.0.12) 1 |

Plugins ::
Core :: plg_user_terms (3.9.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 0 | plg_user_profile (3.0.0) 0 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_system_p3p (3.0.0) 0 | plg_system_log (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_remember (3.0.0) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_languagefilter (3.0.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_languagecode (3.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_captcha_recaptcha (3.4.0) 0 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 0 | plg_content_joomla (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_confirmconsent (3.9.0) 0 | plg_content_emailcloak (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_installer_webinstaller (2.0.1) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_categories (3.0.0) 1 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 |
3rd Party:: plg_quickicon_jce (2.8.1) 1 | plg_fields_mediajce (2.8.1) 1 | plg_extension_jce (2.8.1) 1 | plg_system_jce (2.8.1) 1 | plg_system_redj (1.9.0) 0 | ChronoengineGcore2 (1.0) 1 | plg_system_jcemediabox (2.1.1) 1 | plg_content_mainsyssubmit (1.0) ? | plg_content_jce (2.8.1) 1 | plg_installer_jce (2.8.1) 1 | plg_editors_tinymce (4.5.12) 1 | plg_editors_jce (2.8.1) 1 | plg_editors_codemirror (5.60.0) 1 |
Templates Discovered :: wrote:Templates :: Site :: protostar (1.0) 1 | acropoliskids_videos (1.0) 1 | acropoliskids_inner (1.0) 1 | acropoliakids_content (1.0) 1 | acropoliskids (1.0) 1 | beez3 (3.1.0) 1 | acopoliskids_blank (1.0) 1 | acropoliakids_content (1.0) 1 |
Templates :: Admin :: isis (1.0) 1 | hathor (3.0.0) 1 |
Last edited by toivo on Wed Aug 25, 2021 9:21 am, edited 1 time in total.
Reason: mod note: disabled smilies in post Options for readability

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 13800
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Phishing warning from our website

Post by toivo » Wed Aug 25, 2021 9:43 am

The FPA results show that the website has a number issues, which may have allowed malware to be installed, causing the phishing warning by the monitoring service.

Comments from the FPA results follow, but you should get the website audited by a reputable online service, for example Phil Taylor's https://mysites.guru, where the first audit is free.

A number of folders have elevated permissions. The recommended folder permissions are 755.

Error reporting in Joomla is set to 'Simple', which filters PHP notices and warnings. In any case, check the PHP error log in /var/log/php-fpm/www-error.log.

Some third party extensions are out of date and may also have vulnerabilities, for example JCE. Please note that some older extensions in JED and especially those not in JED do not send any notices about new versions.

In the PHP configuration, the session path should be writable. Max. Upload Size: 2M and Max. POST Size: 8M are two low, set or ask the host to set them to minimum 32M.
Toivo Talikka, Global Moderator

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 7237
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Phishing warning from our website

Post by AMurray » Wed Aug 25, 2021 9:45 am

You should also be on Joomla 3.10.0 (release last week) or 3.10.1 (released today/yesterday depending on your time-zone).
Regards - A Murray

User avatar
changlee
Joomla! Explorer
Joomla! Explorer
Posts: 452
Joined: Tue Nov 20, 2007 11:05 am
Location: Greece
Contact:

Re: Phishing warning from our website

Post by changlee » Tue Nov 02, 2021 8:28 am

1. Did you updated everything?
2. Did you scanned everything?
If you do not programm your life, someone else will do it for you.
SMTP Newsletter APP: https://www.emailbat.com


Post Reply

Return to “Security in Joomla! 3.x”