-
AuthorPosts
-
April 16, 2012 at 1:31 pm #176180
See source-code of: http://www.arctic-council.org/index.php/en/about/press-room
Somewhere porn-links have been injected.
Where are they and how can we prevent this from happening again?
Thanks.
Regards,
Reidar Nygårdchavan Friendchavan
- Join date:
- October 2014
- Posts:
- 4612
- Downloads:
- 0
- Uploads:
- 110
- Thanked:
- 1440 times in 1290 posts
April 16, 2012 at 4:04 pm #448523I don’t see anything like that. hope your site is currently clean…
Please check again….
April 16, 2012 at 5:39 pm #448533Hi again
Page: http://www.arctic-council.org/index.php/en/about/press-room
Source-code.Lines : 546 – 570…
Se excerpt.” <p class=”readmore”>
<a href=”/index.php/en/about/press-room/400-stockholm-polar-week-26-29-march-2012″>
Read more…</a>
</p></div>
</div>
</div>
</div></div><a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.unece.net/” title=”united nations”>unece</a>
<div style=”display:none”>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://cruxelectronics.com/” title=”cruxelectronics”>cruxelectronics</a>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://besthealthcures.com/” title=”besthealthcures”>besthealthcures</a>
<a href=”http://www.deutschsexvideo.com” title=”youporn deutsch”>youporn deutsch</a>
<a href=”http://www.onetones.com” title=”free porn”>free porn video</a>
<a href=”http://www.sendesik.net” title=”porno”>porno</a>
<a href=”http://www.deutschpornvideo.net/” rel=”follow”>deutsch porn</a>
*<a href=”http://www.germanpornvideos.net/” rel=”follow”>german porn</a>
<a href=”http://www.kralkafe.tk ” title=”siki� izle, turk porno, sex izle, xnxx, xhamster”>pornoizle</a>
<a href=”http://www.kralsikis.net ” title=”siki� hikaye, turk porno hikaye, sex hikaye, xnxx hikaye, erotik”>sex hikaye</a>
<a href=”http://www.hemenescortbul.com ” title=”escort, turk escort, escortbayan, bayanescort, istanbulescort”>escortbayan</a>
<a href=”http://www.incips.com/” title=”free porn”>free porn</a>
<a href=”http://www.kralcafe.info” title=”porno izle” rel=”friend met”>porno</a> ,
<a href=”http://www.esikisizle.org” title=”porno izle” rel=”friend met”>porno</a>
<a href=”http://www.pk5.net” title=”xxx”>xxx</a>
<a href=”http://germanboom.com” title=”german boom”>german boom</a>
<a href=”http://xfreepornvideos.net” title=”youporn”>youporn</a>
<a href=”http://girlfingeringgirl.com/Teen-porn-category1.html” title=”teen porn”>teen porn</a>
<a href=”http://virginsexstory.com” title=”virgin sex”>virgin sex</a>
<a href=”http://sexpornerotic.net” title=”porntube”>porntube</a>
</div>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.healtvideos.com/” title=”worldehealth”>worldehealth</a>
<a style=”font-size: 0pt; color:#FFFFFF;” href=”http://www.hivvids.com/” title=”hiv videos”>hiv videos</a></div>
<div id=”ja-content-bottom” class=”ja-content-bottom clearfix”>
<div class=”ja-moduletable moduletable clearfix” id=”Mod230″>
“tfosnom Friendtfosnom
- Join date:
- October 2010
- Posts:
- 742
- Downloads:
- 0
- Uploads:
- 31
- Thanks:
- 145
- Thanked:
- 200 times in 94 posts
April 16, 2012 at 5:57 pm #448538<em>@konsulenten 313977 wrote:</em><blockquote>See source-code of: http://www.arctic-council.org/index.php/en/about/press-room Somewhere porn-links have been injected. Where are they and how can we prevent this from happening again? Thanks. Regards, Reidar Nygård</blockquote> I confirm the links exist in the source code for the page I’ve edited the links so the editor doesn’t parse the links etc. In source code is setting links to not display and color to white to match background. <blockquote>cruxelectronics.com/”xxxxxectronics bestxxxxcures.com/”bestxxxxcures.xxxxxsexvideo.com”youporn deutsch.xxxxx.com”free porn video.sxxxxxx.net”porno/.xxxxxpornvideo.net/”deutsch porn.xxxxxxpornvideos.net/”german porn.kxxxxxx.tk”poxxxxe.xxxxx.net”sex hikaye.xxxxxxxx.com”escortbayanixxxx.com/”free porn</blockquote> Looks like the share button and script may be at fault, the div structure in source around the share button looks suspect, I’d remove the share button and any code that links to the http://www.addthis.com/bookmark.html. Hope this assists and you get it sorted, please let us know if you solve it Regards Shane
April 16, 2012 at 6:13 pm #448548Hi again
Removed the AddThis, but links are still there.
Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere.
Regards
Reidartfosnom Friendtfosnom
- Join date:
- October 2010
- Posts:
- 742
- Downloads:
- 0
- Uploads:
- 31
- Thanks:
- 145
- Thanked:
- 200 times in 94 posts
April 16, 2012 at 6:25 pm #448555<em>@konsulenten 314019 wrote:</em><blockquote>Hi again Removed the AddThis, but links are still there. Wich .php-file is building the actual content in these pages? I suspect there is an inject there somewhere. Regards Reidar</blockquote> Hard to diagnose. I had something similar but my host found it and fixed it. Go to ftp and look at your folder structure, look for anything unusual I think mine was a subfolder under a rarely used folder , checkdate and timestamp in logs etc Cheers Shane
April 16, 2012 at 6:31 pm #448559Does there exist an overview of how the Pages are built in T3 framwork (Community Plus template)?
Reidar
Sherlock FriendSherlock
- Join date:
- September 2014
- Posts:
- 11453
- Downloads:
- 0
- Uploads:
- 88
- Thanks:
- 221
- Thanked:
- 2478 times in 2162 posts
April 21, 2012 at 7:26 am #449453Hi Reidar,
In T3 framework, the pages are generated through jat3 system plugin that involved quite a lot of php files, I think you can check those files templatesyour_templateindex.php, files under the folder of templatesyour_templateblocks, files under the folders
pluginssystemjat3jat3base-themesdefaultblocks and pluginssystemjat3jat3base-themesdefaultpage -
AuthorPosts
This topic contains 8 replies, has 4 voices, and was last updated by Sherlock 12 years, 8 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum