Search Engine Poisoning (SEP) attack - Joomla! Forum - community, help and support

-

hi

i'm getting spam content inserted site shows on search engines , older ie browsers.

when first discovered it, found google report on site abuse through open redirects (http://googlewebmastercentral.[url banned]. ... being.html) removed redirects. waited few weeks in case old content cached, problem continues.

so i've worked through suggestions hacked sites:
using forum post assistant (results below), identified number of files incorrect permissions - few 777s , larger number of 775s. these have been corrected.
looking @ components vulnerabilities, made sure using latest versions of akeebabackup, jce, nonumber tabber & slider, , xmap.

running jamss, couldn't identify problem, used http://sitecheck.sucuri.net , found problem explained here: http://blog.sucuri.net/2012/12/website- ... oomla.html

i've searched "dnnviewstate" suggested there nothing found.

i'd appreciate other suggestions.

thanks
carl

forum post assistant (v1.2.3) : 5th january 2013 wrote:
basic environment :: wrote:joomla! instance :: joomla! 2.5.8-stable (ember) 8-november-2012
joomla! platform :: joomla platform 11.4.0-stable (brian kernighan) 03-jan-2012
joomla! configured :: yes | read-only (444) | owner: capeixwyks (uid: 1/gid: 1) | group: users (gid: 1) | valid for: 2.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 0 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 1 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: 1 | unicode slugs: 0 | database credentials present: yes

host configuration :: os: linux | os version: 3.2.0-0.bpo.3-686-pae | technology: i686 | web server: apache | encoding: gzip, deflate | doc root: /usr/www/users/capeixwyks | system tmp writable: yes

php configuration :: version: 5.3.3-7+squeeze14 | php api: cgi-fcgi | session path writable: yes | display errors: | error reporting: 30711 | log errors to: | last known error: | register globals: | magic quotes: | safe mode: | open base: /usr/wwws/users/capeixwyks:/usr/www/users/capeixwyks:/usr/home/capeixwyks:/usr/local/rmagic:/usr/www/users/he/_system_:/usr/share/php:/usr/local/lib/php:/tmp:/usr/bin:/usr/local/bin:/usr/local/share/www:/usr/share/misc | uploads: 1 | max. upload size: 8m | max. post size: 8m | max. input time: 60 | max. execution time: 30 | memory limit: 256m

mysql configuration :: version: 5.1.66-0+squeeze1 (client:5.1.66) | host: --protected-- (--protected--) | collation: utf8_general_ci (character set: utf8) | database size: 128.32 mib | #of tables: 670
detailed environment :: wrote:php extensions :: core (5.3.3-7+squeeze14) | date (5.3.3-7+squeeze14) | ereg () | libxml () | openssl () | pcre () | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | dba () | dom (20031129) | hash (1.0) | fileinfo (1.0.5-dev) | filter (0.11.0) | ftp () | gettext () | session () | iconv () | json (1.2.1) | mbstring () | standard (5.3.3-7+squeeze14) | posix () | reflection ($revision: 300393 $) | spl (0.2) | shmop () | simplexml (0.1) | soap () | sockets () | phar (2.0.1) | exif (1.4 $id: exif.c 293036 2010-01-03 09:23:27z sebastian $) | sysvmsg () | sysvsem () | sysvshm () | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlwriter (0.1) | zip (1.9.1) | cgi-fcgi () | pdo (1.0.4dev) | mysql (1.0) | mysqli (0.1) | pdo_mysql (1.0.2) | pgsql () | curl () | gd () | htscanner (1.0.0) | imagick (3.0.1) | imap () | ldap () | mcrypt () | mssql () | pdo_dblib (1.0.1) | pdo_pgsql (1.0.2) | pdo_sqlite (1.0.1) | sqlite (2.0-dev) | sqlite3 (0.7-dev) | xmlrpc (0.51) | xsl (0.1) | mhash () | ioncube loader () | zend engine (2.3.0) |
potential missing extensions :: suhosin |

