Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Can't stay Logged in to admin: Forbidden error: error saving page


Reply

42 Posts   8153 Views

Avatar
ryanwachtl

19 March 2009 at 12:53pm Community Member, 46 Posts

There was some code echoing an iframe and loading content from http://goooogleadsence.biz/

The code was inserted into

cms/code/LeftAndMain.php

cms/code/CMSMain.php

The iframe html code was then appearing before the DocType on the site.

Ryan

Avatar
Yulia

19 March 2009 at 12:56pm (Last edited: 19 March 2009 12:59pm), Community Member, 26 Posts

Ryan helped to figure out this one...

the iframe from goooogleadsence(?) was created in cms/code/LeftAndMain.php
cms/code/CMSMain.php at the end of the file and index.html at the end of the file. It wouldn't let me log in and created all sort of errors. It redirected the site to ebay store. I think the origin is on a server, but not 100% sure.

Avatar
Yulia

19 March 2009 at 12:59pm Community Member, 26 Posts

Right, i was just typing the same thing!

Avatar
Double-A-Ron

19 March 2009 at 1:01pm Community Member, 604 Posts

Crikey,

How was someone able to write to those files? Take this up with your host. Sounds like the server is compromised.

Avatar
yourjoomlapro

27 March 2009 at 2:02am Community Member, 2 Posts

Hi,

This virus is not related to the host, but its related to client side malware.

This can be detected through Avast (try free version and it works well). This malware gets the ftp details from the session, connects the site you last connected through ftp, downloads index.* (index.html, index.htm, index.php, index.aspx etc), inserts the iframe code and finally uploads back to the server.

This malware can be detected by avas and your system will be free from that, but it doesnt cure the files on the server.

To cure files on the server, I am trying to write a script from past few days and seems its going to work fine, just fine-tuning the script as of now and will be releasing it soon.

The script is written in php file, so if you have php support on your server, this script is going to fix your problems.

You can check back at www.yourjoomlapro.com for the release.

Regards,

Dave.

Avatar
Yulia

27 March 2009 at 2:35am (Last edited: 28 March 2009 5:16am), Community Member, 26 Posts

You are right,

It seems to be not a host.
I am pretty sure that it is not coming from my machine. The client has other sites running on the same account and i don't know who has an access to it... it could just spread out on my site? Or my machine? I have never dealt with things like that...

I am running scan regularly, but i am trying to use Avast as well.

your information is very helpful, i am very interested in that script you are writing!

Thank you,

Yulia

Avatar
yourjoomlapro

27 March 2009 at 3:50am Community Member, 2 Posts

Hi,

The fix for the same is here:

http://www.yourjoomlapro.com/

This would help to fix the errors on the files corrupted on the server. Though, the malware on your computer or any of your client's computer needs to be fixed. It must be on any of the computer.

May be, checking the ftp log and ip would help you to trace the cause.

Regards,

Dave.

Avatar
Yulia

28 March 2009 at 5:19am Community Member, 26 Posts

thank you!

btw, really like Avast.