Mobile / Tablet: Popup to untrustworthy site

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 12:50 pm

Hey,
i have since a long time a big problem.

Somites (but rarely) when i go to my website, than my site automatically forward do other untrustworthy sites which offers contest für an iphone oder amazon.

I absolutly dont know what or which script produces this forwarding to this sites. And this PopUp comes very rare, whereby its very hard to find out the cause.

Until recently the popups comes only on iphone/ipad, but yesterday it comes also on android phone.

my site is

Code: Select all

http://www.HDsports.at
yesterday i had the troubles on following sub-page:

Code: Select all

https://www.hdsports.at/skifahren/zermatt
anyone an idea, how i can find out the problem? Or anyone can help me to solve that?

Best regards, tom
Last edited by fcoulter on Sun Jan 14, 2018 1:33 pm, edited 1 time in total.
Reason: broke automatic link creation to hacked site
My Joomla-site: www.HDsports.at
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 1:22 pm

Forum Post Assistant (v1.3.7) : 14th January 2018 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.8.3-Stable (Amani) 12-December-2017
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.8
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 1 | .htaccess/web.config: Yes | GZip: 1 | Cache: 0 | CacheTime: 60 | CacheHandler: file | CachePlatformPrefix: 0 | FTP Layer: 0 | Proxy: 0 | LiveSite: | Session lifetime: 600 | Session handler: database | Shared sessions: 0 | SSL: 2 | FrontEdit: 2 | Error Reporting: none | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | dbConnection Type: mysqli | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.16.0-5-amd64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate, br | Doc Root: --protected-- | System TMP Writable: Yes |

PHP Configuration :: Version: 7.1.11 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /var/www/virtual/hdsports.at/:/var/www/conf/vu2002/session/:/tmp/:/tmp:/usr/share/php/:/var/lib/php5 | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 120 | Memory Limit: 128M

MySQL Configuration :: Version: 5.5.58-0+deb8u1 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $) | Host: --protected-- (--protected--) | Collation: utf8_general_ci (Character Set: utf8) | Database Size: 424.59 MiB | #of Tables: 366
Detailed Environment :: wrote:PHP Extensions :: Core (7.1.11) | date (7.1.11) | libxml (7.1.11) | openssl (7.1.11) | pcre (7.1.11) | sqlite3 (7.1.11) | zlib (7.1.11) | bcmath (7.1.11) | bz2 (7.1.11) | calendar (7.1.11) | ctype (7.1.11) | curl (7.1.11) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.11) | ftp (7.1.11) | gd (7.1.11) | gettext (7.1.11) | SPL (7.1.11) | iconv (7.1.11) | session (7.1.11) | intl (1.1.0) | json (1.5.0) | mbstring (7.1.11) | mcrypt (7.1.11) | standard (7.1.11) | PDO (7.1.11) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: b396954eeb2d1d9ed7902b8bae237b287f21ad9e $) | pdo_sqlite (7.1.11) | Phar (2.0.2) | posix (7.1.11) | Reflection (7.1.11) | imap (7.1.11) | SimpleXML (7.1.11) | soap (7.1.11) | sockets (7.1.11) | pdo_mysql (7.1.11) | exif (1.4 $Id: 8bdc0c8f27c2c9dd1f7551f1f9fe3ab57a06a4b1 $) | tokenizer (7.1.11) | xml (7.1.11) | xmlreader (7.1.11) | xmlrpc (7.1.11) | xmlwriter (7.1.11) | xsl (7.1.11) | zip (1.13.5) | mysqli (7.1.11) | cgi-fcgi () | fcphp () | ionCube Loader () | Zend OPcache (7.1.11) | Zend Engine (3.1.0) |
Potential Missing Extensions :: mysql | suhosin |
Disabled Functions :: popen | proc_open | shell_exec | show_source | diskfreespace | disk_free_space | posix_setuid | posix_seteuid | pcntl_alarm | pcntl_fork | pcntl_waitpid | pcntl_wait | pcntl_wifexited | pcntl_wifstopped | pcntl_wifsignaled | pcntl_wexitstatus | pcntl_wtermsig | pcntl_wstopsig | pcntl_signal | pcntl_signal_dispatch | pcntl_get_last_error | pcntl_strerror | pcntl_sigprocmask | pcntl_sigwaitinfo | pcntl_sigtimedwait | pcntl_exec | pcntl_getpriority | pcntl_setpriority |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |

