There was some code echoing an iframe and loading content from http://goooogleadsence.biz/
The code was inserted into
cms/code/LeftAndMain.php
cms/code/CMSMain.php
The iframe html code was then appearing before the DocType on the site.
Ryan
This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
There was some code echoing an iframe and loading content from http://goooogleadsence.biz/
The code was inserted into
cms/code/LeftAndMain.php
cms/code/CMSMain.php
The iframe html code was then appearing before the DocType on the site.
Ryan
Ryan helped to figure out this one...
the iframe from goooogleadsence(?) was created in cms/code/LeftAndMain.php
cms/code/CMSMain.php at the end of the file and index.html at the end of the file. It wouldn't let me log in and created all sort of errors. It redirected the site to ebay store. I think the origin is on a server, but not 100% sure.
Right, i was just typing the same thing!
Crikey,
How was someone able to write to those files? Take this up with your host. Sounds like the server is compromised.
Hi,
This virus is not related to the host, but its related to client side malware.
This can be detected through Avast (try free version and it works well). This malware gets the ftp details from the session, connects the site you last connected through ftp, downloads index.* (index.html, index.htm, index.php, index.aspx etc), inserts the iframe code and finally uploads back to the server.
This malware can be detected by avas and your system will be free from that, but it doesnt cure the files on the server.
To cure files on the server, I am trying to write a script from past few days and seems its going to work fine, just fine-tuning the script as of now and will be releasing it soon.
The script is written in php file, so if you have php support on your server, this script is going to fix your problems.
You can check back at www.yourjoomlapro.com for the release.
Regards,
Dave.
You are right,
It seems to be not a host.
I am pretty sure that it is not coming from my machine. The client has other sites running on the same account and i don't know who has an access to it... it could just spread out on my site? Or my machine? I have never dealt with things like that...
I am running scan regularly, but i am trying to use Avast as well.
your information is very helpful, i am very interested in that script you are writing!
Thank you,
Yulia
Hi,
The fix for the same is here:
This would help to fix the errors on the files corrupted on the server. Though, the malware on your computer or any of your client's computer needs to be fixed. It must be on any of the computer.
May be, checking the ftp log and ip would help you to trace the cause.
Regards,
Dave.
thank you!
btw, really like Avast.