switch user environment (experimental) :: php cgi: yes | server su: yes | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: no
folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::
extensions discovered :: wrote:components :: site :: comprofiler (1.8.1) | cb mambo author tab (1.2) | yanc integration (1.2) | cb mamblog tab (1.2) | acymailing cb plugin (1.0) | cb captcha (1.3) | kunena forum - english (1.7.2) | user (1.5.0) | wf_link_search_title (2.3.1) | wf_links_joomlalinks_title (2.3.1) | wf_filesystem_joomla_title (2.3.1) | wf_mediaplayer_jceplayer_title (2.3.1) | [youtube] (2.3.1) | wf_aggregator_googlemaps_title (2.3.1) | wf_aggregator_vimeo_title (2.3.1) | wf_popups_jcemediabox_title (2.3.1) | wf_popups_window_title (2.3.1) | wf_layer_title (2.3.1) | wf_iframe_title (2.0.1) | wf_fullscreen_title (2.3.1) | wf_caption_title (2.0.3) | wf_clipboard_title (2.3.1) | wf_imgmanager_title (2.3.1) | wf_autosave_title (2.3.1) | wf_directionality_title (2.3.1) | wf_xhtmlxtras_title (2.3.1) | wf_print_title (2.3.1) | wf_visualchars_title (2.3.1) | wf_cleanup_title (2.3.1) | wf_article_title (2.3.1) | wf_link_title (2.3.1) | wf_browser_title (2.3.1) | wf_contextmenu_title (2.3.1) | wf_nonbreaking_title (2.3.1) | wf_preview_title (2.3.1) | [do not buy our kitchens!] (2.3.1) | wf_searchreplace_title (2.3.1) | wf_table_title (2.3.1) | wf_lists_title (2.3.1) | wf_source_title (2.3.1) | wf_inlinepopups_title (2.3.1) | wf_media_title (2.3.1) | wf_visualblocks_title (2.3.1) | wf_spellchecker_title (2.3.1) | wf_style_title (2.3.1) | wf_anchor_title (2.3.1) | wf_textcase_title (2.3.1) | default (1.0.0) | com_mailto (2.5.0) | com_wrapper (2.5.0) |
components :: admin :: chronoforms (4.0 rc3.4.1) | comprofiler (1.9) | comprofiler (1.9) | comprofiler (1.8.1) | com_login (2.5.0) | com_s2framework (1.4.14.72) | com_categories (2.5.0) | jw_disqus (3.2) | com_config (2.5.0) | acymailing tag : virtuemart in (1.2.1) | acymailing tag : insert modu (3.7.0) | acymailing tag : joomla user (3.7.0) | acymailing tag : content inser (3.7.0) | acymailing : trigger joomla co (3.7.0) | acymailing : (auto)subscribe d (3.7.0) | acymailing tag : date / time (3.7.0) | acymailing template class repl (3.7.0) | acymailing : share on social n (1.0.0) | acymailing tag : cb user infor (3.7.0) | acymailing tag : manage su (3.7.0) | acymailing table of contents g (1.0.0) | acymailing tag : website links (3.7.0) | acymailing module (3.7.0) | acymailing : statistics plugin (3.7.0) | acymailing : handle click trac (3.7.0) | acymailing manage text (1.0.0) | acymailing tag : subscriber in (3.7.0) | acymailing tag : jomsocial use (3.7.0) | acymailing (4.0.1) | com_templates (2.5.0) | akeebasubs (rev690d2be) | akeeba (3.6.12) | com_search (2.5.0) | com_installer (2.5.0) | com_jreviews (2.3.20.215) | jreviews (2.3.20.215) | com_cache (2.5.0) | plg_system_kunena (-) | mod_kunenamenu (2.0.3) | kunena menu (2.0.3) | plg_kunena_gravatar (2.0.3) | kunena - gravatar integration (2.0.3) | plg_quickicon_kunena (2.0.3) | plg_finder_kunena (2.0.3) | plg_kunena_finder (2.0.1) | plg_system_kunena (2.0.3) | system - kunena forum (2.0.3) | kunena - jomsocial integration (2.0.3) | plg_kunena_community (2.0.3) | plg_kunena_kunena (2.0.3) | kunena - kunena integration (2.0.3) | kunena - communitybuilder inte (2.0.3) | plg_kunena_comprofiler (2.0.3) | kunena - uddeim integration (2.0.3) | plg_kunena_uddeim (2.0.3) | plg_kunena_alphauserpoints (2.0.3) | kunena - alphauserpoints integ (2.0.3) | kunena - joomla integration (2.0.3) | plg_kunena_joomla (2.0.3) | com_kunena (2.0.3) | com_menus (2.5.0) | com_redirect (2.5.0) | system - slider (2.2.2free) | system - tabber (2.2.1free) | button - slider (2.2.2free) | button - tabber (2.2.1free) | plg_system_tabber (2.2.1free) | plg_system_slider (2.2.2free) | plg_editors-xtd_tabber (2.2.1free) | plg_editors-xtd_slider (2.2.2free) | system - nonumber framework (13.1.1) | plg_system_nnframework (13.1.1) | system - nonumber elements (13.1.1) | plg_system_nonumberelements (13.1.1) | nonumber installer (13.1.1) | ccinvoices (1.5.1) | ccinvoices (1.4.15) | plg_quickicon_jcefilebrowser (2.5.0) | editor - jce (2.3.1) | editor - jce (2.3.1) | jce file browser (2.3.1) | unknown (-) | jce (2.3.1) | com_plugins (2.5.0) | com_xmap (2.3.2) | csv_import (1.3.2) | com_users (2.5.0) | com_phocagallery (3.2.1) | com_weblinks (2.5.0) | com_modules (2.5.0) | com_banners (2.5.0) | com_joomlaupdate (2.5.0) | com_finder (2.5.0) | com_checkin (2.5.0) | extplorer (2.1.3) | com_cpanel (2.5.0) | imageshow (4.5.2) | imageshow (4.5.2) | com_autotweet (pro 5.10) | com_content (2.5.0) | com_jaamazons3 (2.5.0) | com_wordpress (3.3.1) | com_messages (2.5.0) | com_languages (2.5.0) | com_admin (2.5.0) | com_media (2.5.0) | com_newsfeeds (2.5.0) |

modules :: site :: akeeba subscriptions - subscri (1.0) | jreviews directories module (2.3) | maximenu ck (6.0.14) | mod_login (2.5.0) | mod_finder (2.5.0) | mod_breadcrumbs (2.5.0) | mod_random_image (2.5.0) | mod_articles_news (2.5.0) | jreviews range module (2.3) | wordpress recent comments (2.0) | wordpress latest posts (2.0) | social login (1.5) | geomaps module (2.3) | mod_stats (2.5.0) | jreviews fields module (2.3) | tabs & sliders (by joomlaw (2.0) | mod_footer (2.5.0) | jreviews favorite users module (2.3) | mod_banners (2.5.0) | pixsearchng (0.1.6) | mod_wrapper (2.5.0) | akeeba subscriptions - list su (1.0) | mod_syndicate (2.5.0) | custom code (by joomlaworks) (1.1) | mod_whosonline (2.5.0) | mod_feed (2.5.0) | mod_articles_latest (2.5.0) | bt login (2.4.1) | mod_articles_categories (2.5.0) | rokajaxsearch (1.1) | akeeba subscriptions - list of (1.0) | mod_custom (2.5.0) | mod_menu (2.5.0) | acymailing module (3.7.0) | mod_search (2.5.0) | mod_languages (2.5.0) | jreviews totals module (2.3) | mod_weblinks (2.5.0) | mod_articles_archive (2.5.0) | mod_articles_category (2.5.0) | jreviews listings module (2.3) | jsn imageshow (4.5.2) | wordpress multisite latest pos (2.0) | wordpress sidebar 1 (2.1) | cb login (1.8.1) | gtranslate (1.6.x.30) | mod_related_items (2.5.0) | jreviews reviews module (2.3) | mod_users_latest (2.5.0) | mod_articles_popular (2.5.0) | maximenu ck (6.1.2) | jreviews advanced search modul (2.3) |
modules :: admin :: mod_popular (2.5.0) | mod_login (2.5.0) | mod_quickicon (2.5.0) | mod_submenu (2.5.0) | latest akeeba subscriptions mo (1.0.0) | mod_latest (2.5.0) | mod_multilangstatus (2.5.0) | mod_toolbar (2.5.0) | mod_logged (2.5.0) | mod_feed (2.5.0) | mod_status (2.5.0) | mod_custom (2.5.0) | mod_menu (2.5.0) | jsn imageshow quick icons (4.5.2) | mod_title (2.5.0) | mod_version (2.5.0) | mod_autotweet_latest (3.4) | mod_autotweet_ctrlpanel (2.4) |

