Joomla Templates Club 406,261 posts

[konsulenten Friend konsulentenJoin date: June 2010Posts: 15Downloads:0Uploads:1 Thanks: 3]

#176180

See source-code of: http://www.arctic-council.org/index.php/en/about/press-room

Somewhere porn-links have been injected.

Where are they and how can we prevent this from happening again?

Thanks.

Regards,
Reidar Nygård

[chavan Friend chavanJoin date: October 2014Posts: 4612Downloads:0Uploads:110 Thanked: 1440 times in 1290 posts]

#448523

I don’t see anything like that. hope your site is currently clean…

Please check again….

[konsulenten Friend konsulentenJoin date: June 2010Posts: 15Downloads:0Uploads:1 Thanks: 3]

#448533

Hi again

Page: http://www.arctic-council.org/index.php/en/about/press-room
Source-code.

Lines : 546 – 570…
Se excerpt.

” <p class=”readmore”>
<a href=”/index.php/en/about/press-room/400-stockholm-polar-week-26-29-march-2012″>
Read more…</a>
</p>

</div>

</div>

</div>
</div>

</div><a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.unece.net/” title=”united nations”>unece</a>
<div style=”display:none”>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://cruxelectronics.com/” title=”cruxelectronics”>cruxelectronics</a>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://besthealthcures.com/” title=”besthealthcures”>besthealthcures</a>
<a href=”http://www.deutschsexvideo.com” title=”youporn deutsch”>youporn deutsch</a>
<a href=”http://www.onetones.com” title=”free porn”>free porn video</a>
<a href=”http://www.sendesik.net” title=”porno”>porno</a>
<a href=”http://www.deutschpornvideo.net/” rel=”follow”>deutsch porn</a>
*<a href=”http://www.germanpornvideos.net/” rel=”follow”>german porn</a>
<a href=”http://www.kralkafe.tk ” title=”siki� izle, turk porno, sex izle, xnxx, xhamster”>pornoizle</a>
<a href=”http://www.kralsikis.net ” title=”siki� hikaye, turk porno hikaye, sex hikaye, xnxx hikaye, erotik”>sex hikaye</a>
<a href=”http://www.hemenescortbul.com ” title=”escort, turk escort, escortbayan, bayanescort, istanbulescort”>escortbayan</a>
<a href=”http://www.incips.com/” title=”free porn”>free porn</a>
<a href=”http://www.kralcafe.info” title=”porno izle” rel=”friend met”>porno</a> ,
<a href=”http://www.esikisizle.org” title=”porno izle” rel=”friend met”>porno</a>
<a href=”http://www.pk5.net” title=”xxx”>xxx</a>
<a href=”http://germanboom.com” title=”german boom”>german boom</a>
<a href=”http://xfreepornvideos.net” title=”youporn”>youporn</a>
<a href=”http://girlfingeringgirl.com/Teen-porn-category1.html” title=”teen porn”>teen porn</a>
<a href=”http://virginsexstory.com” title=”virgin sex”>virgin sex</a>
<a href=”http://sexpornerotic.net” title=”porntube”>porntube</a>
</div>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.healtvideos.com/” title=”worldehealth”>worldehealth</a>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.hivvids.com/” title=”hiv videos”>hiv videos</a>

</div>

<div id=”ja-content-bottom” class=”ja-content-bottom clearfix”>
<div class=”ja-moduletable moduletable clearfix” id=”Mod230″>
“

[tfosnom Friend tfosnomJoin date: October 2010Posts: 742Downloads:0Uploads:31 Thanks: 145 Thanked: 200 times in 94 posts]

#448538

<em>@konsulenten 313977 wrote:</em><blockquote>See source-code of: http://www.arctic-council.org/index.php/en/about/press-room Somewhere porn-links have been injected. Where are they and how can we prevent this from happening again? Thanks. Regards, Reidar Nygård</blockquote> I confirm the links exist in the source code for the page I’ve edited the links so the editor doesn’t parse the links etc. In source code is setting links to not display and color to white to match background. <blockquote>cruxelectronics.com/”xxxxxectronics bestxxxxcures.com/”bestxxxxcures.xxxxxsexvideo.com”youporn deutsch.xxxxx.com”free porn video.sxxxxxx.net”porno/.xxxxxpornvideo.net/”deutsch porn.xxxxxxpornvideos.net/”german porn.kxxxxxx.tk”poxxxxe.xxxxx.net”sex hikaye.xxxxxxxx.com”escortbayanixxxx.com/”free porn</blockquote> Looks like the share button and script may be at fault, the div structure in source around the share button looks suspect, I’d remove the share button and any code that links to the http://www.addthis.com/bookmark.html. Hope this assists and you get it sorted, please let us know if you solve it Regards Shane

[konsulenten Friend konsulentenJoin date: June 2010Posts: 15Downloads:0Uploads:1 Thanks: 3]

#448548

Hi again

Removed the AddThis, but links are still there.

Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere.

Regards
Reidar

[tfosnom Friend tfosnomJoin date: October 2010Posts: 742Downloads:0Uploads:31 Thanks: 145 Thanked: 200 times in 94 posts]

#448555

<em>@konsulenten 314019 wrote:</em><blockquote>Hi again Removed the AddThis, but links are still there. Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere. Regards Reidar</blockquote> Hard to diagnose. I had something similar but my host found it and fixed it. Go to ftp and look at your folder structure, look for anything unusual I think mine was a subfolder under a rarely used folder , checkdate and timestamp in logs etc Cheers Shane

[konsulenten Friend konsulentenJoin date: June 2010Posts: 15Downloads:0Uploads:1 Thanks: 3]

#448559

Does there exist an overview of how the Pages are built in T3 framwork (Community Plus template)?

Reidar

[Sherlock Friend SherlockJoin date: September 2014Posts: 11453Downloads:0Uploads:88 Thanks: 221 Thanked: 2478 times in 2162 posts]

#449453

Hi Reidar,

In T3 framework, the pages are generated through jat3 system plugin that involved quite a lot of php files, I think you can check those files templatesyour_templateindex.php, files under the folder of templatesyour_templateblocks, files under the folders
pluginssystemjat3jat3base-themesdefaultblocks and pluginssystemjat3jat3base-themesdefaultpage

[Author]

Posts