Marked as 95% virus or 'infected'

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Marked as 95% virus or 'infected'

Post by claven123 » Wed Aug 21, 2019 9:50 am

I ran a scan of my website with site guarding antivirus program/scanner (as suggested here). I also ran the myjoomla guru scan, which did not show these.

It came up with 4 files.
/plugins/system/bfnetwork/bfnetwork/bfAuditor.php
/plugins/system/bfnetwork/bfnetwork/bfEncrypt.php
/components/com_jce/editor/libraries/pro/classes/manager.php
/components/com_jce/editor/tiny_mce/plugins/source/js/format.min.js

I found the first two are from the mysites.guru or myjoomla scan site. Are the last two false positives?

Is it more advantageous to have one of these or both? Antivirus or the myjoomla ?

D

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 25975
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Marked as 95% virus or 'infected'

Post by Per Yngve Berg » Wed Aug 21, 2019 1:25 pm

Please post the FPA

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1198
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Marked as 95% virus or 'infected'

Post by PhilTaylor-Prazgod » Wed Aug 21, 2019 1:32 pm

Im not allowed to talk about mySites.guru files due to the stupid oversensitive forum rules - however the two JCE files are often also mistaken by pathetic "scanners" as being "infected"... they are not.

If you want support for the files then you should ask the developers of those files.

None of these files are "infected", they are all legitimate.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Wed Aug 21, 2019 9:56 pm

Ok, will get the FPA started and post it.

Is it more advantageous to have one of these or both? Antivirus or the myjoomla ?

D

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1198
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Marked as 95% virus or 'infected'

Post by PhilTaylor-Prazgod » Wed Aug 21, 2019 9:57 pm

I am not allowed to answer that question accurately without having my forum posts deleted and me banned from the forum. Pathetic rules here.

99% of the hacks in Joomla sites will go undetected by Virus Checkers - because they are not viruses. They are hacks. There is a big difference.

The FPA will not answer that question either.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

User avatar
bruno28
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 232
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: Marked as 95% virus or 'infected'

Post by bruno28 » Thu Aug 22, 2019 5:28 am

Per Yngve Berg wrote:
Wed Aug 21, 2019 1:25 pm
Please post the FPA
Hello claven123

If you want some help, please post the FPA as suggested by Per Yngve Berg

https://forumpostassistant.github.io/docs/
Cordialement, Bruno28 :)
Joomla! 3.9.11 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11242
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Marked as 95% virus or 'infected'

Post by toivo » Thu Aug 22, 2019 5:49 am

As Phil rightly said, the first two files are installed by his excellent service, previously known as myJoomla.com, which, according to the forum rules, he is not allowed to promote.
Toivo Talikka, Global Moderator

User avatar
bruno28
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 232
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: Marked as 95% virus or 'infected'

Post by bruno28 » Thu Aug 22, 2019 5:55 am

toivo wrote:
Thu Aug 22, 2019 5:49 am
As Phil rightly said, the first two files are installed by his excellent service, previously known as myJoomla.com, which, according to the forum rules, he is not allowed to promote.
Hello toivo

this is for me ?

If I understand, he can't post FPA because his site is not a joomla one ?

Please can you explain if you have time

Thank you in advance
Cordialement, Bruno28 :)
Joomla! 3.9.11 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 11242
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Marked as 95% virus or 'infected'

Post by toivo » Thu Aug 22, 2019 5:59 am

Sorry, who says that whose site is not a Joomla site?
Toivo Talikka, Global Moderator

User avatar
bruno28
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 232
Joined: Wed May 16, 2012 5:41 am
Location: Chartres, France
Contact:

Re: Marked as 95% virus or 'infected'

Post by bruno28 » Thu Aug 22, 2019 6:06 am

I am not complaining, I just want to understand what he does wrong so I will not give wrong answer if I want to help others

I really appreciate what you are doing, all volonteers here
Cordialement, Bruno28 :)
Joomla! 3.9.11 - php 7.3
https://www.bp2i.fr/ - https://www.moneglisesurle.net/

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Thu Aug 22, 2019 9:32 am

Is it more advantageous to have one of these or both? Antivirus or the myjoomla ?

Phil you responded, but I'd agree you're a bit biased :)

I'm working on the FPA, and yes, it's a joomla site.

D

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Thu Aug 22, 2019 8:49 pm

Forum Post Assistant (v1.4.9 (lambrusca) : 22nd August 2019 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.11-Stable (Amani) 13-August-2019
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: Yes | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: none | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.9.11: Yes | Database Supports J! 3.9.11: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 3.10.0-962.3.2.lve1.5.26.1.el7.x86_64 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 440.89 GiB |

PHP Configuration :: Version: 7.1.30 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 1 | Error Reporting: 22519 | Log Errors To: /dev/null | Last Known Error: 03rd August 2019 08:28:13. | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 128M | Max. POST Size: 128M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 512M

Database Configuration :: Version: 5.5.5-10.2.26-MariaDB-log (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | Host: --protected-- (--protected--) | default Collation: latin1_swedish_ci (default Character Set: latin1) | Database Size: 22.51 MiB | #of Tables:  120
Detailed Environment :: wrote:PHP Extensions :: Core (7.1.30) | date (7.1.30) | libxml (7.1.30) | openssl (7.1.30) | pcre (7.1.30) | zlib (7.1.30) | bcmath (7.1.30) | bz2 (7.1.30) | calendar (7.1.30) | ctype (7.1.30) | curl (7.1.30) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.1.30) | ftp (7.1.30) | gd (7.1.30) | gettext (7.1.30) | SPL (7.1.30) | iconv (7.1.30) | session (7.1.30) | intl (1.1.0) | json (1.5.0) | mbstring (7.1.30) | mcrypt (7.1.30) | standard (7.1.30) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | mysqli (7.1.30) | PDO (7.1.30) | pdo_mysql (7.1.30) | pdo_pgsql (7.1.30) | pgsql (7.1.30) | Phar (2.0.2) | posix (7.1.30) | pspell (7.1.30) | Reflection (7.1.30) | imap (7.1.30) | SimpleXML (7.1.30) | soap (7.1.30) | sockets (7.1.30) | exif (7.1.30) | tidy (7.1.30) | tokenizer (7.1.30) | xml (7.1.30) | xmlreader (7.1.30) | xmlrpc (7.1.30) | xmlwriter (7.1.30) | xsl (7.1.30) | zip (1.13.5) | cgi-fcgi () | sqlite3 (7.1.30) | Zend Engine (3.1.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: Yes | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 1450633 | Threads: 160 | Questions: 2732795054 | Slow queries: 20101 | Opens: 99150220 | Flush tables: 17 | Open tables: 20480 | Queries per second avg: 1883.863 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: WF_CLEANUP_TITLE (2.7.16) ? | WF_PREVIEW_TITLE (2.7.16) ? | WF_EMOTIONS_TITLE (2.7.16) ? | WF_INLINEPOPUPS_TITLE (2.6.19) ? | WF_FORMATSELECT_TITLE (2.7.16) ? | WF_MICRODATA_TITLE (2.7.16) ? | WF_HR_TITLE (2.7.16) ? | WF_VISUALCHARS_TITLE (2.7.16) ? | WF_SEARCHREPLACE_TITLE (2.7.16) ? | WF_CAPTION_TITLE (2.7.16) ? | WF_CHARMAP_TITLE (2.7.16) ? | WF_FONTCOLOR_TITLE (2.7.16) ? | WF_TABLE_TITLE (2.7.16) ? | WF_SPELLCHECKER_TITLE (2.7.16) ? | WF_TEXTCASE_TITLE (2.7.16) ? | WF_LINK_TITLE (2.7.16) ? | WF_WORDCOUNT_TITLE (2.7.16) ? | WF_TEXTPATTERN_TITLE (2.7.16) ? | WF_ANCHOR_TITLE (2.7.16) ? | WF_CLIPBOARD_TITLE (2.7.16) ? | WF_PRINT_TITLE (2.7.16) ? | WF_ARTICLE_TITLE (2.7.16) ? | WF_NONBREAKING_TITLE (2.7.16) ? | WF_FONTSIZESELECT_TITLE (2.7.16) ? | WF_FONTSELECT_TITLE (2.7.16) ? | WF_DIRECTIONALITY_TITLE (2.7.16) ? | WF_STYLESELECT_TITLE (2.7.16) ? | WF_MEDIA_TITLE (2.7.16) ? | WF_TEMPLATEMANAGER_TITLE (2.7.16) ? | WF_IFRAME_TITLE (2.7.16) ? | WF_SOURCE_TITLE (2.7.16) ? | WF_STYLE_TITLE (2.7.16) ? | WF_IMGMANAGER_EXT_TITLE (2.7.16) ? | WF_LAYER_TITLE (2.7.16) ? | WF_FULLSCREEN_TITLE (2.7.16) ? | WF_BROWSER_TITLE (2.7.16) ? | WF_FILEMANAGER_TITLE (2.7.16) ? | WF_KITCHENSINK_TITLE (2.7.16) ? | WF_LISTS_TITLE (2.7.16) ? | WF_XHTMLXTRAS_TITLE (2.7.16) ? | WF_AUTOSAVE_TITLE (2.7.16) ? | WF_CONTEXTMENU_TITLE (2.7.16) ? | WF_IMGMANAGER_TITLE (2.7.16) ? | WF_MEDIAMANAGER_TITLE (2.7.16) ? | WF_VISUALBLOCKS_TITLE (2.7.16) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.7.16) ? | WF_POPUPS_WINDOW_TITLE (2.6.19) ? | WF_LINKS_JOOMLALINKS_TITLE (2.7.16) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.7.16) ? | WF_AGGREGATOR_[youtube]_TITLE (2.7.16) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.7.16) ? | WF_AGGREGATOR_VINE_TITLE (2.6.19) ? | WF_AGGREGATOR_VIMEO_TITLE (2.7.16) ? | WF_LINK_SEARCH_TITLE (2.7.16) ? |