Elevated Permissions (First 10) :: components/com_jreviews/jreviews/locale/ita/ (775) | components/com_jreviews/jreviews/locale/ita/LC_MESSAGES/ (775) | images/gpxtracks/ (775) | images/jreview/ (775) | images/mehr/ (775) | images/mehr/amp/ (775) | images/stories/Breitensport/Berg/ (775) | images/stories/Breitensport/Foren/ (775) | images/stories/Breitensport/Wandern/ (775) | images/stories/Breitensport/winter/ (775) |
Database Information :: wrote:Database statistics :: Uptime: 413901 | Threads: 12 | Questions: 30171421 | Slow queries: 0 | Opens: 9938 | Flush tables: 1 | Open tables: 400 | Queries per second avg: 72.895 |
Extensions Discovered :: wrote:Components :: SITE :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 | System - JReviews Add-on Menus (2.0.2) 1 | System - JReviews ShortCodes (1.1) 1 | System - JReviews SEF (2.1.1) 1 | System - JReviews Article Over (1.0.1) 1 | System - JReviews Module Param (1.0) 1 | JReviews (2.3.16) 1 | JReviews Activity Stream (2.7) 0 | JReviews Media Module (2.5) 1 | JReviews Reviews Advanced Filt (1.0) 1 | JReviews Fields Module (2.5) 1 | JReviews Directories Module (3.4) 1 | JReviews Listings Module (3.4) 1 | JReviews Totals Module (2.5) 1 | JReviews Range Module (2.5) 1 | JReviews Reviewer Rank Module (1.0) 1 | JReviews Favorite Users Module (2.5) 1 | JReviews Advanced Search Modul (2.5) 1 | JReviews Listings Advanced Fil (3.0) 1 | JReviews Reviews Module (3.4) 1 | JReviews Calendar Module (2.6) 1 | JReviews Activity Stream (2.1) 0 | JReviews Widgets Module (2.5) 1 | JReviews Listing Resources Mod (2.5) 1 | JReviews GeoMaps Module (2.5) 1 | WF_BROWSER_TITLE (2.6.19) 1 | WF_FONTSIZESELECT_TITLE (2.6.19) 1 | WF_ARTICLE_TITLE (2.6.19) 1 | WF_KITCHENSINK_TITLE (2.6.19) 1 | WF_FULLSCREEN_TITLE (2.6.19) 1 | WF_FORMATSELECT_TITLE (2.6.19) 1 | WF_CONTEXTMENU_TITLE (2.6.19) 1 | WF_FONTCOLOR_TITLE (2.6.19) 1 | WF_EMOTIONS_TITLE (2.6.19) 1 | WF_PREVIEW_TITLE (2.6.19) 1 | WF_LINK_TITLE (2.6.19) 1 | WF_PRINT_TITLE (2.6.19) 1 | WF_CHARMAP_TITLE (2.6.19) 1 | WF_NONBREAKING_TITLE (2.6.19) 1 | WF_INLINEPOPUPS_TITLE (2.6.19) 1 | WF_LAYER_TITLE (2.6.19) 1 | WF_CLIPBOARD_TITLE (2.6.19) 1 | WF_DIRECTIONALITY_TITLE (2.6.19) 1 | WF_CLEANUP_TITLE (2.6.19) 1 | WF_LISTS_TITLE (2.6.19) 1 | WF_FONTSELECT_TITLE (2.6.19) 1 | WF_XHTMLXTRAS_TITLE (2.6.19) 1 | WF_HR_TITLE (2.6.19) 1 | WF_TABLE_TITLE (2.6.19) 1 | WF_STYLESELECT_TITLE (2.6.19) 1 | WF_STYLE_TITLE (2.6.19) 1 | WF_SEARCHREPLACE_TITLE (2.6.19) 1 | WF_SOURCE_TITLE (2.6.19) 1 | WF_MEDIA_TITLE (2.6.19) 1 | WF_ANCHOR_TITLE (2.6.19) 1 | WF_VISUALBLOCKS_TITLE (2.6.19) 1 | WF_TEXTCASE_TITLE (2.6.19) 1 | WF_VISUALCHARS_TITLE (2.6.19) 1 | WF_AUTOSAVE_TITLE (2.6.19) 1 | WF_IMGMANAGER_TITLE (2.6.19) 1 | WF_SPELLCHECKER_TITLE (2.6.19) 1 | WF_AGGREGATOR_[youtube]_TITLE (2.6.19) 1 | WF_AGGREGATOR_DAILYMOTION_TITL (2.6.19) 1 | WF_AGGREGATOR_VIMEO_TITLE (2.6.19) 1 | WF_AGGREGATOR_VINE_TITLE (2.6.19) 1 | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.19) 1 | WF_POPUPS_WINDOW_TITLE (2.6.19) 1 | WF_LINK_SEARCH_TITLE (2.6.19) 1 | WF_FILESYSTEM_JOOMLA_TITLE (2.6.19) 1 | WF_LINKS_JOOMLALINKS_TITLE (2.6.19) 1 |
