Security/Malware warning in the URL: /404testpage4525d2fdc

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
XploreDesign
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Dec 04, 2010 1:28 am

Security/Malware warning in the URL: /404testpage4525d2fdc

Postby XploreDesign » Sat Feb 03, 2018 4:28 am

I'm using SiteGround for hosting, and have employed their SG Site Scanner. I'm noticing something suspicious when updating to Joomla 3.8.4 from 3.7.5.
-I force a site scan PRIOR to the upgrade, no malware detected.
-I upgrade to J 3.8.4, then immediately force another security scan, and get these errors:
Security/Malware warning in the URL: http://sacredpassage.com/404testpage4525d2fdc
Security/Malware warning in the URL: http://sacredpassage.com/404javascript.js
Anyone encountering this? Remedies?
I'm also in touch with SiteGround, but no response to the ticket yet...

User avatar
abernyte
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3538
Joined: Fri May 15, 2009 2:01 pm
Location: Écosse - Scozia - Escocia - Škotija -स्कॉटलैंड

Re: Security/Malware warning in the URL: /404testpage4525d2fdc

Postby abernyte » Sat Feb 03, 2018 10:00 am

Well Securi is not to impressed with these files either https://sitecheck.sucuri.net/results/sacredpassage.com

Might just be misconfigured server or you might want to treat the site as hacked.It will be interesting to see what Siteground say.
It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so. Twain

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1561
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Security/Malware warning in the URL: /404testpage4525d2fdc

Postby fcoulter » Sat Feb 03, 2018 10:07 am

I don't think that the site is hacked, this seems to be a server misconfiguration. Basically the scanner is testing how your site handles non-existent files, this should return a 404 error code, which is the code for when a file does not exist.

Instead for some reason it is returning a 500 error, which should be used when there is an actual error with the server, eg a PHP coding error.

There is more about this here: https://joomla.stackexchange.com/questions/14723/sucuri-detect-404javascript-js-its-really-a-security-issue

I will add that if you had bothered to Google this first before posting, then you could have found this out for yourself.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"

XploreDesign
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Sat Dec 04, 2010 1:28 am

Re: Security/Malware warning in the URL: /404testpage4525d2fdc

Postby XploreDesign » Sun Feb 04, 2018 5:58 am

Siteground has indeed come back with an 'all systems nominal' report. This was in fact a scan of a non-existent file, thus the error - no malware. I appreciate abernyte and fcoulter weighing in on this, despite the somewhat snarky postscript from fcoulter ;-)
Consider the issue closed.

User avatar
fcoulter
Joomla! Ace
Joomla! Ace
Posts: 1561
Joined: Thu Sep 13, 2007 11:39 am
Location: UK
Contact:

Re: Security/Malware warning in the URL: /404testpage4525d2fdc

Postby fcoulter » Sun Feb 04, 2018 11:54 am

If you thought my response was "snarky" I suggest you try this link: http://lmgtfy.com/?q=404javascript.js

And on a serious note, your site is still sending the incorrect error code 500, rather than a 404 error for non-existent documents.

Of course you can ignore it, but it is certainly an issue that I would want to fix if it were my site. The thing is that if you have a broken link on your site, eg a link to a page or file that does not exist, returning a 404 error informs anyone trying to fetch the page, including search engines, that the link is wrong. It is a fairly common occurance, links change over time, it does not mean that anything is particularly wrong with your site.

Whereas returning a 500 error means that there is actually something wrong with your site, eg a coding error in the software somewhere, also it can be a sign that the site has been hacked. If your site starts returning 500 errors in response to broken links then it can lead others to be wary of your site. Certainly Google don't like it when a site returns the wrong error code.
http://www.spiralscripts.co.uk for Joomla! extensions
http://www.fionacoulter.com/blog my personal website
Security Forum moderator :: VEL team member
"Wearing my tin foil hat with pride"


Return to “Security in Joomla! 3.x”

Who is online

Users browsing this forum: No registered users and 6 guests