Unexpected popup window appearing on a website (J 3.7.3)

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, PhilD, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
BENECH
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Thu Apr 23, 2009 7:43 am

Unexpected popup window appearing on a website (J 3.7.3)

Postby BENECH » Mon Jul 31, 2017 1:20 pm

Hello,

Since a few days, I encounter a problem on some of my Joomla websites. They are in Joomla 3.7.3 version.

As I consult a page on the website (for example :

Code: Select all

http://www.klerin.com/index.php/pretations/creation-de-site )
, a popup window is displayed .
This window displays a page that is detected as dangerous by the windows antivirus.
For example

Code: Select all

http://windowserviseu.top/


Then, if I try to reproduce the problem by reopening the same page, the problem does not reappear.


The Google Webmaster tool does not find any virus on the website.
The site http://isithacked.com/ does not find any problem on the site.

Can anybody help me to solve this problem ?

Thanks a lot,

Yves

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18387
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby leolam » Tue Aug 01, 2017 6:06 am

Hello,
After accessing your site (you have 'blocked' my location Indonesia so you see how useless that is since anybody is able to use a VPN) I cannot replicate in any form nor on any link on your site any pop-up neither in Chrome or FF

I also see no problematic script in your code

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

BENECH
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Thu Apr 23, 2009 7:43 am

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby BENECH » Tue Aug 01, 2017 6:58 am

defaut-popup.jpg


Thanks for your answer. Sorry for the region restriction. I authorize the access to all countries.
I agree with you : the Google analyser tool does not find any virus.

But this morning, I reproduce again the problem.
A popup form was displayed when opening the page :
http://www.klerin.com/index.php/pretati ... on-de-site
:(
I join a copy of this page to the post.
Yves
You do not have the required permissions to view the files attached to this post.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18387
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby leolam » Tue Aug 01, 2017 7:24 am

Well than your browser must be infected. Check with another browser since it does not pop-up in any of my browsers in any of your links. I just tested again.

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18387
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby leolam » Tue Aug 01, 2017 7:30 am

Anyhow besides this issue you will need to update to Joomla 3.7.4. You should be aware that J3.7.3 is vulnerable and we released 2 patches for this with Joomla 3.7.4 besides a lot of bugs resolved and improvements. You are at risk being hacked. Can you also please run and post the output of the FPA so I can review your plugins? http://forum.joomla.org/viewtopic.php?f=621&t=582860

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

BENECH
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Thu Apr 23, 2009 7:43 am

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby BENECH » Tue Aug 01, 2017 7:51 am

Thanks a lot Leo for your help.
I just upgraded the website to 3.7.4.

And also, I installed the fpa-en.php at the root of the website.
http://www.klerin.com/fpa-en.php

Hopefully, you will be able to find something wrong.

Thanks again,
Yves

User avatar
JAVesey
Joomla! Ace
Joomla! Ace
Posts: 1392
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby JAVesey » Tue Aug 01, 2017 8:15 am

YOU need to run the FPA and copy/paste the output onto this forum.

Then delete the FPA script off your server.

BENECH wrote:Hopefully, you will NOT be able to find something wrong.
Corrected for you ;)
John V
Cardiff, Wales, UK
Website: http://www.llanmon.org.uk (Joomla 3.8.2)

BENECH
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Thu Apr 23, 2009 7:43 am

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby BENECH » Tue Aug 01, 2017 8:46 am

Here is the result of the FPA.


Forum Post Assistant (v1.3.1) : 1st August 2017 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.7.4-Stable (Amani) 25-July-2017
Joomla! Configured :: Yes | Writable (644) | Owner: --protected-- . (uid: /gid: ) | Group: --protected-- (gid: ) | Valid For: 3.7
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: No | GZip: 0 | Cache: 0 | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: N/A | FTP Layer: 0 | Proxy: 0 | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: N/A | SSL: 0 | FrontEdit: 1 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.45+nuxit-squeeze-grsec | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes

PHP Configuration :: Version: 5.3.27 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 30711 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.57-MariaDB-1~wheezy (Client:5.1.73) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 6.27 MiB | #of Tables: 113
Detailed Environment :: wrote:PHP Extensions :: Core (5.3.27) | date (5.3.27) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gd () | gettext () | SPL (0.2) | iconv () | intl (1.1.0) | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | PDO (1.0.4dev) | pdo_mysql (1.0.2) | session () | Reflection ($Id: 4af6c4c676864b1c0bfa693845af0688645c37cf $) | standard (5.3.27) | SimpleXML (0.1) | soap () | Phar (2.0.1) | exif (1.4 $Id$) | tidy (2.0) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | Zend Engine (2.3.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): No
Potential Ownership Issues: Maybe
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 1045367 | Threads: 11 | Questions: 344616825 | Slow queries: 19 | Opens: 2508214 | Flush tables: 3 | Open tables: 20480 | Queries per second avg: 329.661 |
Extensions Discovered :: wrote:Components :: SITE :: WF_LINKS_JOOMLALINKS_TITLE (2.6.9) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.9) 1 | WF_POPUPS_WINDOW_TITLE (2.6.9) 1 | WF_LINK_SEARCH_TITLE (2.6.9) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.9) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.9) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.9) 1 | [youtube] (2.6.9) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.9) 1 | WF_SEARCHREPLACE_TITLE (2.6.9) 1 | WF_LISTS_TITLE (2.6.9) 1 | WF_STYLE_TITLE (2.6.9) 1 | WF_NONBREAKING_TITLE (2.6.9) 1 | WF_XHTMLXTRAS_TITLE (2.6.9) 1 | WF_CLIPBOARD_TITLE (2.6.9) 1 | WF_AUTOSAVE_TITLE (2.6.9) 1 | WF_FULLSCREEN_TITLE (2.6.9) 1 | WF_EMOTIONS_TITLE (2.6.9) 1 | WF_HR_TITLE (2.6.9) 1 | WF_ARTICLE_TITLE (2.6.9) 1 | WF_FONTSIZESELECT_TITLE (2.6.9) 1 | WF_FORMATSELECT_TITLE (2.6.9) 1 | WF_LINK_TITLE (2.6.9) 1 | WF_STYLESELECT_TITLE (2.6.9) 1 | WF_TEXTCASE_TITLE (2.6.9) 1 | WF_PREVIEW_TITLE (2.6.9) 1 | WF_DIRECTIONALITY_TITLE (2.6.9) 1 | WF_IMGMANAGER_TITLE (2.6.9) 1 | WF_CHARMAP_TITLE (2.6.9) 1 | WF_CONTEXTMENU_TITLE (2.6.9) 1 | WF_MEDIA_TITLE (2.6.9) 1 | WF_SOURCE_TITLE (2.6.9) 1 | WF_ANCHOR_TITLE (2.6.9) 1 | [Do not buy our kitchens!] (2.6.9) 1 | WF_SPELLCHECKER_TITLE (2.6.9) 1 | WF_CLEANUP_TITLE (2.6.9) 1 | WF_BROWSER_TITLE (2.6.9) 1 | WF_VISUALCHARS_TITLE (2.6.9) 1 | WF_FONTSELECT_TITLE (2.6.9) 1 | WF_FONTCOLOR_TITLE (2.6.9) 1 | WF_INLINEPOPUPS_TITLE (2.6.9) 1 | WF_TABLE_TITLE (2.6.9) 1 | WF_LAYER_TITLE (2.6.9) 1 | WF_PRINT_TITLE (2.6.9) 1 | WF_VISUALBLOCKS_TITLE (2.6.9) 1 | com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
Components :: ADMIN :: com_modules (3.0.0) 1 | com_categories (3.0.0) 1 | com_content (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_newsfeeds (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_languages (3.0.0) 1 | com_redirect (3.0.0) 1 | com_plugins (3.0.0) 1 | com_finder (3.0.0) 1 | COM_JCE (2.6.9) 1 | com_associations (3.7.0) 1 | com_menus (3.0.0) 1 | com_tags (3.1.0) 1 | com_templates (3.0.0) 1 | com_easybookreloaded (3-1) 1 | com_postinstall (3.2.0) 1 | com_config (3.0.0) 1 | com_xmap (2.3.4) 1 | rsinstaller (1.3.0) 0 | com_cache (3.0.0) 1 | com_messages (3.0.0) 1 | com_admin (3.0.0) 1 | RSFirewall! (2.11.6) 1 | com_users (3.0.0) 1 | com_checkin (3.0.0) 1 | com_ajax (3.2.0) 1 | com_search (3.0.0) 1 | com_media (3.0.0) 1 | com_banners (3.0.0) 1 | com_login (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_fields (3.7.0) 1 | com_installer (3.0.0) 1 | com_weblinks (3.6.0) 1 |