Components :: ADMIN :: JComments (3.0.5) 1 | com_content (3.0.0) 1 | nextend_installer (2.0) 1 | JoomGallery formal de-DE (3.1) 1 | JoomGallery (3.3.3) 1 | AcyMailing (5.8.1) 1 | AcyMailing Template Class Repl (5.8.1) 1 | AcyMailing : share on social n (1.0.0) 1 | AcyMailing table of contents g (1.0.0) 1 | AcyMailing : trigger Joomla Co (3.7.0) 1 | AcyMailing : (auto)Subscribe d (5.8.1) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing Tag and filter : Co (3.7.2) 1 | AcyMailing Tag and filter : Co (3.7.2) 1 | AcyMailing Tag : content inser (3.7.0) 1 | AcyMailing Tag : Date / Time (5.8.1) 1 | AcyMailing Tag : Subscriber in (5.8.1) 1 | AcyMailing Editor (5.8.1) 1 | AcyMailing Tag : Joomla User I (5.8.1) 1 | AcyMailing Module (3.7.0) 1 | AcyMailing Tag : Manage the Su (5.8.1) 1 | AcyMailing Manage text (1.0.0) 1 | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing JCE integration (5.8.1) 1 | com_banners (3.0.0) 1 | com_redirect (3.0.0) 1 | com_ajax (3.2.0) 1 | Akeeba (5.6.3) 1 | com_media (3.0.0) 1 | COM_M2C (3.0) 1 | com_rereplacer (8.2.2) 1 | com_categories (3.0.0) 1 | itemrating (1.2.1) 1 | com_admin (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_s2framework (2.1.17.3) 0 | COM_OSMAP (4.2.12) 1 | com_jreviews (2.7.22.0) 1 | com_modules (3.0.0) 1 | com_checkin (3.0.0) 1 | com_languages (3.0.0) 1 | Smart Slider 3 (3.0.33) 1 | JCH Optimize Pro (5.2.2) 1 | com_newsfeeds (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_login (3.0.0) 1 | com_plugins (3.0.0) 1 | com_cache (3.0.0) 1 | com_config (3.0.0) 1 | com_fields (3.7.0) 1 | com_messages (3.0.0) 1 | Admintools (4.3.1) 1 | com_phocagallery (4.3.1) 1 | com_itemrating (1.2.1) 0 | GMapFP-Item Rating (1.2.1) 0 | Virtuemart-Item Rating (1.2.1) 0 | itemrating (1.2.1) 1 | K2-Item Rating (1.2.1) 0 | Item Rating Plugin for Hikasho (1.2.1) 1 | Joomunited updater (1.2.1) 1 | My Rating (1.2.1) 0 | Adsmanager - Item Rating (1.2.1) 0 | FLEXIcontent - Item Rating (1.2.1) 0 | Item Rating Module (1.2.1) 0 | Content-Item Rating (1.2.1) 0 | COM_ACLMANAGER (2.4.6) 1 | com_bfstop (1.3.0) 1 | com_joomlaupdate (3.6.2) 1 | Nextend2 (2.0.23) 1 | com_templates (3.0.0) 1 | com_installer (3.0.0) 1 | com_associations (3.7.0) 1 | Minitek Wall (3.8.0) 1 | com_search (3.0.0) 1 | com_tags (3.1.0) 1 | COM_JOOMLAQUIZ (3.7.5) 1 | com_menus (3.0.0) 1 | com_finder (3.0.0) 1 | COM_ALLVIDEOSHARE (3.0) 1 | COM_JCE (2.6.19) 1 | Custom Properties (3.1.8) 1 | ChronoForms6 (6.0.15) 1 | com_patchtester (2.0.0.beta2) 1 | com_users (3.0.0) 1 | com_contenthistory (3.2.0) 1 | visforms (3.10.1) 1 |
Last edited by HDsportsAT on Sun Jan 14, 2018 1:25 pm, edited 1 time in total.
My Joomla-site: www.HDsports.at
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 1:24 pm

