Joomla Templates Club 406,261 posts

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#994691

When I click the email icon on an article a window pops up and shows the below. I have had trouble with malicious files and would like to know which Argo template files to overwrite with new files from a fresh Argo template.

The site ahead contains malware

Attackers currently on realstatistics.info might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).
Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE DETAILS
Google Safe Browsing recently detected malware on cameotimes.com. Websites that are normally safe are sometimes infected with malware. The malicious content comes from realstatistics.info, a known malware distributor. Learn more.

If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#994722

Hi,

Please try to check this way:

• Switch default template on your site (JA Argo) to a standard template of Joomla like Beez / Protostar and send email again

• Try to temporarily disable any 3rd party extensions used on your site, if you have comment system for article content, disable it also.

And let me know how it goes.

Regards

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#994986

another site does this for the pop-up email – different from the other site which has the malicious message.
When I changed to Beez3 the email pop-up works.

parse error: failed at (~".span@{index}") { .span(@index); } line: 1341

I also noticed when I tried to use anything but the blue template pages didn’t work. I have been doing some editing using LESS and maybe this has done some bad things. Here’s the non-blue template error for all pages.
parse error: failed at (~".span@{index}") { .span(@index); } line: 1341

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#995728

Hi,

Could you update the URL of page where I can replicate issue?

Also provide the login info: http://static.joomlart.com/images/blog/2015/nov/Add-new-post.gif

Regards

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#998389

http://cameotimes.com/index.php/profiles-1/allegorical/anchor-of-hope

All email sending on any article is being redirected to RealStatisics.info.
I have replaced most of the Mailto files and somewhere else is the redirect to Realstatistics.info, a site my host says is malicious.
Other Argo sites work fine for sending email on the articles.
Richard

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#998451

Hi Richard,

Could you ask the host for help to find out the affected files? I also see the reported malware when clicking email.

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#999139

Siteground had no answers. They sent me the list of files with malicious inserts. Getting fid of them does nothing for the email problem. In fact, they got the parse error: failed at (~".span@{index}") { .span(@index); } line: 1341 as they were not using Chrome.
Any idea what ARGO files are involved. I did try other templates and the error is not occurring.

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#999186

Hi,

If template files are involved, after removing them, pls update the associated files from template package of JA Argo. May I know you use our template package originally or just install template in existing site? As this is the first time I’ve seen our template files having malicious.

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#1001353

I have replaced many of the files individually, but had some trouble using the zip file of the template and unzipping.
Maybe I’m doing something wrong.

What is the procedure for updating the template?

I’m now getting the malicious files inserting themselves and Siteground is cutting off the site as emails seem to be sent out by the newly installed malicious files. This happens when using Breezing Forms or any communication to the site.

Deleting or overwriting the files cures the problem (they send a list of files that are bad.)
Here is the latest list after send a registration form in Breezing Forms.
The — means deletion and ++ means overwriting with a good file.
— HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/components/com_modules/models/xml.php
— HEX|eval_base64_obf_mailer|c8d9aad52c1fc91df37f12c3ec89d98d|26/12/16|/home/richa292/public_html/cameotimes.com/components/com_breezingforms/libraries/js/footer86.php
— HEX|PHP_Backdoor|085bee72055750f499fcb75f68d0fb57|26/12/16|/home/richa292/public_html/cameotimes.com/footer.php
++ GEN|eval_base64decode|e8781a70a6c5154e1170a4ed32ef408a|08/01/17|/home/richa292/public_html/cameotimes.com/includes/framework.php
— HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/templates/beez3/javascript/user.php
++ GEN|eval_base64decode|b272dacc10cda4527b245fced4dbdfec|08/01/17|/home/richa292/public_html/cameotimes.com/index.php

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#1001489

It looks like it effected files from Breezing Form extension and Joomla core already, I don’t see any file from our template.

Could you also check with these 3 party extensions?

[richnyc30 Friend richnyc30Join date: June 2011Posts: 105Downloads:31Uploads:4 Thanks: 3 Thanked: 1 times in 1 posts]

#1001676

Please tell me how to update the ARgo template.

[Saguaros Moderator SaguarosJoin date: September 2014Posts: 31405Downloads:237Uploads:471 Thanks: 845 Thanked: 5346 times in 4964 posts]

#1001755

You can use JA Extension Manager component (JAEM) – a free extension to update JA Argo template. What you can do is:

• BACKUP your site first
• Go to Administrator > Components > JAEM and put your JoomlArt memebership account into Services Manager of this component, remember to set JoomlArt updates services as default service.
• Check new version for JA Argo template, you can see which files/folders will be updated

Download: https://www.joomlart.com/downloads/free-joomla-extensions/joomla-3-2-5-ja-extensions-manager/
Docs: https://www.joomlart.com/documentation/joomla-component/ja-extension-manager

[Author]

Posts