Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Can't stay Logged in to admin: Forbidden error: error saving page » General Questions

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Can't stay Logged in to admin: Forbidden error: error saving page

Go to End


42 Posts   13555 Views

Avatar
ryanwachtl

Community Member, 46 Posts

19 March 2009 at 12:53pm

There was some code echoing an iframe and loading content from http://goooogleadsence.biz/

The code was inserted into 

cms/code/LeftAndMain.php

cms/code/CMSMain.php

The iframe html code was then appearing before the DocType on the site.

Ryan

Avatar
Yulia

Community Member, 26 Posts

19 March 2009 at 12:56pm

Edited: 19/03/2009 12:59pm

Ryan helped to figure out this one...

the iframe from goooogleadsence(?) was created in cms/code/LeftAndMain.php
cms/code/CMSMain.php at the end of the file and index.html at the end of the file. It wouldn't let me log in and created all sort of errors. It redirected the site to ebay store. I think the origin is on a server, but not 100% sure.

Avatar
Yulia

Community Member, 26 Posts

19 March 2009 at 12:59pm

Right, i was just typing the same thing!

Avatar
Double-A-Ron

Community Member, 607 Posts

19 March 2009 at 1:01pm

Crikey,

How was someone able to write to those files? Take this up with your host. Sounds like the server is compromised.

Avatar
yourjoomlapro

Community Member, 2 Posts

27 March 2009 at 2:02am

Hi,

This virus is not related to the host, but its related to client side malware.

This can be detected through Avast (try free version and it works well). This malware gets the ftp details from the session, connects the site you last connected through ftp, downloads index.* (index.html, index.htm, index.php, index.aspx etc), inserts the iframe code and finally uploads back to the server.

This malware can be detected by avas and your system will be free from that, but it doesnt cure the files on the server.

To cure files on the server, I am trying to write a script from past few days and seems its going to work fine, just fine-tuning the script as of now and will be releasing it soon.

The script is written in php file, so if you have php support on your server, this script is going to fix your problems.

You can check back at www.yourjoomlapro.com for the release.

Regards,

Dave.

Avatar
Yulia

Community Member, 26 Posts

27 March 2009 at 2:35am

Edited: 28/03/2009 5:16am

You are right,

It seems to be not a host.
I am pretty sure that it is not coming from my machine. The client has other sites running on the same account and i don't know who has an access to it... it could just spread out on my site? Or my machine? I have never dealt with things like that...

I am running scan regularly, but i am trying to use Avast as well.

your information is very helpful, i am very interested in that script you are writing!

Thank you,

Yulia

Avatar
yourjoomlapro

Community Member, 2 Posts

27 March 2009 at 3:50am

Hi,

The fix for the same is here:

http://www.yourjoomlapro.com/

This would help to fix the errors on the files corrupted on the server. Though, the malware on your computer or any of your client's computer needs to be fixed. It must be on any of the computer.

May be, checking the ftp log and ip would help you to trace the cause.

Regards,

Dave.

Avatar
Yulia

Community Member, 26 Posts

28 March 2009 at 5:19am


thank you!

btw, really like Avast.

Go to Top
Go to TopReturn to top