Components :: ADMIN ::
Core :: com_languages (3.0.0) 1 | com_config (3.0.0) 1 | com_templates (3.0.0) 1 | com_tags (3.1.0) 1 | com_checkin (3.0.0) 1 | com_weblinks (3.6.0) 1 | com_media (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_contenthistory (3.2.0) 1 | com_modules (3.0.0) 1 | com_cache (3.0.0) 1 | com_actionlogs (3.9.0) 1 | com_fields (3.7.0) 1 | com_privacy (3.9.0) 1 | com_login (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_banners (3.0.0) 1 | com_messages (3.0.0) 1 | com_menus (3.0.0) 1 | com_categories (3.0.0) 1 | com_ajax (3.2.0) 1 | com_installer (3.0.0) 1 | com_admin (3.0.0) 1 | com_finder (3.0.0) 1 | com_content (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_postinstall (3.2.0) 1 | com_users (3.0.0) 1 | com_search (3.0.0) 1 | com_redirect (3.0.0) 1 | com_plugins (3.0.0) 1 |
3rd Party:: COM_JANTIVIRUS (5.3) 1 | Admintools (5.3.3) 1 | JiFile (2.3) 1 | com_phocadownload (3.1.2) 1 | RokSprocket (2.1.26) 1 | COM_JCE (2.7.16) 1 | nextend_installer (1.0) 1 | com_gantry5 (5.4.29) 1 |

Modules :: SITE ::
Core :: mod_search (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_syndicate (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_weblinks (3.6.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_login (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_users_latest (3.0.0) 1 | mod_languages (3.5.0) 1 |
3rd Party:: Nextend Accordion Menu V9 (9.3.10) 1 | RokSprocket Module (2.1.26) 1 | mod_gantry5_particle (5.4.29) 1 | RokNavMenu (2.0.9) 1 |

Modules :: ADMIN ::
Core :: mod_sampledata (3.8.0) 1 | mod_version (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_status (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_login (3.0.0) 1 | mod_title (3.0.0) 1 |
3rd Party:: mod_jantivirus (2.5.0) 1 |

Libraries ::
Core ::
3rd Party::

Plugins ::
Core :: PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_system_logrotation (3.9.0) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 1 | plg_system_remember (3.0.0) 1 | plg_system_redirect (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_stats (3.5.0) 1 | plg_system_log (3.0.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_fields (3.7.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_sessiongc (3.8.6) 1 | plg_system_highlight (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_geshi (2.5.0) 0 | plg_content_vote (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_finder (3.0.0) 0 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_weblinks (3.6.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_authentication_gmail (3.0.0) 0 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_weblinks (3.6.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_captcha_recaptcha (3.4.0) 0 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_terms (3.9.0) 0 |
3rd Party:: plg_installer_jce (2.7.16) 1 | Nextend Bold theme for Accordion Me (1.0.0) ? | Nextend Clean theme for Accordion M (1.0.0) ? | Nextend Elegant theme for Accordion (1.0.0) ? | plg_editors_tinymce (4.5.11) 1 | plg_editors_jce (2.7.16) 1 | plg_editors_codemirror (5.40.0) 1 | System - RokExtender (2.0.0) 1 | System - Website Security (1.0.0) 1 | Nextend Accordion Menu AJAX (1.0.0) 1 | mySites.guru Secure Plugin (n/a) 1 | System - RokCommon (3.2.7) 1 | plg_system_jce (2.7.16) 1 | plg_system_gantry5 (5.4.29) 1 | PLG_SYSTEM_ADMINTOOLS (5.3.3) 1 | System - RokSprocket (2.1.26) 1 | Nextend Library (1.0.0) 1 | Nextend Library (1.0.0) 1 | Content - RokInjectModule (2.1.26) 1 | plg_content_jce (2.7.16) 1 | plg_content_phocadownload (3.1.2) 1 | plg_quickicon_jce (2.7.16) 1 | plg_quickicon_gantry5 (5.4.29) 1 | plg_fields_mediajce (2.7.16) 1 | plg_extension_jce (2.7.16) 1 | plg_editors-xtd_phocadownload (3.1.0) 1 | Search - JiFile (2.1) 1 | Nextend Menu for JoomShopping (1.0.0) 1 | Nextend Menu for redSHOP (1.0.0) 1 | Nextend Menu for redSHOP (1.0.0) 1 | Nextend Menu for MijoShop (1.0.0) 1 | Nextend Menu for MijoShop (1.0.0) 1 | Nextend Menu for Joomla (1.0.1) 1 | Nextend Menu for SobiPro (1.0.0) 1 | Nextend Menu for SobiPro (1.0.0) 1 | Nextend Menu for Cobalt (1.0.0) 1 | Nextend Menu for Zoo (1.0.0) 1 | Nextend Menu for Zoo (1.0.0) 1 | Nextend Menu for Phoca Gallery (1.0.0) 1 | Nextend Menu for Phoca Gallery (1.0.0) 1 | Nextend Menu for Joomla categories (1.0.0) ? | Nextend Menu for K2 (1.0.0) 1 | Nextend Menu for JomDirectory (1.0.0) 1 | Nextend Menu for EasyBlog (1.0.0) 1 | Nextend Menu for HikaShop (1.0.0) 1 | Nextend Menu for Tienda (1.0.0) 1 | Nextend Menu for Tienda (1.0.0) 1 | Nextend Menu for Virtuemart 1 and 2 (1.0.0) 1 | Nextend Menu for Virtuemart 1 and 2 (1.0.0) 1 | Nextend Menu for Mosets Tree (1.0.0) 1 | Nextend Menu for Mosets Tree (1.0.0) 1 | Nextend Menu for AdsManager (1.0.0) 1 | plg_gantry5_preset (5.4.29) 0 | PLG_ACTIONLOG_ADMINTOOLS (1.0) 0 |
Templates Discovered :: wrote:Templates :: SITE :: protostar (1.0) ? | rt_protean (1.1.2) 1 | beez3 (3.1.0) ? |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 | bluestork (2.5.0) 1 |