plugins :: site :: plg_search_content (2.5.0) | plg_search_contacts (2.5.0) | plg_search_newsfeeds (2.5.0) | search - wordpress (2.0.1) | plg_search_weblinks (2.5.0) | plg_search_categories (2.5.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_kunena (2.0.3) | plg_quickicon_jcefilebrowser (2.5.0) | plg_finder_content (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_newsfeeds (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_categories (2.5.0) | xmap - kunena plugin (2.0.3) | xmap - weblinks plugin (2.0.1) | xmap - content plugin (2.0.4) | theme classic (1.2.0) | source phoca (1.0.1) | source picasa (1.1.3) | plg_content_extravote (2.5.2) | plg_content_finder (2.5.0) | disqus comments joomla! (b (3.2) | plg_content_pagebreak (2.5.0) | plg_content_geshi (2.5.0) | plg_content_vote (2.5.0) | plg_content_loadmodule (2.5.0) | content - rich snippets vote (1.3) | jreviews (2.3.16) | plg_content_astimedrelease (1.0) | content - akeeba subscriptions (1.0) | plg_content_pagenavigation (2.5.0) | content - akeeba subscriptions (1.0) | content - jsn imageshow (4.5.2) | plg_content_joomla (2.5.0) | plg_content_emailcloak (2.5.0) | akeeba subscriptions - redshop (1.0) | akeeba subscriptions - automat (1.0) | akeeba subscriptions - intelle (1.0) | akeeba subscriptions - mailchi (1.0) | akeeba subscriptions - redshop (1.0) | akeeba subscriptions - custom (1.0) | akeeba subscriptions - delete (1.0) | akeeba subscriptions - agora (1.0) | akeeba subscriptions - virtuem (1.0) | akeeba subscriptions - jomsoci (1.0) | plg_akeebasubs_customfields (1.0) | akeeba subscriptions - k2 inte (1.0) | akeeba subscriptions - recaptc (1.0) | akeeba subscriptions - ip logg (1.0) | akeeba subscriptions - acymail (1.0) | akeeba subscriptions - project (1.0) | akeeba subscriptions - aceshop (1.0) | akeeba subscriptions - age ver (1.0) | akeeba subscriptions - sample (1.0) | akeeba subscriptions - joomlax (1.0) | akeeba subscriptions - communi (1.0) | akeeba subscriptions - jce int (1.0) | akeeba subscriptions - docman (1.0) | akeeba subscriptions - kunena (1.0) | akeeba subscriptions - easydis (1.0) | akeeba subscriptions - ccinvoi (1.0) | akeeba subscriptions - emails (1.0) | akeeba subscriptions - phoca d (1.0) | akeeba subscriptions - joomla! (1.0) | akeeba subscriptions - emails (1.0) | akeeba subscriptions - agree t (1.0) | akeeba subscriptions - adminis (1.0) | plg_captcha_recaptcha (2.5.0) | acymailing tag : virtuemart in (1.2.1) | acymailing : statistics plugin (3.7.0) | acymailing manage text (1.0.0) | acymailing tag : date / time (3.7.0) | acymailing tag : subscriber in (3.7.0) | acymailing tag : content inser (3.7.0) | acymailing tag : joomla user (3.7.0) | acymailing tag : website links (3.7.0) | acymailing tag : manage su (3.7.0) | acymailing tag : jomsocial use (3.7.0) | acymailing tag : jreviews inse (1.0.0) | acymailing tag : insert events (1.7.0) | acymailing tag : cb user infor (3.7.0) | acymailing : trigger joomla co (3.7.0) | acymailing tag : insert modu (3.7.0) | acymailing template class repl (3.7.0) | acymailing : handle click trac (3.7.0) | acymailing : share on social n (1.0.0) | acymailing table of contents g (1.0.0) | plg_editors_codemirror (1.0) | editor - jce (2.3.1) | plg_editors_tinymce (3.5.4.1) | plg_ccinvoicetags_akeebasubs_t (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | akeeba subscriptions payment - (1.0) | plg_extension_joomla (2.5.0) | plg_jmonitoring_akeebabackup_t (1.0) | user - wordpress (1.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_kunena_community (2.0.3) | plg_kunena_alphauserpoints (2.0.3) | plg_kunena_comprofiler (2.0.3) | plg_kunena_kunena (2.0.3) | plg_kunena_gravatar (2.0.3) | plg_kunena_joomla (2.0.3) | plg_kunena_uddeim (2.0.3) | plg_system_autotweetautomator (3.3) | system - ja amazon s3 (2.5.0) | acymailing : (auto)subscribe d (3.7.0) | system - disqus comments j (3.2) | system - idevaffiliate integra (1.0) | plg_system_logout (2.5.0) | plg_system_highlight (2.5.0) | plg_system_tabber (2.2.1free) | plg_system_jch_optimize (2.0.2) | system - maximenu ck mobile (1.0.0) | yoonique[.]net zopim (3.1.1) | system - akeeba subscriptions (1.0) | plg_system_sef (2.5.0) | system - post affiliate pro in (1.0) | plg_system_securityimages (6.0.3) | plg_system_debug (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_autotweetcontent (pro 3.1) | plg_system_remember (2.5.0) | system - social login (1.5) | plg_system_p3p (2.5.0) | plg_system_nnframework (13.1.1) | plg_system_languagecode (2.5.0) | system - akeeba subscriptions (1.1) | system - wordpress (1.3) | system - maximenu_ck params (2.0.0) | google maps (2.18) | system - ice speed (1.7.0) | plg_system_kunena (2.0.3) | plg_system_cache (2.5.0) | plg_system_jsnframework (1.2.0) | plg_system_log (2.5.0) | system - jsn imageshow (4.5.2) | plg_system_slider (2.2.2free) | plg_system_redirect (2.5.0) | ccinvoices offlline payment (1.0.0 stable) | ccinvoices mollie ideal paymen (1.0.0 stable) | ccinvoices authorizedotnet pay (1.5.0 stable) | ccinvoices paypal payment (1.0.0 stable) | ccinvoices 2checkout payment (1.5.0 stable) | plg_authentication_ldap (2.5.0) | plg_authentication_gmail (2.5.0) | authentication - wordpress (1.0) | plg_authentication_joomla (2.5.0) | plg_editors-xtd_tabber (2.2.1free) | plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_article (2.5.0) | button - imageshow (4.5.2) | plg_editors-xtd_slider (2.2.2free) |
templates discovered :: wrote:templates :: site :: beez5 (2.5.0) | jsn_epic_pro (4.5.1) | atomic (2.5.0) | beez_20 (2.5.0) |
templates :: admin :: hathor (2.5.0) | bluestork (2.5.0) |