Modules :: SITE :: BT Content Slider (2.1.0) 1 | Super header (1.6.0) 1 | mod_articles_popular (3.0.0) 1 | Kenburn Slider Header (1.7.3) 1 | mod_related_items (3.0.0) 1 | mod_menu (3.0.0) 1 | Ju Photobox (1.6.0) 1 | WOW Slider Module (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_syndicate (3.0.0) 1 | MOD_FOXCONTACT (2.5.20) 1 | TopPanel Module (1.0.0) 1 | Quick contact form (2.5.3) 1 | mod_articles_latest (3.0.0) 1 | Client Testimonials (3.0) 1 | Photo gallery Module (2.8.0) 1 | Protected by RSFirewall! Modul (1.0.0 R49) 1 | mod_banners (3.0.0) 1 | Social Icons Module (2.9.3) 1 | mod_footer (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_wrapper (3.0.0) 1 | JU Newsflash (1.0.4) 1 | Dropping Module (2.6) 1 | mod_feed (3.0.0) 1 | mod_users_latest (3.0.0) 1 | JM News Pro (2.1.6) 1 | SP Weather (2.2.2) 1 | Coolshow module (1.6.0) 1 | Ju image caption (1.7.9) 1 | mod_breadcrumbs (3.0.0) 1 | Upcoming Events (1.4) 1 | mod_stats (3.0.0) 1 | mod_search (3.0.0) 1 | Contact Map Module (2.8.0) 1 | mod_languages (3.5.0) 1 | mod_tags_popular (3.1.0) 1 | mod_tags_similar (3.1.0) 1 | mod_random_image (3.0.0) 1 | Multi Sliders (3.0) 1 | [spam] for Joomla! (1.0.0) 1 | GTranslate (3.0.x.32) 1 | mod_login (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_weblinks (3.6.0) 1 | JU Login (2.5.4) 1 | Background animated (1.7.3) 1 | MOD_EBRLATESTENTRIES (3-1) 1 | mod_finder (3.0.0) 1 |
Modules :: ADMIN :: mod_title (3.0.0) 1 | mod_version (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_quickicon (3.0.0) 1 | RSFirewall! Control Panel Modu (1.4.0) 1 | mod_toolbar (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_login (3.0.0) 1 | mod_status (3.0.0) 1 | mod_latest (3.0.0) 1 |

Plugins :: SITE :: plg_finder_newsfeeds (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_weblinks (3.6.0) 1 | plg_user_profile (3.0.0) 0 | Multi View Cal Creator (1.7.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_jce (2.6.9) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_installer_rsfirewall (1.0.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | Button - Event Calendar (1.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_tags (3.0.0) 0 | plg_search_categories (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_weblinks (3.6.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_redirect (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | System - iCaptcha (1.6.1) 0 | plg_system_jce (2.6.9) 1 | System - Google Maps (3.2) 1 | System - Sboost Framework (1.9.5) 1 | plg_system_log (3.0.0) 1 | plg_system_remember (3.0.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_sef (3.0.0) 1 | plg_system_updatenotification (3.5.0) 0 | plg_system_logout (3.0.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | System - RSFirewall! Active Sc (1.4.0) 1 | HTTPBL - Project Honeypot Bloc (1.0.2) 1 | plg_system_p3p (3.0.0) 1 | plg_system_highlight (3.0.0) 1 | System - Stools Framework (1.9.5) 0 | plg_system_fields (3.7.0) 1 | plg_extension_jce (2.6.9) 1 | plg_extension_joomla (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_jce (2.6.9) 1 | Ju Plugin PhotoBox (1.6.0) 1 | plg_content_geshi (2.5.0) 0 | plg_content_pagebreak (3.0.0) 1 | PLG_TOOLTIPGC_XML_NAME (3.0.2) 0 | Content - Event Calendar (1.6.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_vote (3.0.0) 1 | plg_editors_jce (2.6.9) 1 | plg_editors_tinymce (4.5.7) 1 | plg_editors_codemirror (5.25.2) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_fields_integer (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_color (3.7.0) 1 | Xmap - Content Plugin (2.0.4) 1 | Xmap - SobiPro Plugin (2.0.2) 0 | Xmap - Kunena Plugin (3.0.0) 0 | Xmap - Virtuemart Plugin (2.0.3) 0 | Xmap - Mosets Tree Plugin (2.0.2) 0 | XMAP_PLUGIN_K2 (1.3) 0 | Xmap - WebLinks Plugin (2.0.1) 1 |
Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) 1 | beez5 (2.5.0) 1 | td_ivax (3.0.0) 1 | mod_virtuemart_category (2.0.14) 1 | VirtueMart Shopping Cart (2.0.14) 1 | atomic (2.5.0) 1 | beez_20 (2.5.0) 1 | beez3 (3.1.0) 1 | td_echos (3.0.0) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | bluestork (2.5.0) 1 | isis (1.0) 1 | isis (1.0) 1 |

