18 Sites on my server showing maleware

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, fcoulter, PhilD, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
hotrod007
Joomla! Intern
Joomla! Intern
Posts: 74
Joined: Tue Jan 09, 2007 5:15 pm
Contact:

18 Sites on my server showing maleware

Post by hotrod007 » Wed Mar 11, 2020 9:07 pm

Yea.. not good.. Sites are 2.5 and the latest Joomla 3.9. a week ago.. I know I need to update the 2,5 sites and that's the plan, but google chrome is throwing a warning on all the sites.. Not sure if the latest update today fixed the 3.9 sites.. but it would be nice to find the issues and clean them up.. before my phone started ringing off the hook. I have had issues in the past and have rebuild other customers sites to the latest version.. I run admin tools php file scanner and can usually find the bad files.. but not fining anything this time..
any suggestions word be great.. Every site is showing the same Sucuri scan results.. I did rebuild a few and moved them to a new server.. before I realized it was all of them..
See attached image.. UGH... Just tried to enter a site that has the latest version from last night and chrome is red paging that also..
SiteCheck_-_2020-03-11_17.04.45.png
You do not have the required permissions to view the files attached to this post.
Last edited by toivo on Thu Mar 12, 2020 2:51 am, edited 1 time in total.
Reason: mod note: moved from 3.x Security

 
User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5515
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: 18 Sites on my server showing maleware

Post by AMurray » Wed Mar 11, 2020 9:40 pm

It may not help after the horse has bolted (so to speak) but when you have managed to restore clean sites, I would I would suggest subscribing to mysites.guru, and register all your sites there. (10GBP per month, unlimited sites).

It's a fantastic service - audits your sites for security issues, and gives you a comprehensive list of suggested fixes.

It also can manage many site admin tasks such as keeping the core and extensions up to date all in one place.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

hotrod007
Joomla! Intern
Joomla! Intern
Posts: 74
Joined: Tue Jan 09, 2007 5:15 pm
Contact:

Re: 18 Sites on my server showing maleware

Post by hotrod007 » Wed Mar 11, 2020 9:51 pm

Wow.. That looks awesome.. Handling 80 plus sites and trying to keep them up to date was always an issue..

Yea.. I know I have to rebuild most of them.. even the 3.9.16 ones? I have backups since I just moved all these sites from another host.. but some are 6 months old.. and my clients do add content. so.. one at a time is all I can do.. but would just like to fix them all now before the phone starts ringing...

User avatar
sozzled
Joomla! Exemplar
Joomla! Exemplar
Posts: 8698
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: 18 Sites on my server showing maleware

Post by sozzled » Wed Mar 11, 2020 10:12 pm

I'm sorry to read that this has happened to you.

Here's a tip that may solve you from unnecessary grief.

We can't be certain that any one of those sites has been contaminated or whether there's been a contagious infection that's spreading through your hosted environment, particularly because the names of the files involved are quite "normal" files. There is, however, a way to check the likelihood that these files have been infected.

Suggest that you copy all of the files from the folders <site-name>/libraries and <site-name>/media to your PC and run a reputable AV scan on your PC for the copied files and see if the AV scan detects any security issues. It's not a foolproof method but it may give you some confidence that, perhaps, the Sucuri scan mis-reported these things as "false positives". That's another way of saying that no one security scan is 100% reliable.

If you run an AV scan (or use a couple of different AV scanning tools) and you don't find any problems with these files then maybe (and I stress the word maybe) your initial problem is not quite as bad as you thought.

However ... yeah, this is where the rubber hits the road, isn't it? I understand when you say "the plan" is to migrate the J! 2.5 websites to the latest version of J! but I'm sure we've read about people's "plans" which don't outline the details involved in getting from point A to point B. It might be a good idea for you to actually draw up detailed plans.

Good luck. :)
https://www.kuneze.com/blog
“If you think I’m wrong then say, ‘I think you’re wrong.’ If you say ‘You’re wrong!’, how do you know?” :)

hotrod007
Joomla! Intern
Joomla! Intern
Posts: 74
Joined: Tue Jan 09, 2007 5:15 pm
Contact:

Re: 18 Sites on my server showing maleware

Post by hotrod007 » Thu Mar 12, 2020 12:06 am

I have been updating them.. basically just rebuilding to the latest version.. and yea Suri is the only scan picking them up.. But.. Google chrome is throwing up the red warning page on them also.. I compared those warning files to a know "Ok" site and they are the same..


I ran one through my sites.guru and it showed me 5 bad files. but I know these are ok.. they are from plugins and look fine..

 

Post Reply

Return to “Security in Joomla! 2.5”