Tagged: email
-
AuthorPosts
-
richnyc30 Friend
richnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
December 14, 2016 at 11:06 pm #994691When I click the email icon on an article a window pops up and shows the below. I have had trouble with malicious files and would like to know which Argo template files to overwrite with new files from a fresh Argo template.
The site ahead contains malware
Attackers currently on realstatistics.info might attempt to install dangerous programs on your computer that steal or delete your information (for example, photos, passwords, messages, and credit cards).
Automatically report details of possible security incidents to Google. Privacy policy
Back to safetyHIDE DETAILS
Google Safe Browsing recently detected malware on cameotimes.com. Websites that are normally safe are sometimes infected with malware. The malicious content comes from realstatistics.info, a known malware distributor. Learn more.If you understand the risks to your security, you may visit this unsafe site before the dangerous programs have been removed.
Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
December 15, 2016 at 2:21 am #994722Hi,
Please try to check this way:
-
Switch default template on your site (JA Argo) to a standard template of Joomla like Beez / Protostar and send email again
- Try to temporarily disable any 3rd party extensions used on your site, if you have comment system for article content, disable it also.
And let me know how it goes.
Regards
richnyc30 Friendrichnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
December 16, 2016 at 5:46 am #994986another site does this for the pop-up email – different from the other site which has the malicious message.
When I changed to Beez3 the email pop-up works.parse error: failed at
(~".span@{index}") { .span(@index); }
line: 1341I also noticed when I tried to use anything but the blue template pages didn’t work. I have been doing some editing using LESS and maybe this has done some bad things. Here’s the non-blue template error for all pages.
parse error: failed at(~".span@{index}") { .span(@index); }
line: 1341Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
December 19, 2016 at 10:42 am #995728Hi,
Could you update the URL of page where I can replicate issue?
Also provide the login info: http://static.joomlart.com/images/blog/2015/nov/Add-new-post.gif
Regards
richnyc30 Friendrichnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
December 30, 2016 at 4:55 am #998389http://cameotimes.com/index.php/profiles-1/allegorical/anchor-of-hope
All email sending on any article is being redirected to RealStatisics.info.
I have replaced most of the Mailto files and somewhere else is the redirect to Realstatistics.info, a site my host says is malicious.
Other Argo sites work fine for sending email on the articles.
RichardSaguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
December 30, 2016 at 7:34 am #998451Hi Richard,
Could you ask the host for help to find out the affected files? I also see the reported malware when clicking email.
richnyc30 Friendrichnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
January 3, 2017 at 4:10 am #999139Siteground had no answers. They sent me the list of files with malicious inserts. Getting fid of them does nothing for the email problem. In fact, they got the parse error: failed at (~".span@{index}") { .span(@index); } line: 1341 as they were not using Chrome.
Any idea what ARGO files are involved. I did try other templates and the error is not occurring.Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
January 3, 2017 at 8:26 am #999186Hi,
If template files are involved, after removing them, pls update the associated files from template package of JA Argo. May I know you use our template package originally or just install template in existing site? As this is the first time I’ve seen our template files having malicious.
richnyc30 Friendrichnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
January 10, 2017 at 6:01 pm #1001353I have replaced many of the files individually, but had some trouble using the zip file of the template and unzipping.
Maybe I’m doing something wrong.What is the procedure for updating the template?
I’m now getting the malicious files inserting themselves and Siteground is cutting off the site as emails seem to be sent out by the newly installed malicious files. This happens when using Breezing Forms or any communication to the site.
Deleting or overwriting the files cures the problem (they send a list of files that are bad.)
Here is the latest list after send a registration form in Breezing Forms.
The — means deletion and ++ means overwriting with a good file.
— HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/components/com_modules/models/xml.php
— HEX|eval_base64_obf_mailer|c8d9aad52c1fc91df37f12c3ec89d98d|26/12/16|/home/richa292/public_html/cameotimes.com/components/com_breezingforms/libraries/js/footer86.php
— HEX|PHP_Backdoor|085bee72055750f499fcb75f68d0fb57|26/12/16|/home/richa292/public_html/cameotimes.com/footer.php
++ GEN|eval_base64decode|e8781a70a6c5154e1170a4ed32ef408a|08/01/17|/home/richa292/public_html/cameotimes.com/includes/framework.php
— HEX|eval_base64_obf_mailer|8d23dab52a032fc5db3281fb1309d55a|15/01/16|/home/richa292/public_html/cameotimes.com/templates/beez3/javascript/user.php
++ GEN|eval_base64decode|b272dacc10cda4527b245fced4dbdfec|08/01/17|/home/richa292/public_html/cameotimes.com/index.phpSaguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
January 11, 2017 at 4:14 am #1001489It looks like it effected files from Breezing Form extension and Joomla core already, I don’t see any file from our template.
Could you also check with these 3 party extensions?
richnyc30 Friendrichnyc30
- Join date:
- June 2011
- Posts:
- 105
- Downloads:
- 31
- Uploads:
- 4
- Thanks:
- 3
- Thanked:
- 1 times in 1 posts
January 11, 2017 at 8:47 pm #1001676Please tell me how to update the ARgo template.
Saguaros ModeratorSaguaros
- Join date:
- September 2014
- Posts:
- 31405
- Downloads:
- 237
- Uploads:
- 471
- Thanks:
- 845
- Thanked:
- 5346 times in 4964 posts
January 12, 2017 at 8:20 am #1001755You can use JA Extension Manager component (JAEM) – a free extension to update JA Argo template. What you can do is:
- BACKUP your site first
- Go to Administrator > Components > JAEM and put your JoomlArt memebership account into Services Manager of this component, remember to set JoomlArt updates services as default service.
- Check new version for JA Argo template, you can see which files/folders will be updated
Download: https://www.joomlart.com/downloads/free-joomla-extensions/joomla-3-2-5-ja-extensions-manager/
Docs: https://www.joomlart.com/documentation/joomla-component/ja-extension-manager -
AuthorPosts
This topic contains 11 replies, has 2 voices, and was last updated by Saguaros 7 years, 11 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum