23360 Posts in 18104 Topics by 2862 members
|Go to End||Next >|
19 March 2009 at 12:53pm
There was some code echoing an iframe and loading content from http://goooogleadsence.biz/
The code was inserted into
The iframe html code was then appearing before the DocType on the site.
19 March 2009 at 12:56pm Last edited: 19 March 2009 12:59pm
Ryan helped to figure out this one...
the iframe from goooogleadsence(?) was created in cms/code/LeftAndMain.php
cms/code/CMSMain.php at the end of the file and index.html at the end of the file. It wouldn't let me log in and created all sort of errors. It redirected the site to ebay store. I think the origin is on a server, but not 100% sure.
19 March 2009 at 12:59pm
Right, i was just typing the same thing!
19 March 2009 at 1:01pm
How was someone able to write to those files? Take this up with your host. Sounds like the server is compromised.
27 March 2009 at 2:02am
This virus is not related to the host, but its related to client side malware.
This can be detected through Avast (try free version and it works well). This malware gets the ftp details from the session, connects the site you last connected through ftp, downloads index.* (index.html, index.htm, index.php, index.aspx etc), inserts the iframe code and finally uploads back to the server.
This malware can be detected by avas and your system will be free from that, but it doesnt cure the files on the server.
To cure files on the server, I am trying to write a script from past few days and seems its going to work fine, just fine-tuning the script as of now and will be releasing it soon.
The script is written in php file, so if you have php support on your server, this script is going to fix your problems.
You can check back at www.yourjoomlapro.com for the release.
27 March 2009 at 2:35am Last edited: 28 March 2009 5:16am
You are right,
It seems to be not a host.
I am pretty sure that it is not coming from my machine. The client has other sites running on the same account and i don't know who has an access to it... it could just spread out on my site? Or my machine? I have never dealt with things like that...
I am running scan regularly, but i am trying to use Avast as well.
your information is very helpful, i am very interested in that script you are writing!
27 March 2009 at 3:50am
The fix for the same is here:
This would help to fix the errors on the files corrupted on the server. Though, the malware on your computer or any of your client's computer needs to be fixed. It must be on any of the computer.
May be, checking the ftp log and ip would help you to trace the cause.
28 March 2009 at 5:19am
btw, really like Avast.
|Go to Top||Next >|