Forum Post Assistant (v1.3.7) : 14th January 2018 wrote:
Basic Environment :: wrote:
Modules :: SITE :: Top X quiz results (3.7.5) 1 | Visforms (3.14.1) 1 | JReviews Media Module (2.5) 1 | jPanel (0.9.3) 1 | JReviews Reviews Advanced Filt (1.0) 1 | JReviews Fields Module (2.5) 1 | mod_whosonline (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_joomimg (3.3.0) 1 | Giant Content (2.0.0) 1 | mod_users_latest (3.0.0) 1 | JReviews Directories Module (3.4) 1 | mod_joomcat (3.0 BETA2) 1 | Minitek Wall module (3.2.4) 1 | JReviews Listings Module (3.4) 1 | mod_related_items (3.0.0) 1 | mod_articles_category (3.0.0) 1 | JReviews Totals Module (2.5) 1 | mod_tags_similar (3.1.0) 0 | mod_syndicate (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_footer (3.0.0) 1 | JReviews Range Module (2.5) 1 | mod_articles_popular (3.0.0) 1 | BT Floater (1.1.1) 1 | JReviews Reviewer Rank Module (1.0) 1 | mod_articles_latest (3.0.0) 1 | JReviews Favorite Users Module (2.5) 1 | mod_articles_categories (3.0.0) 1 | Beautiful CK (1.1.1) 1 | EVO frontpage (5.0) 1 | mod_joomstats (3.0 BETA) 1 | JComments Latest (3.0.4) 1 | My quiz summary (3.7.5) 1 | mod_breadcrumbs (3.0.0) 1 | Custom Properties Menu (3.0.0) 1 | mod_custom (3.0.0) 1 | JReviews Advanced Search Modul (2.5) 1 | JReviews Listings Advanced Fil (3.0) 1 | Smart Slider 3 (3.1.2) 1 | All Video Share - Gallery (3.0) 1 | JReviews GeoMaps Module (2.5) 1 | Toolbar JT1 Module (1.0) 1 | mod_tags_popular (3.1.0) 0 | mod_banners (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_articles_news (3.0.0) 1 | Top X user quiz results (3.7.5) 1 | ARI Data Tables (1.15.13) 1 | mod_stats (3.0.0) 1 | Custom Properties Search (3.1.6) 1 | My quiz results (3.7.5) 1 | mod_languages (3.5.0) 1 | mod_finder (3.0.0) 1 | JReviews Widgets Module (2.5) 1 | mod_search (3.0.0) 1 | JReviews Reviews Module (3.4) 1 | JReviews Calendar Module (2.6) 1 | Last X quiz results (3.7.5) 1 | Item Rating Module (1.2.1) 0 | AcyMailing Module (3.7.0) 1 | All Video Share - Player (3.0) 1 | All Video Share - Search (3.0) 1 | JReviews Listing Resources Mod (2.5) 1 | mod_login (3.0.0) 1 |
Modules :: ADMIN :: mod_feed (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_title (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_latest (3.0.0) 0 | mod_popular (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_sampledata (3.8.0) 0 | mod_submenu (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_version (3.0.0) 1 | mod_status (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_login (3.0.0) 1 |

Plugins :: SITE :: plg_captcha_recaptcha (3.4.0) 1 | OSMap - Mosets Tree Plugin (3.3.0) 0 | OSMap - SobiPro Plugin (3.3.0) 0 | PLG_OSMAP_JOOMLA (4.2.12) 1 | OSMAP_PLUGIN_K2 (3.3.0) 0 | OSMap - Kunena Plugin (3.3.0) 0 | OSMap - WebLinks Plugin (3.3.0) 0 | OSMap - Virtuemart Plugin (3.3.0) 0 | plg_system_jce (2.6.19) 1 | PLG_ECC (3-1) 1 | plg_system_highlight (3.0.0) 1 | AcyMailing JCE integration (5.8.1) 1 | plg_system_updatenotification (3.5.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_remember (3.0.0) 1 | Nextend Smart Slider 3 (3.1.2) 1 | System - JReviews Add-on Menus (2.0.2) 1 | plg_system_logout (3.0.0) 1 | plg_system_sef (3.0.0) 1 | System - JAmp (1.5) 1 | plg_system_languagefilter (3.0.0) 0 | PLG_SYSTEM_HEADERTAGS (3.2.1) 1 | plg_system_rereplacer (8.2.2) 1 | Nextend2 Library (2.0.23) 1 | plg_system_redirect (3.0.0) 1 | System - JReviews ShortCodes (1.1) 1 | AcyMailing : (auto)Subscribe d (5.8.1) 1 | plg_system_stats (3.5.0) 0 | plg_system_ossystem (1.3.0) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK_T (1.1) 1 | PLG_SEOFLI (3-5) 1 | System - JReviews SEF (2.1.1) 1 | plg_system_fields (3.7.0) 1 | plg_system_log (3.0.0) 1 | plg_system_jcomments (1.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_directaliaspro (1.3.0) 1 | System - Marco's SQL Injection (1.4) 1 | PLG_OYL (3-2) 0 | System - JReviews Article Over (1.0.1) 1 | System - Admin Tools (4.3.1) 1 | plg_sketchcookies (1.0.4) 1 | System - ACL Manager (2.4.6) 1 | plg_system_p3p (3.0.0) 1 | PLG_SYSTEM_BACKUPONUPDATE_TITL (3.7) 1 | System - JReviews Module Param (1.0) 1 | System - ARI Extensions (1.3.2) 1 | ChronoengineGcore2 (1.0) 1 | System - SEOSimple (2.2) 1 | plg_system_regularlabs (17.10.8255) 1 | System - JU Sticky Panel (1.2) 0 | T3 Framework (2.7.0) 1 | plg_system_bfstop (1.3.0) 1 | PLG_SYSTEM_JCH_OPTIMIZE (5.2.2) 1 | plg_system_languagecode (3.0.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | Virtuemart-Item Rating (1.2.1) 0 | plg_user_profile (3.0.0) 1 | plg_user_joomla (3.0.0) 1 | plg_user_jcomments (1.0) 1 | plg_user_contactcreator (3.0.0) 1 | Adsmanager - Item Rating (1.2.1) 0 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | Joomlaquiz - blank (3.7.5) 1 | Joomlaquiz - hotspot (3.7.5) 1 | Joomlaquiz - dragdrop (3.7.5) 1 | Joomlaquiz - mresponse (3.7.5) 1 | Joomlaquiz - choice (3.7.5) 1 | Joomlaquiz - truefalse (3.7.5) 1 | Joomlaquiz - boilerplate (3.7.5) 1 | Joomlaquiz - mquestion (3.7.5) 1 | Joomlaquiz - surveys (3.7.5) 1 | Joomlaquiz - dropdown (3.7.5) 1 | plg_finder_contacts (3.0.0) 0 | plg_finder_categories (3.0.0) 0 | plg_finder_tags (3.0.0) 0 | plg_finder_content (3.0.0) 0 | plg_finder_newsfeeds (3.0.0) 0 | plg_extension_jce (2.6.19) 1 | plg_extension_joomla (3.0.0) 1 | AcyMailing Tag : content inser (3.7.0) 1 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing Tag : Date / Time (5.8.1) 1 | AcyMailing Tag and filter : Co (3.7.2) 1 | AcyMailing Tag and filter : Co (3.7.2) 1 | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing table of contents g (1.0.0) 1 | AcyMailing Tag : Subscriber in (5.8.1) 1 | AcyMailing : share on social n (1.0.0) 1 | AcyMailing Tag : Joomla User I (5.8.1) 1 | AcyMailing : trigger Joomla Co (3.7.0) 1 | AcyMailing Template Class Repl (5.8.1) 1 | AcyMailing Tag : Manage the Su (5.8.1) 1 | AcyMailing Manage text (1.0.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | Visforms - Visforms (1.0.3) 1 | plg_visforms_spambotcheck (3.4.3) 1 | GMapFP-Item Rating (1.2.1) 0 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_jcomments (1.0) 1 | plg_quickicon_akeebabackup (1.0) 1 | plg_installer_jce (2.6.19) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_installer_joomplaceupdater (1.1.0) 1 | Joomunited updater (1.2.1) 1 | plg_installer_webinstaller (1.1.1) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_editors_jce (2.6.19) 1 | AcyMailing Editor (5.8.1) 1 | plg_editors_codemirror (5.30.0) 1 | plg_editors_tinymce (4.5.8) 1 | Item Rating Plugin for Hikasho (1.2.1) 1 | plg_editors-xtd_article (3.0.0) 1 | Button - Custom Properties Tag (3.0.2) 1 | plg_editors-xtd_jcommentson (1.0) 1 | plg_editors-xtd_phocagallery (4.1.2) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_quiz (3.7.5) 0 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_visformfields (3.4.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_jcommentsoff (1.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_content_jce (2.6.19) 1 | PLG_CONTENT_BSC_ARTICLEFOOTER_ (0.2.4) 1 | plg_content_vote (3.0.0) 1 | All Video Share - Player (3.0) 1 | Content - ARI Data Tables (1.11.0) 1 | Content - ARI Data Tables (1.11.0) 1 | Content - Custom Properties Ta (3.0.1) 1 | plg_content_pagenavigation (3.0.0) 1 | PLG_CONTENT_SHOWTAGS (1.3.7) 1 | Content - Fast Social Share (2.7) 1 | Content-Item Rating (1.2.1) 0 | PLG_CONTENT_GPXTRACKMAP_NAME (1.4.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_phocagallery (4.1.2) 1 | plg_content_fields (3.7.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_jcomments (1.0) 1 | plg_content_emailcloak (3.0.0) 1 | Content - Quiz Content (3.7.5) 0 | JReviews (2.3.16) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_phocagalleryslides (4.1.2) 1 | plg_search_contacts (3.0.0) 0 | Search - Custom Properties Tag (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_jcomments (1.0) 0 | plg_search_tags (3.0.0) 0 | plg_search_content (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | K2-Item Rating (1.2.1) 0 | FLEXIcontent - Item Rating (1.2.1) 0 | My Rating (1.2.1) 0 | JReviews Activity Stream (2.7) 0 |
Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) 1 | purity_III (1.2.1) 1 | beez3 (3.1.0) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |
My Joomla-site: www.HDsports.at
Top
User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2637
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:
Contact JAVesey

