• 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!

TOPIC: hack - template stuffed with seo ad links

hack - template stuffed with seo ad links 14 years 6 months ago #8434

  • bertm
  • bertm's Avatar
  • OFFLINE
  • Fresh Boarder
  • Posts: 5
  • Thank you received: 1
FYI. Hack info in case it may be useful to others. I am still chasing this down.

I have found the attached PHP files in my Joomla site that will stuff my template's index.php with hundreds of ad links wrapped in a div with display:none. My robots.txt had been modified, deleting the line "Disallow: /includes/" and a new IMG folder was created under "incluldes" with tons of PHP files that generated these ads. I have attached a RAR file of the offending PHP files that I found in the system (folder structure intact).

When the exploit hit, I was running J 1.5.12 and had not upgraded to 1.5.14 yet.

Interesting, I have observed that the free/demo version of Firewall will run on my localhost, but not on my livesite. "Perform System Check" shows activity bars, but returns to the same screen without any results. Any thoughts?
Last Edit: 11 years 11 months ago by bogdan.
The administrator has disabled public write access.

Re:hack - template stuffed with seo ad links 14 years 6 months ago #8437

  • alexp
  • alexp's Avatar
  • OFFLINE
  • RSJoomla! Official Staff
  • Posts: 2253
  • Thank you received: 180
Hello,

This is a pretty common exploit method...and it is detected by RSFirewall without too much effort.

Upon running the system check does it through some error...? Please make sure that your server meet the product minimum requirements stated in the documentation.

The demo version was only designed to demonstrate and present what the full product can do.
Please note: my help is not official customer support. To receive your support, submit a ticket by clicking here
Regards,
RSJoomla! Development Team
The administrator has disabled public write access.

Re:hack - template stuffed with seo ad links 14 years 4 months ago #8880

I had my site hacked....Sounds similar

I had the following hit.

Configuration.php
index.php
Template index.php

Plus a few others....A total of 33 sites...So, I instantly purchased RSFirewall and started removing all the junk they put in my sites. I think I had about 100 hours fixing everything that includes running RSFirewall and fixing all vulnerabilities.

I finally feel safe and will continue to put RSFirewall on all my sites…I also used this extension as well and found it helpful. Be sure to donate your 2Euros to keep them working on it.

James
James Wright
The administrator has disabled public write access.
  • 1

Read this first!

We do not monitor these forums. The forum is provided to exchange information and experience with other users ONLY. Forum responses are not guaranteed.

However, please submit a ticket if you have an active subscription and wish to receive support. Our ticketing system is the only way of getting in touch with RSJoomla! and receiving the official RSJoomla! Customer Support.

For more information, the Support Policy is located here.

Thank you!