first click redirection !

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
zoohayr
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Tue Jun 28, 2016 1:44 am

first click redirection !

Post by zoohayr » Sat Oct 12, 2019 3:50 pm

Hello,

I just noticed that my links from my site joomla in google is redirected in the first click to unknown pages (apparently pub pages) that do not belong to me! I do not know if I'm infected or not but how to fix this problem and thank you

User avatar
AMurray
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 4961
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: first click redirection !

Post by AMurray » Sat Oct 12, 2019 11:49 pm

It doesn't help us if you don't provide a link to your site.

what are "pub pages" ?

Does your host have any security tools (e.g. in your hosting administration - cPanel or Plesk etc)you can scan the site with (maybe the Host can do so)?

Or, you could try mysites.guru; the first site audit is free, but otherwise is a subscription service. This audit will look for (amongst many other things) any suspicious files and then report suggestions on fixing the issues.

In the mean time you can help us help you by providing (1) link to your site (and/or screenshot or link to the Google page listing your site) and (2), use the Forum Post Assistant (FPA) as mentioned in the "Forum Rules" (red box at top of page) and post the FPA report here. Refer to https://forumpostassistant.github.io/docs/ for details.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

zoohayr
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Tue Jun 28, 2016 1:44 am

Re: first click redirection !

Post by zoohayr » Sun Oct 13, 2019 7:53 am

Hello A Murray, thank you first for reply,
it's because I do not think about it as the link to the site will be useful. here is the link of my site is:

Code: Select all

www.medika.ma
but to see what I'm talking about I invite you to type these two words (aldomet medika) in google. you will probably links pages that contains the drug aldomet in my site medika. but as soon as you click (only the 1 click) on one of these links you will be redirected to other pages off the site! it's up to you to try and answer me

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26044
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: first click redirection !

Post by Per Yngve Berg » Sun Oct 13, 2019 11:15 am

Please provide the FPA.

I do not see your site in Google. Probably wrong region and language in my preferences.

Have you checked that the .htaccess file does not contain a redirect when the site is accessed by Google?

zoohayr
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Tue Jun 28, 2016 1:44 am

Re: first click redirection !

Post by zoohayr » Mon Oct 14, 2019 10:25 am

here I post the contents of the .htaccess file :


##
# @package Joomla
# @copyright Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of Apache mod_rewrite, but it may have already been set by
# your server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##

## No directory listings
<IfModule autoindex>
IndexIgnore *
</IfModule>

## Suppress mime type detection in browsers for unknown types
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19704
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: first click redirection !

Post by leolam » Sun Oct 20, 2019 3:24 pm

Please provide the FPA.
https://forumpostassistant.github.io/docs/

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

zoohayr
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Tue Jun 28, 2016 1:44 am

Re: first click redirection !

Post by zoohayr » Mon Oct 21, 2019 9:24 am

Hi Leolam,

it is done ! should I provide you with the link ?

zoohayr
Joomla! Apprentice
Joomla! Apprentice
Posts: 26
Joined: Tue Jun 28, 2016 1:44 am

Re: first click redirection !

Post by zoohayr » Mon Oct 21, 2019 9:37 am

Forum Post Assistant (v1.4.9 (lambrusco)) : 21st October 2019 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.8.6-Stable (Amani) 13-March-2018
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.8
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: Yes | GZip: false | Cache: true | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: http://www.medika.ma | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 2 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: mysqli | PHP Supports J! 3.8.6: Yes | Database Supports J! 3.8.6: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 2.6.32-042stab133.2 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 8.60 GiB |

PHP Configuration :: Version: 7.1.32 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: | Error Reporting: 24567 | Log Errors To: error_log | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 24M | Max. POST Size: 128M | Max. Input Time: 600 | Max. Execution Time: 300 | Memory Limit: 256M

Database Configuration :: Version: 5.5.5-10.2.27-MariaDB (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | Host: --protected-- (--protected--) | default Collation: latin1_swedish_ci (default Character Set: latin1) | Database Size: 77.54 MiB | #of Tables:  311
Detailed Environment :: wrote:PHP Extensions :: Core (7.1.32) | date (7.1.32) | libxml (7.1.32) | openssl (7.1.32) | pcre (7.1.32) | zlib (7.1.32) | filter (7.1.32) | hash (1.0) | pcntl (7.1.32) | readline (7.1.32) | Reflection (7.1.32) | SPL (7.1.32) | session (7.1.32) | standard (7.1.32) | cgi-fcgi () | bcmath (7.1.32) | bz2 (7.1.32) | calendar (7.1.32) | ctype (7.1.32) | curl (7.1.32) | dom (20031129) | mbstring (7.1.32) | fileinfo (1.0.5) | ftp (7.1.32) | gd (7.1.32) | gettext (7.1.32) | gmp (7.1.32) | iconv (7.1.32) | imap (7.1.32) | intl (1.1.0) | json (1.5.0) | ldap (7.1.32) | exif (7.1.32) | mcrypt (7.1.32) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: 38fea24f2847fa7519001be390c98ae0acafe387 $) | PDO (7.1.32) | pgsql (7.1.32) | Phar (2.0.2) | posix (7.1.32) | shmop (7.1.32) | SimpleXML (7.1.32) | soap (7.1.32) | sockets (7.1.32) | sqlite3 (7.1.32) | sysvmsg (7.1.32) | sysvsem (7.1.32) | sysvshm (7.1.32) | tokenizer (7.1.32) | xml (7.1.32) | xmlwriter (7.1.32) | xsl (7.1.32) | zip (1.13.5) | mysqli (7.1.32) | pdo_mysql (7.1.32) | pdo_pgsql (7.1.32) | pdo_sqlite (7.1.32) | wddx (7.1.32) | xmlreader (7.1.32) | xmlrpc (7.1.32) | Zend OPcache (7.1.32) | Zend Engine (3.1.0) |
Potential Missing Extensions ::
Disabled Functions :: eval | show_source | system | shell_exec | passthru | exec | phpinfo | popen | proc_open | allow_url_fopen | symlink | mail |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (---) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 47286 | Threads: 14 | Questions: 691545 | Slow queries: 0 | Opens: 1555 | Flush tables: 1 | Open tables: 1530 | Queries per second avg: 14.624 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: kunena_tmpl_crypsis (4.0.11) ? | WF_CHARMAP_TITLE (2.6.24) ? | WF_STYLE_TITLE (2.6.24) ? | WF_SPELLCHECKER_TITLE (2.6.24) ? | WF_BROWSER_TITLE (2.6.24) ? | WF_PRINT_TITLE (2.6.24) ? | WF_XHTMLXTRAS_TITLE (2.6.24) ? | WF_FONTCOLOR_TITLE (2.6.24) ? | WF_STYLESELECT_TITLE (2.6.24) ? | WF_LAYER_TITLE (2.6.24) ? | WF_VISUALBLOCKS_TITLE (2.6.24) ? | WF_HR_TITLE (2.6.24) ? | WF_LISTS_TITLE (2.6.24) ? | WF_FONTSIZESELECT_TITLE (2.6.24) ? | WF_INLINEPOPUPS_TITLE (2.6.24) ? | WF_VISUALCHARS_TITLE (2.6.24) ? | WF_CLIPBOARD_TITLE (2.6.24) ? | WF_LINK_TITLE (2.6.24) ? | WF_NONBREAKING_TITLE (2.6.24) ? | WF_CLEANUP_TITLE (2.6.24) ? | WF_DIRECTIONALITY_TITLE (2.6.24) ? | WF_MEDIA_TITLE (2.6.24) ? | WF_IMGMANAGER_TITLE (2.6.24) ? | WF_KITCHENSINK_TITLE (2.6.24) ? | WF_FULLSCREEN_TITLE (2.6.24) ? | WF_EMOTIONS_TITLE (2.6.24) ? | WF_AUTOSAVE_TITLE (2.6.24) ? | WF_ARTICLE_TITLE (2.6.24) ? | WF_PREVIEW_TITLE (2.6.24) ? | WF_TABLE_TITLE (2.6.24) ? | WF_ANCHOR_TITLE (2.6.24) ? | WF_SOURCE_TITLE (2.6.24) ? | WF_CONTEXTMENU_TITLE (2.6.24) ? | WF_FORMATSELECT_TITLE (2.6.24) ? | WF_FONTSELECT_TITLE (2.6.24) ? | WF_TEXTCASE_TITLE (2.6.24) ? | WF_SEARCHREPLACE_TITLE (2.6.24) ? | WF_LINK_SEARCH_TITLE (2.6.24) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.6.24) ? | WF_AGGREGATOR_VIMEO_TITLE (2.6.24) ? | WF_AGGREGATOR_[youtube]_TITLE (2.6.24) ? | WF_AGGREGATOR_VINE_TITLE (2.6.24) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.6.24) ? | WF_LINKS_JOOMLALINKS_TITLE (2.6.24) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.24) ? | WF_POPUPS_WINDOW_TITLE (2.6.24) ? | iC rounded - iCagenda Theme (3.6.9) ? |

Components :: ADMIN ::
Core :: com_finder (3.0.0) 1 | com_categories (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_ajax (3.2.0) 1 | com_modules (3.0.0) 1 | com_search (3.0.0) 1 | com_login (3.0.0) 1 | com_languages (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_tags (3.1.0) 1 | com_weblinks (3.6.0) 1 | com_messages (3.0.0) 1 | com_admin (3.0.0) 1 | com_associations (3.7.0) 1 | com_fields (3.7.0) 1 | com_plugins (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_config (3.0.0) 1 | com_checkin (3.0.0) 1 | com_banners (3.0.0) 1 | com_content (3.0.0) 1 | com_users (3.0.0) 1 | com_media (3.0.0) 1 | com_redirect (3.0.0) 1 | com_cache (3.0.0) 1 | com_menus (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_templates (3.0.0) 1 | com_installer (3.0.0) 1 |
3rd Party:: Offlajn Joomla 3.0 compatibility (1.0) 1 | Universal AJAX Live Search (5.4.1) 1 | AJAX Live Search results (1.0.0) 1 | System - Offlajn Params (1.1.0) 1 | System - Offlajn Params (1.1.0) 1 | com_jabuilder (1.0.6) 1 | JO Social Auto Publish (5.5) 1 | invoicing (1.2.13) 1 | COM_ACCORDEONCK (2.0.0) 1 | PLG_ACCORDEONCKPARAMS_PARAMS_NAME (2.0.0) 1 | Akeeba (5.6.3) 1 | com_jak2filter (1.2.8) 1 | com_kunena (4.0.11) 1 | mod_kunenamenu (4.0.11) ? | plg_kunena_kunena (4.0.11) 1 | plg_kunena_alphauserpoints (4.0.11) 1 | plg_kunena_gravatar (4.0.11) 0 | plg_kunena_finder (4.0.11) ? | plg_kunena_joomla (4.0.11) 1 | plg_kunena_community (4.0.11) ? | plg_kunena_comprofiler (4.0.11) ? | plg_kunena_uddeim (4.0.11) 0 | plg_finder_kunena (4.0.11) ? | com_jacomment (2.5.2) 1 | com_jacomment (2.5.5) 1 | AcyMailing (5.7.0) 1 | AcyMailing Tag : Date / Time (5.7.0) 1 | AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing Editor (5.7.0) 1 | AcyMailing Tag : content insertion (3.7.0) 1 | AcyMailing Manage text (1.0.0) 1 | AcyMailing table of contents genera (1.0.0) ? | AcyMailing : Handle Click tracking (5.7.0) ? | AcyMailing: override Joomla mailing (5.7.0) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag : Subscriber informa (5.7.0) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing Tag : Joomla User Inform (5.7.0) ? | AcyMailing Template Class Replacer (5.7.0) 0 | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing : Handle Click tracking (5.7.0) ? | AcyMailing Tag : Manage the Subscri (5.7.0) ? | AcyMailing : (auto)Subscribe during (5.7.0) ? | AcyMailing Module (3.7.0) 1 | AcyMailing : share on social networ (1.0.0) ? | COM_JCE (2.6.24) 1 | Aindex Dictionaries (1.0.0) 1 | com_jsn (2.4.10) 1 | K2 (2.5.7) ? | COM_K2 (2.8.0) 1 | iCagenda (3.6.12) 1 | com_[spam] (4.3.7) 1 | Profile Manager Mambot (2.2) ? | thephpfactoryupdate (1.0.0) 1 | com_cmk2inline (1.4.0) 1 | PaidSystem (3.1.9) 1 | Adsmanager (3.1.11) 1 | bruce (1.0.4) 1 | offlajn_installer (1.0) 1 |