Re: Mobile / Tablet: Popup to untrustworthy site

Post by JAVesey » Sun Jan 14, 2018 5:45 pm

You have elevated folder permissions (775) which could be the cause of your issue.

Does it only happen when your site is viewed on a mobile/tablet device? Which browser/OS?

Submit your site for review/audit at myjoomla.com; the first scan is free and will help point you in the right direction at the very least.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 8:25 pm

JAVesey wrote:You have elevated folder permissions (775) which could be the cause of your issue.

Does it only happen when your site is viewed on a mobile/tablet device? Which browser/OS?

Submit your site for review/audit at myjoomla.com; the first scan is free and will help point you in the right direction at the very least.

when i create an folder in ftp (filezilla) thant the permissions is automatically 775.
should the permissions never 775? This folders are media-folders...
But i have now changed all forlders to 755 and found no suspicious files in this folders

yes, it only happens with phone or tablet. I have no reports with pc.

Until recently i had only reports from Apple-Products (iphone, ipad), but a few days ago i get on my own phone this problem (Android with Chrome)
My Joomla-site: www.HDsports.at
Top
sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Mobile / Tablet: Popup to untrustworthy site

Post by sozzled » Sun Jan 14, 2018 8:35 pm

Yes, the recommended folder/file permissions are written about here: https://docs.joomla.org/What_are_the_re ... issions%3F

When you say that you are seeing mysterious popups advertising things that are unrelated to your website, do you have an example (a screenshot of the popup may help). Your website is "busy", that is to say, there's a lot of "content" on the web pages and (even though I do not speak German) it looks like a lot of that content is sourced off-site. In other words, there's alread a lot of "advertising" on that site. It's possible that some of this unwanted advertising material is simply a consequence of your site drawing its content from other places over which you have no control.

Ultimately, if your site deploys content from external advertising sources, you take the risk that some advertising my not be what you want. It's really about the choices you make; at least, that's how I see it.
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 9:12 pm

sozzled wrote:Yes, the recommended folder/file permissions are written about here: https://docs.joomla.org/What_are_the_re ... issions%3F

When you say that you are seeing mysterious popups advertising things that are unrelated to your website, do you have an example (a screenshot of the popup may help). Your website is "busy", that is to say, there's a lot of "content" on the web pages and (even though I do not speak German) it looks like a lot of that content is sourced off-site. In other words, there's alread a lot of "advertising" on that site. It's possible that some of this unwanted advertising material is simply a consequence of your site drawing its content from other places over which you have no control.

Ultimately, if your site deploys content from external advertising sources, you take the risk that some advertising my not be what you want. It's really about the choices you make; at least, that's how I see it.
thats right. but i get 2 days ago this problem also on i site where i activated now advertising.
acutally i have now screenshot. when i get this problem again, i will make a screenshot and post it here

i have now used https://manage.myjoomla.com.
the only thing what i found was " Fluff Files Found! "
in the list there are lot of files, that ar not on my webspace. So maybe its a bug in the tool or there are hidden files.
here is the list

Code: Select all

The files we consider are fluff are:

    /.drone.yml
    /robots.txt.dist
    /web.config.txt
    /joomla.xml
    /build.xml
    /LICENSE.txt
    /README.txt
    /htaccess.txt
    /LICENSES.php
    /configuration.php-dist
    /CHANGELOG.php
    /COPYRIGHT.php
    /CREDITS.php
    /INSTALL.php
    /LICENSE.php
    /CONTRIBUTING.md
    /phpunit.xml.dist
    /README.md
    /.travis.yml
    /travisci-phpunit.xml
    /images/banners/osmbanner1.png
    /images/banners/osmbanner2.png
    /images/banners/shop-ad-books.jpg
    /images/banners/shop-ad.jpg
    /images/banners/white.png
    /images/headers/blue-flower.jpg
    /images/headers/maple.jpg
    /images/headers/raindrops.jpg
    /images/headers/walden-pond.jpg
    /images/headers/windows.jpg
    /images/joomla_black.gif
    /images/joomla_black.png
    /images/joomla_green.gif
    /images/joomla_logo_black.jpg
    /images/powered_by.png
    /images/sampledata/fruitshop/apple.jpg
    /images/sampledata/fruitshop/bananas_2.jpg
    /images/sampledata/fruitshop/fruits.gif
    /images/sampledata/fruitshop/tamarind.jpg
    /images/sampledata/parks/animals/180px_koala_ag1.jpg
    /images/sampledata/parks/animals/180px_wobbegong.jpg
    /images/sampledata/parks/animals/200px_phyllopteryx_taeniolatus1.jpg
    /images/sampledata/parks/animals/220px_spottedquoll_2005_seanmcclean.jpg
    /images/sampledata/parks/animals/789px_spottedquoll_2005_seanmcclean.jpg
    /images/sampledata/parks/animals/800px_koala_ag1.jpg
    /images/sampledata/parks/animals/800px_phyllopteryx_taeniolatus1.jpg
    /images/sampledata/parks/animals/800px_wobbegong.jpg
    /images/sampledata/parks/banner_cradle.jpg
    /images/sampledata/parks/landscape/120px_pinnacles_western_australia.jpg
    /images/sampledata/parks/landscape/120px_rainforest_bluemountainsnsw.jpg
    /images/sampledata/parks/landscape/180px_ormiston_pound.jpg
    /images/sampledata/parks/landscape/250px_cradle_mountain_seen_from_barn_bluff.jpg
    /images/sampledata/parks/landscape/727px_rainforest_bluemountainsnsw.jpg
    /images/sampledata/parks/landscape/800px_cradle_mountain_seen_from_barn_bluff.jpg
    /images/sampledata/parks/landscape/800px_ormiston_pound.jpg
    /images/sampledata/parks/landscape/800px_pinnacles_western_australia.jpg
    /images/sampledata/parks/parks.gif
for example. The Folder "images/sampledate" doesnt exist.
Many files in the root are also doesnt exist

what makes me a little suspiciously are the files ".drone.yml", ".travis.yml", "travisci-phpunit.xml" and "phpunit.xml.dist". but all the files are not on my webspace...
My Joomla-site: www.HDsports.at
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Sun Jan 14, 2018 9:20 pm

okay, after running again the test, than it doesnt find these files again. so i think it was a bug in myjoomla :/
My Joomla-site: www.HDsports.at
Top
User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1403
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:
Contact PhilTaylor-Prazgod

Re: Mobile / Tablet: Popup to untrustworthy site

Post by PhilTaylor-Prazgod » Mon Jan 15, 2018 9:16 am

the only thing what i found was " Fluff Files Found! "
Factually incorrect.
than it doesnt find these files again. so i think it was a bug in myjoomla
There is no bug in myJoomla.com - if the files don't exist, we dont report them as existing.