User avatar
PhilTaylor-Prazgod
Joomla! Ace
Joomla! Ace
Posts: 1198
Joined: Sat Aug 20, 2005 12:32 pm
Location: Jersey, Channel Islands
Contact:

Re: Marked as 95% virus or 'infected'

Post by PhilTaylor-Prazgod » Fri Aug 23, 2019 5:35 am

Code: Select all

Phil you responded, but I'd agree you're a bit biased :)
You emailed me and I replied with FACTS. Not one bit biased when its the TRUTH.

Here is my reply I sent you (with retractions so you dont get me banned in the forum). The email is factual.
Hi [REDACTED]

Virus Protection will NOT protect you against hacks. It will not detect 99% of the hacks either, unless the hack also includes a virus.

Virus Protection is looking for Viruses, not hacks.

mySites.guru is looking for Joomla and WordPress specific hacks - [REDACTED] its designed SPECIFICALLY for this this purpose.

However, if your site is insecure, nothing will protect you. [REDACTED]

[REDACTED]

[REDACTED]

Kindest regards
Phil.
Others will be along to state the same thing. Just because you install virus protection on your server, doesnt mean it will find the hacks in your site or protect you in any way. This is not the job of a virus checker on an internet server.
Phil Taylor - Full Time Joomla/PHP Security Expert
Blue Flame Digital Solutions Limited.
-- https://myJoomla.com/ Multi Award Winning Joomla Security & Auditing Service
-- https://www.phil-taylor.com/

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Fri Aug 23, 2019 7:54 pm

Phil, didn't mean it that way :)

Anyone have any advice based on the FPA I posted?

d

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Sun Aug 25, 2019 7:49 pm

I was asked to post the FPA, which I completed. Any advice?

D

Achaa
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 143
Joined: Mon Jul 29, 2013 8:25 pm

Re: Marked as 95% virus or 'infected'

Post by Achaa » Sun Aug 25, 2019 10:55 pm

"Experts often possess more data than judgement."
All suggestions are given with good intent.
http://arbitrarytimes.com Where I test stuff.... :pop

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7755
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Marked as 95% virus or 'infected'

Post by sozzled » Sun Aug 25, 2019 11:05 pm

https://www.kuneze.com/blog
I need your help to help reduce spam at the Joomla forum. You can help with your ideas, questions and opinions at viewtopic.php?f=7&t=974006. Together we can make a difference :)

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 7755
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Marked as 95% virus or 'infected'

Post by sozzled » Sun Aug 25, 2019 11:08 pm

claven123 wrote:
Fri Aug 23, 2019 7:54 pm
Anyone have any advice based on the FPA I posted?
Thank you for posting the FPA report. I don't have a lot of advice, based on the FPA report that you posted. There's nothing in the FPA report that indicates a major problem.

There are some things that I would do differently, perhaps ... (e.g. I would uninstall the J! 2.5 templates)

... but this isn't about me.
https://www.kuneze.com/blog
I need your help to help reduce spam at the Joomla forum. You can help with your ideas, questions and opinions at viewtopic.php?f=7&t=974006. Together we can make a difference :)

claven123
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sat Dec 05, 2009 7:32 am

Re: Marked as 95% virus or 'infected'

Post by claven123 » Mon Aug 26, 2019 7:56 am

Thanks for the advice, I did that.

