فتحات العرب Joomla! • Index page: Security in Joomla! 3.x • Stack of malicious code located in Jl3.2 install

Tuesday, December 24, 2013

Security in Joomla! 3.x • Stack of malicious code located in Jl3.2 install

Hi

Help please... my webhost found this and suggests there is a lot more. How can I effectively clean up this install please.. only components I have added is:

Jomsocial

Nivo Slider,

Digital Store and

Easyblog







It seems that there are A LOT of php files exploited in your Joomla installation. Some of them are:



/includes/database.mysqli.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/mambo.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/database.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/Archive/Tar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/mygoogleads.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/kunena.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/myblogtoolbar.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/nicetalk/jax.nicetalk.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/twitter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/community/wordfilter.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/domit/xml_domit_rss.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/domit/xml_domit_rss_lite.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/domit/xml_domit_lite_parser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./includes/domit/xml_domit_lite_include.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

/plugins/editors-xtd/myphotos.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors-xtd/jcommentson.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/user/joomla.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/user/jcomments.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/user/example.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/user/jomsocialuser.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/none.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/xstandard/directory.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

e64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/fr.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/en.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/de.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/lv.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-tw.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/hu.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/langs/zh-cn.php: Suspicious(base64_decode): hp eval(bas

./plugins/system/Zend/Service/Nirvanix/Exception.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/Image.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/VideoResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/PageDataResultSet.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/InlinkDataResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/Result.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/ImageResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

./plugins/system/Zend/Service/Yahoo/NewsResult.php: Suspicious(base64_decode): hp eval(base64_decode("DQplcnJv

Statistics: Posted by reyach — Tue Dec 24, 2013 7:07 pm








via Joomla! http://forum.joomla.org/viewtopic.php?t=830514&p=3120990#p3120990

No comments:

Post a Comment