if haven't cleaned files, recommend sucuri you; prices reasonable , fast, efficient, , thorough. i've had them clean 2 sites , did great job.





Comments

Post a Comment

Popular posts from this blog

How to change text Component easybook reloaded *newbee* - Joomla! Forum - community, help and support

-
Image
hi all, i started building websites joomla not long ago, can use help.. for got problem guestbook. i have installed easybook. , running on following website http://odoorn321.nl/ (under gastenboek) i want change text: waardering website (is dutch valuate website) waardering. idea rid of word website, because have valuate vacation home, not website. i have made screenshot of text want change. where , how going find css file change text? your appreciated! thanks no one? Board index Joomla! Older Version Support Joomla! 2.5 General Questions/New to Joomla! 2.5
Read more

After Effect warning: A problem occurred when processing OpenGL commands

-
i have after effects cs6 in computer cs5.5 installed. 64bit windows 7 ultimate 20gb memory , 2 amd radeon hd 6900 series display adapters drivers updated hour ago (driver date 27.7.2012, version 8.982.0.0).   when trying use after ecffects, error message " after effect warning: problem occurred when processing opengl commands " when clicking composition window.   what done? not much, i'm afraid. need older graphics driver. other disable second card or play configuration. unfortunately not smart person decided cs6 no longer need manual opengl control user, there's no way suppress within program force-revert software-only modes in case of such issues...   mylenium More discussions in After Effects adobe
Read more

Preconditions Failed. - Joomla! Forum - community, help and support

-
hello! i'm having problem; every time click save&close button, or save button, or close button module; following message appears: "precondition failed the precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request." it happens modules. thanks in advance. problem description :: forum post assistant (v1.2.3) : 13th november 2012 wrote: can\'t save changes or close module. log/error message :: forum post assistant (v1.2.3) : 13th november 2012 wrote: precondition failed precondition on request url /administrator/index.php evaluated false. additionally, 404 not found error encountered while trying use errordocument handle request. last php error(s) reported :: forum post assistant (v1.2.3) : 13th november 2012 wrote: [04-mar-2012 01:25:56] php fatal error: call member function get() on non-object in /home/joommmy1/addon/youngstaer/sub/teenace/public_html/templates/...
Read more