defaced files in vote plugin Topic is solved

Discussion regarding Joomla! 4.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
nettemor
Joomla! Explorer
Joomla! Explorer
Posts: 304
Joined: Fri Dec 08, 2006 10:44 pm
Location: Norway

defaced files in vote plugin

Post by nettemor » Wed Dec 06, 2023 1:16 pm

Hi,
i was told from my hoster that i have defaced files in my latest joomla 4 installation.

/media/plg_content_vote/images/vote-star-half.svg
www/media/plg_content_vote/images/vote-star.svg
How do i fix this? Can i just copy the "original files" from the installation package and overwrite these defaced (if they really are) files ?

Also all the kunena templates files that i bought are told to be defaced.

I am not sure what it means that its defaced, is it really hacked or is this just a kind of warning.
Last edited by toivo on Wed Dec 06, 2023 9:11 pm, edited 1 time in total.
Reason: mod note: moved from 4.x Administration

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9569
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: defaced files in vote plugin

Post by AMurray » Wed Dec 06, 2023 9:36 pm

You can "reinstall core files" from Joomla Update, yes. Try it. You should see an orange button within the Joomla Update interface. You need to set the update channel to "default" I think.

I wouldn't attempt to replace just the files in question, replace the entire install as above.

We need more information: without the context of what your web host told you we're not to know what you mean by "defaced". We need to see your site (provide a link) to the pages that are "defaced".

It may be just a template or compatibility problem. Same with the Kunena templates. Are they designed for J4? For Kunena, can you set it to the default template - or uninstall the extra templates and use the default? or uninstall Kunena altogether and reinstall?

The other solution, restore your site backup from a time before all this occurred.
Regards - A Murray

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 43900
Joined: Sat Apr 05, 2008 9:58 pm

Re: defaced files in vote plugin

Post by Webdongle » Thu Dec 07, 2023 12:55 am

Question ... how did they get defaced? And what do the defaced files look like.
https://sitecheck.sucuri.net/
https://mysites.guru/
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
ceford
Joomla! Hero
Joomla! Hero
Posts: 2533
Joined: Mon Feb 24, 2014 10:38 pm
Location: Edinburgh, Scotland
Contact:

Re: defaced files in vote plugin

Post by ceford » Fri Dec 08, 2023 8:07 am

These files are svg files. Here is my vote-star.svg:

Code: Select all

<svg aria-hidden="true" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"><!-- Font Awesome Free 5.15.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) --><path d="M259.3 17.8L194 150.2 47.9 171.5c-26.2 3.8-36.7 36.1-17.7 54.6l105.7 103-25 145.5c-4.5 26.3 23.2 46 46.4 33.7L288 439.6l130.7 68.7c23.2 12.2 50.9-7.4 46.4-33.7l-25-145.5 105.7-103c19-18.5 8.5-50.8-17.7-54.6L382 150.2 316.7 17.8c-11.7-23.6-45.6-23.9-57.4 0z"/></svg>
It is possible your host has run an svg security analyser that has returned false positives. Open your file with a text editor and see how it compares with the above.

nettemor
Joomla! Explorer
Joomla! Explorer
Posts: 304
Joined: Fri Dec 08, 2006 10:44 pm
Location: Norway

Re: defaced files in vote plugin

Post by nettemor » Fri Dec 08, 2023 8:59 am

It seems like its a false positive on all these files. I have spoken to the developer of the kunena theme also, and he has checked it.
Also my host opened the site again, so seems like they agree that its a false positive.

Just dont know why this happens and its pretty annoing.

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2594
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: defaced files in vote plugin

Post by JAVesey » Fri Dec 08, 2023 8:27 pm

nettemor wrote:
Fri Dec 08, 2023 8:59 am
Just dont know why this happens and its pretty annoing.
It happens because your host runs a scanner that doesn't know enough about these types of files. That is the bottom line.
John V
Cardiff, Wales, UK
Joomla 5.0.3 "live" site on PHP 8.2.15 and MariaDB 10.11.6
Joomla 5.0.3 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28


Post Reply

Return to “Security in Joomla! 4.x”