The list of fluff files is just that A LIST - if you use the fluff files tool it shows which of those files in the LIST are present or not present and allows you to remove them.
".drone.yml", ".travis.yml", "travisci-phpunit.xml" and "phpunit.xml.dist". but all the files are not on my webspace...
Thats a good thing -it means you have not been using pre-release versions of Joomla
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Mon Jan 15, 2018 12:45 pm

sorry, but i am not unterstand the sense of your post.
than have myjoomla produced this .yml files?

With
" the only thing what i found was " Fluff Files Found! "
i mean, that was the only thing, what maybe could help me to find out the problem. the other results were almost complete positive.
My Joomla-site: www.HDsports.at
Top
User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1403
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:
Contact PhilTaylor-Prazgod

Re: Mobile / Tablet: Popup to untrustworthy site

Post by PhilTaylor-Prazgod » Mon Jan 15, 2018 12:50 pm

The "sense" of my post is to correct your misunderstanding that the multi-award winning myJoomla.com service was "buggy" and "incorrect" in what it was telling you. The fact is that it was not.

The yml files are part of the Joomla project while in development (see: https://github.com/joomla/joomla-cms) , but are removed before an official distribution is made.

If you had used a non-official distribution of a stable version of Joomla then some of these yml files would be present.

Other files, like the sample data images are also distributed in the stable versions.
Phil Taylor
- https://mySites.guru - Manage Multiple Joomla/WordPress Sites In One Dashboard for Security, Audits, Backups and more....
- https://www.phil-taylor.com/
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Mon Jan 15, 2018 12:57 pm

Relax, man
i meant in my post that myreviews found no suspicious informations or files on my website.
My Joomla-site: www.HDsports.at
Top
User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2637
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:
Contact JAVesey

Re: Mobile / Tablet: Popup to untrustworthy site

Post by JAVesey » Mon Jan 15, 2018 11:06 pm

It is possible that this isn't anything to do with Joomla or your hosting account, especially if myjoomla.com says that you don't have an issue.

Some questions:
1. Does this happen only to you or to other viewers of your website?
2. Do you see anything on your site's pages, e.g. underlines/double-underlines of text acting as hyperlinks?
3. Have you scanned your PC for viruses/trojans/malware?

You might need to do one of those lengthy deep-scan checks.
John V
Cardiff, Wales, UK
Joomla 5.1.0 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.1.0 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28
Top
HDsportsAT
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 170
Joined: Fri Oct 24, 2014 8:26 am
Contact:
Contact HDsportsAT

Re: Mobile / Tablet: Popup to untrustworthy site

Post by HDsportsAT » Mon Jan 15, 2018 11:32 pm

JAVesey wrote:It is possible that this isn't anything to do with Joomla or your hosting account, especially if myjoomla.com says that you don't have an issue.

Some questions:
1. Does this happen only to you or to other viewers of your website?
2. Do you see anything on your site's pages, e.g. underlines/double-underlines of text acting as hyperlinks?
3. Have you scanned your PC for viruses/trojans/malware?

You might need to do one of those lengthy deep-scan checks.
hello

1) this happens very rare

I had the first reporting since app. 1 year, but from other users. they had always an iphone. and i searched in the internet, and found that this is maybe also a problem with cookies or cache of the iphone.

i have also a iphone (but my 2nd phone) and i never had this problem.
but since 2-3 months this problem comes on my ipad. so this was the first time, where the problem happens on my device. and last week i had the first time this problem also on my 1st phone (android / Huawei). but on my 2nd phone (old iphone) i never had this problem.

The last days i had no problems, so i actually cant make a screenshot... and thats also the big problem. this redirection is so seldom...

2) i am not really know what you mean, but i see no suspicious things on my site...

3) yes. everything is fine.
i use also a very good hoster, and everything is okay..
My Joomla-site: www.HDsports.at
Top
Locked

Return to “Security in Joomla! 3.x”