ROCKETTHEME IS CLOSING ON JUNE 30, 2025. As a thank-you to our community, enjoy 50% off all themes with the promo code THANKYOU before we shut down.
Read our Farewell Blog Post for more details.
Cross Site Scripting Victim?
-
-
- Dan P.
- Sr. Rocketeer
- Posts: 205
- Thanks: 0
-
I think I am the victim of cross site scripting or something is seriously wrong with my site.
Some of the images in the forums are not loading and if you dare click on them, they redirect you to the following sites or start loading crap from other sites:
You can see their domain names in the lower left corner of the status bar and the site loads.
I applied the patches, too late of course. What is my next course of action? - Last Edit: 16 years 9 months ago by Dan P..
-
-
-
- Kevin Hyland
- Sr. Rocketeer
- Posts: 117
- Thanks: 0
-
Hi
I'm no expert but check the htaccess file - it may have been modified or if you did not have one active, it may have been dropped onto your server by a wee hacker. You could also see if a particular page on your site has been hacked by searching the rogue url in the html coding.
I'd let your webhost know as well as they may be able to do a more in-dpeth search of your webspace. I had a ripped copy of Italian language DVD hiding away in my webspace and was not aware of it until I queired why I was using 1.4gb of webspace!! :-[
As I said - I'm no expert but I thought I might give you something to look into while waiting for the experts to jump in to assist you.
Cheers
Kevin
-
-
-
- Kevin Hyland
- Sr. Rocketeer
- Posts: 117
- Thanks: 0
-
I dunno!! I'm the last person in the world to ask for advice on locking down Joomla :-[
Hackers seem to be able to walk onto my server like a stealth bomber and drop whatever they want on me and leave undetected!! The last time they got on was via error.php and before that it was via Xplorer. Each time I get hit, I tighten things down with the advise given by my hoster - the attacks seem to be less and less now.....but I still keep at eye out during the school holidays to see if the script kids come out to play again! I wish I could understand the finer art of htaccess but I stick to using php.ini as it's a bit more simplistic for me!! After I got my first attack, I went to the Joomla.org site and looked at the security measures that are suppose to be done as standard...bit of an eye opener!!
I can post a copy of my php.ini if you think it may help but it may also cause conflicts with your htaccess.
Do you have a back up of the website? Might be easier to blow everything away, then restore the site and tighten everything down before going live again?
As I said before - I'm no expert on this! Just learning the hard way!
Cheers
Kevin
-
-
-
- Kevin Hyland
- Sr. Rocketeer
- Posts: 117
- Thanks: 0
-
Looks like you're not alone...
www.quartertothree.com/game-talk/showthr...=1441284#post1441284
K
-
Time to create page: 0.077 seconds