Modules :: SITE ::
Core :: mod_feed (3.0.0) 1 | mod_tags_similar (3.1.0) 1 | mod_wrapper (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_banners (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_login (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_weblinks (3.6.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_archive (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_search (3.0.0) 1 |
3rd Party:: Easy Profile - User List (1.0.0) 1 | mod_[spam]_tree_category (4.3.7) 1 | mod_adsmanager_search (3.1.11) 1 | K2 Login (2.5.7) 1 | K2 Comments (2.8.0) 1 | Social GK5 (1.2.5) 1 | mod_adsmanager_ads (3.1.11) 1 | Tabs GK5 (1.7.4) 1 | JA Latest Comments (2.5.5) 1 | mod_[spam]_tree_post (4.3.7) 1 | mod_[spam]_calendar (4.3.7) 1 | mod_adsmanager_table (3.1.11) 1 | News Show Pro GK5 (1.9.3.8) 1 | Easy Profile - Search Module (1.0.0) 1 | MOD_MOST_RECENT_NAME (1.0.0) 1 | K2 Content (2.8.0) 1 | mod_[spam]_tags (4.3.7) 1 | JAK2 Extra fields Filter and Search (1.2.8) 1 | Menu Accordeon CK (2.1.4) 1 | mod_[spam]_post (4.3.7) 1 | K2 Tools (2.8.0) 1 | mod_bruce (1.0.4) 1 | iCagenda - Calendar (3.6.11) 1 | K2 User (2.8.0) 1 | Universal AJAX Live Search (5.4.1) 1 | mod_kunenalogin (5.0.3) 1 | AJAX Live Search results (1.0.0) 1 | StyleWare Google Maps (1.1) 1 | mod_paidsystem_feat (3.1.11) 1 | mod_[spam]_blog (4.3.7) 1 | Image Show GK4 (1.54.1) 1 | K2 Users (2.8.0) 1 | mod_ads_elite (4.5) 1 | AcyMailing Module (3.7.0) 1 | mod_adsmanager_menu (3.1.11) 1 |

Modules :: ADMIN ::
Core :: mod_version (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_logged (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_login (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_stats_admin (3.0.0) 1 | mod_sampledata (3.8.0) 0 | mod_status (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_toolbar (3.0.0) 1 |
3rd Party:: K2 Stats (admin) (2.8.0) 1 | JA Builder Admin Menu (1.0.0) 1 | JA Builder Quick Icons (1.0.1) 1 | joomessLibrary - Status (1.01) 1 | K2 Quick Icons (admin) (2.8.0) 1 |

Libraries ::
Core ::
3rd Party:: lib_dompdf (rev1111111) 1 | lib_xef (1.4.1) 1 | FOF30 (3.1.4) 1 |

Plugins ::
Core :: plg_search_categories (3.0.0) 0 | plg_search_tags (3.0.0) 1 | plg_search_content (3.0.0) 0 | plg_search_contacts (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_weblinks (3.6.0) 0 | plg_finder_categories (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_weblinks (3.6.0) 1 | K2 - JA K2 Filter (1.2.1) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_captcha_recaptcha (3.4.0) 1 | plg_twofactorauth_totp (3.2.0) 1 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_content_finder (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_emailcloak (3.0.0) ? | plg_content_pagebreak (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_vote (3.0.0) 1 | plg_content_geshi (2.5.0) 0 | plg_content_pagenavigation (3.0.0) 0 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_webinstaller (1.1.1) 1 | plg_installer_packageinstaller (3.6.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_cache (3.0.0) 1 | plg_system_languagefilter (3.0.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_debug (3.0.0) 1 | plg_system_p3p (3.0.0) 1 | plg_system_log (3.0.0) 1 | JA Typo (2.5.7) 1 | plg_system_redirect (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_languagecode (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_remember (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_user_contactcreator (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_article (3.0.0) 1 |
3rd Party:: Search - K2 advanced (1.1) 1 | ICAGENDA_PLG_SEARCH (1.6) 1 | Search - K2 (2.8.0) 1 | plg_search_[spam] (4.3.7) 1 | Easy Profile - Search plugin (1.0.0) 0 | Search - JA Comment (2.5.2) 0 | plg_finder_k2 (2.8.0) 1 | K2 - Content Ads Plugin (1.2.1) 0 | SW K2 Maps (3.2.7) 1 | plg_content_k2swmaps (1.0.0) 1 | Canonical Links for K2 (3.24) 1 | SW Tabs Pro for K2 (2.7.7) 1 | plg_content_k2swtabs (1.0.0) 0 | plg_quickicon_akeebabackup (1.0) 0 | plg_quickicon_kunena (4.0.11) 1 | plg_quickicon_jce (2.6.0-pro-bet) 1 | plg_quickicon_icagendaupdate (1.1.0) 1 | K2 content integration for AcyMaili (2.4.4) ? | K2 content integration for AcyMaili (2.4.4) ? | AcyMailing : Handle Click tracking (5.7.0) ? | AcyMailing Tag : Joomla User Inform (5.7.0) ? | AcyMailing : trigger Joomla Content (3.7.0) ? | AcyMailing table of contents genera (1.0.0) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing Tag and filter : Communi (3.7.2) ? | AcyMailing : Statistics Plugin (3.7.0) 1 | AcyMailing Template Class Replacer (5.7.0) 0 | AcyMailing : share on social networ (1.0.0) ? | AcyMailing Tag : Manage the Subscri (5.7.0) ? | AcyMailing Manage text (1.0.0) 1 | Easy Profile - Acymailing Tag & (3.7.0) ? | AcyMailing Tag : Website links (3.7.0) 1 | AcyMailing Tag : Subscriber informa (5.7.0) ? | AcyMailing Tag : content insertion (3.7.0) 1 | Adsmanager integration for AcyMaili (3.1.11) ? | K2 Users integration for AcyMailing (1.0.1) 1 | K2 Users integration for AcyMailing (1.0.1) 1 | AcyMailing Tag : Date / Time (5.7.0) 1 | Xmap - Adsmanager Plugin (3.1.11) 1 | AcyMailing Editor (5.7.0) 1 | plg_editors_jce (2.6.24) 1 | plg_editors_tinymce (4.5.8) 1 | plg_editors_codemirror (5.34.0) 1 | sh404sef - Invoicing support plugin (2.7) 0 | sh404sef - Adsmanager support plugi (2.7) ? | Adsmanager - JComments (3.1.11) 0 | AdsManagerContent - JomSocial (3.1.11) 0 | AdsManagerContent - Captcha (3.1.11) 0 | AdsManagerContent - Social (3.1.11) 0 | AdsManagerContent - ReCaptcha (2.5.0) 0 | Invoicing Adsmanager Generator Plug (1.0.0) ? | User Group Plugin for Bruce (1.0.4) 1 | K2 Plugin for Bruce (1.0.4) 0 | Hikashop Plugin for Bruce (1.0.4) 0 | Content Plugin for Bruce (1.0.4) 1 | Menu Item Plugin for Bruce (2.9.6) 1 | AdsManager Plugin for Bruce (2.9.6) 1 | Date & Time Plugin for Bruce (1.0.4) ? | Akeeba Subscriptions - AdsMAnager - (1.0) ? | corejoomla - socials (1.0.0) 0 | plg_kunena_uddeim (4.0.11) 0 | plg_kunena_kunena (4.0.11) 1 | plg_kunena_alphauserpoints (4.0.11) 1 | plg_kunena_joomla (4.0.11) 1 | plg_kunena_gravatar (4.0.11) 0 | plg_content_k2swmaps (1.0.0) 1 | PLG_SPROFILE_NAME (1.0.0) 1 | Content - JA Comment (2.5.5) 1 | plg_content_k2swtabs (1.0.0) 0 | Content - Smart Related Items for K (1.0) ? | Easy Profile - Content plugin (1.0.0) 1 | Responsive Tables (2.0.0) 1 | AllVideos (by JoomlaWorks) (4.8.0) 1 | AllVideos (by JoomlaWorks) (4.8.0) 1 | Easy Profile - Author plugin (1.0.0) 1 | plg_content_jce (2.6.24) 1 | My Ads (3.1.11) 1 | Easy Profile - Authentication plugi (1.0.0) ? | Easy Profile - Kunena Favorites Tab (1.0.0) 0 | Easy Profile - Kunena Topic Tab (1.0.0) 1 | Easy Profile - Kunena Subscriptions (1.0.0) ? | Easy Profile - Usergroups plugin (1.0.0) 1 | plg_installer_cjupdater (1.0) 0 | plg_installer_jeventsinstaller (3.4.43) 1 | plg_installer_jce (2.6.24) 1 | Offlajn Joomla 3.0 compatibility (1.0) 1 | Easy Profile - System plugin (1.0.0) 1 | System - GK Cache (1.0) 1 | System - K2 (2.8.0) 1 | AcyMailing: override Joomla mailing (5.7.0) ? | System - Unique Pages (1.1.1) 1 | plg_system_[spam] (4.3.7) 1 | Azrul System Mambot For Joomla (3.0.4) 1 | System - GK Contact (1.1) 1 | PLG_SYSTEM_AKEEBAUPDATECHECK_TITLE (1.1) 0 | System - JA Comment (2.5.5) 0 | System - Offlajn Params (1.1.0) 1 | System - Offlajn Params (1.1.0) 1 | System - K2Filter (1.4.9) 1 | GK Menu Extended Parameters (1.0) 1 | PLG_SYSTEM_GOOGLIC_ANALYTICS (1.2.4) ? | JUB (1.1.3) 1 | AcyMailing: display a squeeze page (1.3.5) ? | AcyMailing: display a squeeze page (1.3.5) ? | GK Module Title Links (1.0) 1 | AcyMailing : Handle Click tracking (5.7.0) ? | Accelerator for K2 (1.0) 1 | PLG_SYSTEM_IC_LIBRARY (1.4) 1 | Offlajn Dojo Loader (1.0) 1 | plg_system_kunena (4.0.11) 1 | Easy Profile - System plugin (1.0.0) 1 | PLG_SYSTEM_BACKUPONUPDATE_TITLE (3.7) 1 | Adsmanager Disclaimer (1.0) 0 | Invoicing PluginsManager Plugin (1.2.13) 1 | AcyMailing : (auto)Subscribe during (5.7.0) ? | PLG_ACCORDEONCKPARAMS_PARAMS_NAME (2.0.0) 1 | plg_system_jce (2.6.24) 1 | System - JO Social Auto Publish for (4.0) ? | PLG_RESPONSIVESCROLLINGTABLES (1.2.2) 0 | System - iCagenda :: Autologin (1.3) 1 | plg_system_adsstarterelite (4.5) 1 | plg_extension_jce (2.6.24) 1 | User - K2 (2.8.0) 1 | Easy Profile - Users plugin (1.0.0) 1 | Easy Profile - Users plugin (1.0.0) 1 | Button - GK Typography (1.0.2) 1 | Editor Button - JAComment ON (2.5.2) 1 | Editor Button - JAComment OFF (2.5.3) 1 | Invoicing Offline Payment Plugin (1.2.13) 1 | Invoicing Offline 2 Payment Plugin (1.2.13) 1 | Invoicing Paybox Payment Plugin (1.2.13) 0 | Invoicing Authorize.net Payment Plu (1.2.13) ? | Invoicing SystemPay Payment Plugin (1.0.0) 0 | Invoicing Ewire Payment Plugin (1.2.13) 0 | Invoicing Payment - midtrans (1.0) 0 | Invoicing Paypal Payment Plugin (1.2.13) 0 |
Templates Discovered :: wrote:Templates :: SITE :: gk_news2 (3.21.2) 1 | JA_Builder (1.0.9) 1 | protostar (1.0) 1 | beez3 (3.1.0) 1 |
Templates :: ADMIN :: bluestork (2.5.0) 1 | hathor (3.0.0) 1 | isis (1.0) 1 |
Last edited by toivo on Mon Oct 21, 2019 10:36 am, edited 1 time in total.
Reason: mod note: disabled smilies in post Options for readability

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37332
Joined: Sat Apr 05, 2008 9:58 pm

Re: first click redirection !

Post by Webdongle » Mon Oct 21, 2019 9:48 am

Please see viewtopic.php?f=710&t=956702 and read '2.5.28' as '3.8.6'. Yes it is a lot of work because you have a lot of 3rd party extensions to check. But that is because you have not been keeping things up to date.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 26044
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: first click redirection !

Post by Per Yngve Berg » Mon Oct 21, 2019 3:58 pm

LiveSite: http://www.medika.ma (Should be empty)

Allow url fopen: 1
Disabled Functions :: allow_url_fopen (I don't understand that is available at the same time it's listed as disabled. You need it for the updater to work).

PHP 7.1 is going EOL in 2 December

I will recommend changing Session handler from database to php.


Post Reply

Return to “Security in Joomla! 3.x”