Malicious Cookie in template
-
-
- John Moore
- Newbie
- Posts: 16
- Thanks: 0
-
Can anyone help or give some advice please.
I have two Joomla 1.0.15 website both on different services but both have the same issue. When you start the home page with IE a malicious cookie is started and tries to infect the user’s computer. If you use IE7 the cookie is stopped if you use FireFox it has no effect at all. But if you use IE6 then you are in big trouble.
I have found that is I change the site template the cookie does not load so somehow some malicious code must of got into the template but how and how can I stop it or at least find out before any damage. One site security is very tight on a new server so I am at a loss to how it happens, its taken me a night to reload the site and now all the file permissions are set correctly and half the components don’t work.
Has anyone seen this before and how best to stop it please?
PS Only one template was a RT
-
-
-
- Ragdata
- Elite Rocketeer
- Posts: 614
- Thanks: 0
- Software Engineer
-
OK ... my guess is that this is just a case of an over-zealous anti-spyware program and a lack of education.
A cookie is just a text file. In certain instances they CAN contain scripts, but the last major flaw in IE6 that made this anything close to dangerous was closed by Microsoft in 2002. Otherwise, they can really only contain session-type information. In the worst possible case, a cookie can let a spammer know that your email account is active, and which sites you've been frequenting so they can build a picture of your interests.
I'd be far more concerned with the security of your hosting platform. Honestly, I think this is just a case of your anti-spyware program being alarmist about a perfectly innocent cookie. If it's not, however, you need to find out when and how someone hacked your site to include the code which places 'the cookie that ate Manhattan'. - Ragdata's Rubber Duck
www.ragdata.net/
-
Time to create page: 0.053 seconds