Malicious Javascript in your site - Joomla! Forum - community, help and support
hi, originates post entered few years ago (2009) in joomla 1.5-forum had 70,000 visits. security moderators , discussed update of topic , here find updated version. please feel post question on these issues post. here you?
malicious code in site!
when find malicious code in site line of javascript inserted bottom of every .js file on account used character code escapes make harder detect. embedded in many of otherwise blank index.html pages within sub-directories of joomla install. difficult pinpoint reason either joomla exploit (iframe) or if violators had account password.
this type of infection more common password being weak or breached (do not use birthday/name of dog, kids name/etc!!!) however. reason, advised follow these steps:
1. scan local computer, clients computer, , computer have accessed account using date virus scanner such http://malwarebytes.org critical!
2. update cpanel/ftp password password not guessable. use 14-digits , ( example (!) ) &g5s#!k-|%h1g^
3. submit site rescan using google webmaster account. if not have account please follow instructions on page obtain 1 , [url=http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633]review google's advise] critical! (note: can google webmasters account @ link: http://www.google.com/webmasters)
4. read information provided below type of viral infection , how further prevent it.
what malicious iframes , causes them?
! over years hackers found hard trick people visiting suspicious sites they're targeting legit sites , using them infect unknowing customers. in cases ftp account's password obtained through key logging malware, legit website files modified distribute malware , gather more passwords. if pc has been infected 1 of these trojans, bank account, email accounts, , ftp accounts may no longer secure. note filezilla stores password in plain text! use encrypted passwords programs (free)keepass! http://keepass.info/
what if find malicious iframes on pc?
1. use following online vulnerability scanner , ensure software up-to-date: http://secunia.com/vulnerability_scanni ... ?task=load (this indicative , not final!: thease online scanners make tons of mistakes)
2. download antivirus , scan pc malicious files. here free online scanners:
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
http://support.f-secure.com/enu/home/ols.shtml
3. update passwords may have been obtained. not use old passwords, generate new ones (see above)
4. upload older versions of files or contact support assistance removing malicious iframes.
prevention measurements
- ensure use latest browser version critical!
- disable javascript if possible
- use firefox addon "noscript" (!)
- download , install (free) antivirus software, make sure stays updated critical!
- use http://www.avg.com.au/index.cfm?section ... onlinescan test suspicious links given in emails or find online.
others
backup & download site , database! use either cpanel features or use https://www.akeebabackup.com or whatever use:
now question "what extension protect site" answer simple: none : need make sure host has security features optimized (mainly mod_security/iptables protection/live upload scanning/suphp or mod_ruid , many more). make sure (!) not make basic mistakes: folder permissions wrong! never, ever! set folders else 755 , not set files other 644 (global config of joomla set auto '444) once again...some extensions migt discover vulnerabilities on server 2 key elements make day or break day: & pc , hosting company!
you use visit warez/filesharing/porn-sites? use other computer access site , make sure have top-notch protection! not underestimate fact behind simple image of "sun" whole piece of code can hissed! download zip etc , scan before opening file!
if not sure post message here! here assist each other!
leo
malicious code in site!
when find malicious code in site line of javascript inserted bottom of every .js file on account used character code escapes make harder detect. embedded in many of otherwise blank index.html pages within sub-directories of joomla install. difficult pinpoint reason either joomla exploit (iframe) or if violators had account password.
this type of infection more common password being weak or breached (do not use birthday/name of dog, kids name/etc!!!) however. reason, advised follow these steps:
1. scan local computer, clients computer, , computer have accessed account using date virus scanner such http://malwarebytes.org critical!
2. update cpanel/ftp password password not guessable. use 14-digits , ( example (!) ) &g5s#!k-|%h1g^
3. submit site rescan using google webmaster account. if not have account please follow instructions on page obtain 1 , [url=http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633]review google's advise] critical! (note: can google webmasters account @ link: http://www.google.com/webmasters)
4. read information provided below type of viral infection , how further prevent it.
what malicious iframes , causes them?
! over years hackers found hard trick people visiting suspicious sites they're targeting legit sites , using them infect unknowing customers. in cases ftp account's password obtained through key logging malware, legit website files modified distribute malware , gather more passwords. if pc has been infected 1 of these trojans, bank account, email accounts, , ftp accounts may no longer secure. note filezilla stores password in plain text! use encrypted passwords programs (free)keepass! http://keepass.info/
what if find malicious iframes on pc?
1. use following online vulnerability scanner , ensure software up-to-date: http://secunia.com/vulnerability_scanni ... ?task=load (this indicative , not final!: thease online scanners make tons of mistakes)
2. download antivirus , scan pc malicious files. here free online scanners:
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan8/ie.html
http://www.kaspersky.com/virusscanner
http://support.f-secure.com/enu/home/ols.shtml
3. update passwords may have been obtained. not use old passwords, generate new ones (see above)
4. upload older versions of files or contact support assistance removing malicious iframes.
prevention measurements
- ensure use latest browser version critical!
- disable javascript if possible
- use firefox addon "noscript" (!)
- download , install (free) antivirus software, make sure stays updated critical!
- use http://www.avg.com.au/index.cfm?section ... onlinescan test suspicious links given in emails or find online.
others
backup & download site , database! use either cpanel features or use https://www.akeebabackup.com or whatever use:
now question "what extension protect site" answer simple: none : need make sure host has security features optimized (mainly mod_security/iptables protection/live upload scanning/suphp or mod_ruid , many more). make sure (!) not make basic mistakes: folder permissions wrong! never, ever! set folders else 755 , not set files other 644 (global config of joomla set auto '444) once again...some extensions migt discover vulnerabilities on server 2 key elements make day or break day: & pc , hosting company!
you use visit warez/filesharing/porn-sites? use other computer access site , make sure have top-notch protection! not underestimate fact behind simple image of "sun" whole piece of code can hissed! download zip etc , scan before opening file!
if not sure post message here! here assist each other!
leo
Comments
Post a Comment