test
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • konsulenten Friend
    #176180

    See source-code of: http://www.arctic-council.org/index.php/en/about/press-room

    Somewhere porn-links have been injected.

    Where are they and how can we prevent this from happening again?

    Thanks.

    Regards,
    Reidar Nygård

    chavan Friend
    #448523

    I don’t see anything like that. hope your site is currently clean…

    Please check again….

    konsulenten Friend
    #448533

    Hi again

    Page: http://www.arctic-council.org/index.php/en/about/press-room
    Source-code.

    Lines : 546 – 570…
    Se excerpt.

    ” <p class=”readmore”>
    <a href=”/index.php/en/about/press-room/400-stockholm-polar-week-26-29-march-2012″>
    Read more…</a>
    </p>

    </div>

    </div>

    </div>
    </div>

    </div><a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.unece.net/” title=”united nations”>unece</a>
    <div style=”display:none”>
    <a style=”font-size: 0pt; color:#FFFFFF;” href=”http://cruxelectronics.com/” title=”cruxelectronics”>cruxelectronics</a>
    <a style=”font-size: 0pt; color:#FFFFFF;” href=”http://besthealthcures.com/” title=”besthealthcures”>besthealthcures</a>
    <a href=”http://www.deutschsexvideo.com” title=”youporn deutsch”>youporn deutsch</a>
    <a href=”http://www.onetones.com” title=”free porn”>free porn video</a>
    <a href=”http://www.sendesik.net” title=”porno”>porno</a>
    <a href=”http://www.deutschpornvideo.net/” rel=”follow”>deutsch porn</a>
    *<a href=”http://www.germanpornvideos.net/” rel=”follow”>german porn</a>
    <a href=”http://www.kralkafe.tk ” title=”siki� izle, turk porno, sex izle, xnxx, xhamster”>pornoizle</a>
    <a href=”http://www.kralsikis.net ” title=”siki� hikaye, turk porno hikaye, sex hikaye, xnxx hikaye, erotik”>sex hikaye</a>
    <a href=”http://www.hemenescortbul.com ” title=”escort, turk escort, escortbayan, bayanescort, istanbulescort”>escortbayan</a>
    <a href=”http://www.incips.com/” title=”free porn”>free porn</a>
    <a href=”http://www.kralcafe.info” title=”porno izle” rel=”friend met”>porno</a> ,
    <a href=”http://www.esikisizle.org” title=”porno izle” rel=”friend met”>porno</a>
    <a href=”http://www.pk5.net” title=”xxx”>xxx</a>
    <a href=”http://germanboom.com” title=”german boom”>german boom</a>
    <a href=”http://xfreepornvideos.net” title=”youporn”>youporn</a>
    <a href=”http://girlfingeringgirl.com/Teen-porn-category1.html” title=”teen porn”>teen porn</a>
    <a href=”http://virginsexstory.com” title=”virgin sex”>virgin sex</a>
    <a href=”http://sexpornerotic.net” title=”porntube”>porntube</a>
    </div>
    <a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.healtvideos.com/” title=”worldehealth”>worldehealth</a>
    <a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.hivvids.com/” title=”hiv videos”>hiv videos</a>

    </div>

    <div id=”ja-content-bottom” class=”ja-content-bottom clearfix”>
    <div class=”ja-moduletable moduletable clearfix” id=”Mod230″>

    tfosnom Friend
    #448538

    <em>@konsulenten 313977 wrote:</em><blockquote>See source-code of: http://www.arctic-council.org/index.php/en/about/press-room Somewhere porn-links have been injected. Where are they and how can we prevent this from happening again? Thanks. Regards, Reidar Nygård</blockquote> I confirm the links exist in the source code for the page I’ve edited the links so the editor doesn’t parse the links etc. In source code is setting links to not display and color to white to match background. <blockquote>cruxelectronics.com/”xxxxxectronics bestxxxxcures.com/”bestxxxxcures.xxxxxsexvideo.com”youporn deutsch.xxxxx.com”free porn video.sxxxxxx.net”porno/.xxxxxpornvideo.net/”deutsch porn.xxxxxxpornvideos.net/”german porn.kxxxxxx.tk”poxxxxe.xxxxx.net”sex hikaye.xxxxxxxx.com”escortbayanixxxx.com/”free porn</blockquote> Looks like the share button and script may be at fault, the div structure in source around the share button looks suspect, I’d remove the share button and any code that links to the http://www.addthis.com/bookmark.html. Hope this assists and you get it sorted, please let us know if you solve it Regards Shane

    konsulenten Friend
    #448548

    Hi again

    Removed the AddThis, but links are still there.

    Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere.

    Regards
    Reidar

    tfosnom Friend
    #448555

    <em>@konsulenten 314019 wrote:</em><blockquote>Hi again Removed the AddThis, but links are still there. Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere. Regards Reidar</blockquote> Hard to diagnose. I had something similar but my host found it and fixed it. Go to ftp and look at your folder structure, look for anything unusual I think mine was a subfolder under a rarely used folder , checkdate and timestamp in logs etc Cheers Shane

    konsulenten Friend
    #448559

    Does there exist an overview of how the Pages are built in T3 framwork (Community Plus template)?

    Reidar

    Sherlock Friend
    #449453

    Hi Reidar,

    In T3 framework, the pages are generated through jat3 system plugin that involved quite a lot of php files, I think you can check those files templatesyour_templateindex.php, files under the folder of templatesyour_templateblocks, files under the folders
    pluginssystemjat3jat3base-themesdefaultblocks and pluginssystemjat3jat3base-themesdefaultpage

Viewing 8 posts - 1 through 8 (of 8 total)

This topic contains 8 replies, has 4 voices, and was last updated by  Sherlock 12 years, 8 months ago.

We moved to new unified forum. Please post all new support queries in our New Forum