0
Welcome Guest! Login
0 items Join Now

Template being modified by remote user

Last Post
Search Topic

  • Template being modified by remote user

    Posted 15 years 1 month ago
    • I have a single site that is constantly being modified looks like every 2 days. I was able to track down the IP that is making this change and found the following logs

      89.149.244.135 - - [11/Mar/2010:16:06:16 -0600] "GET /administrator/index.php HTTP/1.1" 200 4161 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
      89.149.244.135 - - [11/Mar/2010:16:06:16 -0600] "POST /administrator/index.php HTTP/1.1" 301 - " sccysa.org/administrator/index.php " "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
      89.149.244.135 - - [11/Mar/2010:16:06:17 -0600] "GET /administrator/index.php HTTP/1.1" 200 28507 " sccysa.org/administrator/index.php " "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
      89.149.244.135 - - [11/Mar/2010:16:06:18 -0600] "GET /administrator/index.php?option=com_templates&task=edit&cid[]=rt_solarsentinel_j15&client=0 HTTP/1.1" 200 50469 " sccysa.org/administrator/index.php " "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
      89.149.244.135 - - [11/Mar/2010:16:06:20 -0600] "POST /administrator/index.php HTTP/1.1" 200 739937 " sccysa.org/administrator/index.php?optio...plates&task=edit&cid []=rt_solarsentinel_j15&client=0" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
      89.149.244.135 - - [11/Mar/2010:16:06:22 -0600] "POST /administrator/index.php HTTP/1.1" 301 - " sccysa.org/administrator/index.php " "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"

      I don't know how this person is gaining access to my template to make these changes. I have went through the Joomla security settings and changed file and FTP permissions but am still having this problem.

      They embed random stuff such as
      </script>
      <div id="asdasd"><a href=" 1indgang.dk/pdf/89/viagra-product-information-doses.html " title="viagra product information doses">viagra product information doses</a>
      <a href=" 1indgang.dk/pdf/89/viagra-and-discovery.html " title="viagra and discovery">viagra and discovery</a>

      <a href=" 1indgang.dk/pdf/89/viagra-no-prescription-next-day-air.html " title="viagra no prescription next day air">viagra no prescription next day air</a>
      <a href=" 1indgang.dk/pdf/89/viagra-and-roids.html " title="viagra and roids">viagra and roids</a>


      Any help would greatly be appreciated.
      Joe
    • Above Web Media
      www.AboveWebMedia.com
      www.STLHosts.com
      Putting your business one click from your customers
    #473700

  • Re: Template being modified by remote user

    Posted 15 years 1 month ago
    • Hello,

      You might need to also change your user account username and password to prevent this as well. Not just the FTP.

      Cheers
    #474151

  • Re: Template being modified by remote user

    Posted 15 years 1 month ago
    • I search high and low yesterday looking to see if there is some type of code being generated on the site I can seem to track anything down.

      I changed the database password just in case this was being manage by a SQL account. I will look at changing the site info in the next step.

      Thanks for the advices.

      Joe
    • Above Web Media
      www.AboveWebMedia.com
      www.STLHosts.com
      Putting your business one click from your customers
    #474166

Time to create page: 0.084 seconds