I also see I have Hathor and Isis templates, do I need to delete those also? I use a rocket template, so don't really need those

D

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2051
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Marked as 95% virus or 'infected'

Post by JAVesey » Wed Aug 28, 2019 1:59 pm

claven123 wrote:
Mon Aug 26, 2019 7:56 am
I also see I have Hathor and Isis templates, do I need to delete those also? I use a rocket template, so don't really need those
These are the two /administrator templates that ship with Joomla 3.x by default.

One (Isis) works better than the other and most of us use it in preference.

Unless you have another /administrator template installed then deleting them isn't recommended.
John V
Cardiff, Wales, UK
Uses Joomla 3.9.11 and PHP7.3

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4883
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Marked as 95% virus or 'infected'

Post by AMurray » Sun Sep 01, 2019 5:36 am

You can as @sozzled said, uninstall the Joomla 2.5 admin template - that is, the one called BlueStork.

If you were to delete Hathor or Isis, your site wouldn't work (depending which one you were actively using).

Besides, they will be re-installed when you next update Joomla as they are part of the core package.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19667
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Marked as 95% virus or 'infected'

Post by leolam » Mon Sep 02, 2019 5:02 pm

toivo wrote:
Thu Aug 22, 2019 5:49 am
he is not allowed to promote.
So when are we finally going to adjust these ridiculous rules? Having to copy Tips&Tricks from my website since these stupid and outdated forum rules forbid me to link to them? I do not waste my time (copying them) so people don't get proper answers ("please go to my site, find tips & tricks so you will get an answer) Wat kind of nonsense we still live with since the Brad Baker period and nobody cares? You expect me to link to other websites which have the same tips/guidance's and they are my competitors? No way so I won't post links to solutions where it might hurt my own presence........And no I won't publish all of our Tips & Tricks to the documentation portal (been there, done that)

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

User avatar
ooffick
Joomla! Master
Joomla! Master
Posts: 11403
Joined: Thu Jul 17, 2008 3:10 pm
Location: Ireland
Contact:

Re: Marked as 95% virus or 'infected'

Post by ooffick » Tue Sep 03, 2019 9:20 am

Hi Leo,

The self promotion rule is there to prevent abuse. So that people are not getting post "I can fix this for you for 100 USD, please contact me.", or the forum will be just a collection of links to other websites. In both cases this is not something which will work very well for the user.

Forum rules are reviewed every few month and this one rule has been discussed a few times, and it was always agreed to keep this particular forum rule.

Kind Regards
Olaf
Olaf Offick - Global Moderator
learnskills.org

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37287
Joined: Sat Apr 05, 2008 9:58 pm

Re: Marked as 95% virus or 'infected'

Post by Webdongle » Tue Sep 17, 2019 3:25 pm

PhilTaylor-Prazgod wrote:
Wed Aug 21, 2019 9:57 pm
...
99% of the hacks in Joomla sites will go undetected by Virus Checkers - because they are not viruses. They are hacks. There is a big difference.
...
Hacks are malicious scripts that exploit vulnerabilities on the Host server in order to fully access the Host server. What you call 'virus checkers' detect those scripts ... it is up to the site administrator to eradicate those scripts and locate the cause of the hack to prevent more being uploaded. There will be an umpteen number of malicious scripts for every hack.

The source of the hack could be anywhere on the Host server (even in another website) and could have been there for several months without being noticed. Once a site has been hacked it's url (along with the Hack details) is posted on various forums. Other Hackers then upload their scripts and eventually a malicious script (or its affect) is spotted.

Either hire an expert or completely wipe everything and replace with fresh files. Backup files are next to useless because they do not remove the malicious scripts and (most probably) contain them in the backup.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein


Post Reply

Return to “Security in Joomla! 3.x”