User avatar
sozzled
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3493
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby sozzled » Tue Aug 01, 2017 9:21 am

If your website is responsible for generating ransomware popups—we don't know if your website is responsible for those things—then it indicates that your website has been hacked.

Looking at the FPA report, it's plain to see that the site has not been maintained very well.

The site looks like it was migrated from J! 2.5; there are a lot of J! 2.5 extensions have not been removed. In general, J! 2.5 extensions should be uninstalled from J! 3.x websites; most of them do not work at all with J! 3.x and some old extensions may be vulnerable to attack.

There are several outdated extensions here (I'm not going to list them all, there are too many of them): for example JCE 2.6.9 (the current version is 2.6.18), RS Firewall 2.11.6 (current version is 2.11.8) and Xmap (they're no longer in business)

The J! 2.5 extensions that you are using should be uninstalled or you should ask the authors of those extensions to confirm if they operate with J! 3.7.x, in particular BlueStork (admin template), Atomic, Beez5 and Beez_20, and JM News Pro 2.1.6, and Coolshow module 1.6.0

I don't know anything about the extensions JU Image Caption or JU Login. I can't find anything about them using Google.

Looks like you have a bit of housekeeping to do! ;)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 18387
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby leolam » Tue Aug 01, 2017 10:05 am

@BENECH,

You ask for help than follow up. John before posted to you that after running the FPA you have to remove it (it IS a security thread if you keep it on the site. Since the FPA has a button on it that reads "delete this" I have deleted this FPA for you.

I can only confirm what Sozzled wrote. You have a hopeless outdated website and extensions and you are highly vulnerable. On top of what Sozzled wrote you you will need to remove all extensions you do not need or use (example: Background animated (1.7.3)?) I think Sozzled did not yet mention 1/2 of the extensions that are not up to date.

Without offense but a kind of flabbergasted: You build websites and those you present on your site as references are nice sites. How come that as a developer you maintain your own site so badly?

I cannot find any pop-up plugin that can cause what YOU experience. Nobody seems to experience this so i am pretty convinced that your browser is infected. I cannot find anything in extensions nor in the code on this first and second check so remains at present what Sozzled mentioned:
you have a bit of housekeeping to do!
If you do not know how to handle this connect with a Joomla Professional but do it and don't wait!

Also last but not least PHP 5.3.29 is very, very outdated. We run Joomla now on latest PHP 7.1 which is 40% faster and a ton more secure. Get your account/server upgraded to run on PHP7.1

Leo 8)
Celebrating 12-Years of Professional Joomla Support Services
- Joomla Professional Support:https://gws-desk.com -
- Joomla Specialized Hosting Solutions:https://gws-host.com -
- Member Joomla Bug Squad & J-CMS Release Team

BENECH
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Thu Apr 23, 2009 7:43 am

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby BENECH » Fri Sep 22, 2017 8:22 am

Finally, the unexpected pop up form problem was solved as I installed Joomla 3.8.
Thanks.

User avatar
sozzled
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3493
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Unexpected popup window appearing on a website (J 3.7.3)

Postby sozzled » Fri Sep 22, 2017 8:27 am

... and did you update the other outdated extensions ... ???

... and did you remove the J! 2.5 extensions ... ???

(Just curious, that's all I'm saying.) 8)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 6 guests