0
Welcome Guest! Login
0 items Join Now

Problem with a virus - could templates be infected?

Last Post
Search Topic

  • Problem with a virus - could templates be infected?

    Posted 12 years 7 months ago
    • I tried to install a Joomla site via rocket launcher today.
      First, I installed Halcyon. After finishing the installation, all subpage URLs redirected to ya.ru. Obviously a malicious script. Instead of trying to find the script, I decided to re-install after deleting the whole directory.
      From a different computer, I downloaded Ionosphere this time, upped via ftp, installed it (new database) - same problem.
      No other extensions were installed when the problem appeared.
      The installation is on my managed server - all other sites on same server show no problems.
      When I checked the root, I found a .htaccess file with the malicious code in it. The .htaccess in the site folder seems to be unaffected though.
      Any ideas?
    #869431
    • David Goode's Avatar
    • David Goode
    • Preeminent Rocketeer
    • Posts: 17058
    • Thanks: 890
    • Web Designer and Host

    Re: Problem with a virus - could templates be infected?

    Posted 12 years 7 months ago
    • Hi there,

      Could be a whole range of things. Most probably an injection script through an out of date installation/extension.

      Only other time I have seen this sort of issue is when people have downloaded templates from sites other than the official RocketTheme site.

      Please remember that a re-install will only overwrite the files in the installation. If the file has been injected then that file is likely to still remain on the server. Good luck in cleaning up.

    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information
    #869437

  • Re: Problem with a virus - could templates be infected?

    Posted 12 years 7 months ago
    • Yep looks like the templates are not the problem here. Found several htaccess files are hacked. On a server with like 20 websites installed there it will be quite a task to find the script.
      Aside from checking the server logs for the date when the htaccess files were altered, any suggestions what I could do to find the malicious script? Any software that can be used on the server, or is there any way to find php files that do not normally belong to Joomla?
    #869605
    • David Goode's Avatar
    • David Goode
    • Preeminent Rocketeer
    • Posts: 17058
    • Thanks: 890
    • Web Designer and Host

    Re: Problem with a virus - could templates be infected?

    Posted 12 years 7 months ago
    • Hi there,

      I have used a combination of Akeeba Admin Tools Pro and OSE Security Suite

      Hope this helps 8)

    • Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information
    #869610

Time to create page: 0.163 seconds