I have a simple Joomla site, sometimes it dies. I found a file containing the following code:
if(date('s',time())%2==0) die();
I deleted the code, and then it appeared in another file.
When I download the site via Akeeba and install it on localhost, and then delete all the bad code then the site is clean (and the virus doesn't return). But in my server the virus is still active.
Any idea how to fix the problem?
Please help me!
You probably have a vulnerability in the website that a script or hacker is exploiting to reinfect the website.
Make sure you have updated to the latest version of Joomla in the series. For example this is currently Joomla 3.3.6 for the Joomla 3.x series.
More likely the issue is with a third party extension. Make a list of third party extensions via Extension Manager (the third party extensions are the ones that have something other than "Joomla Project" as the author). Remember that not all extensions use the Joomla updater so some updates have to be done manually. Run through the list and check that you are using all the latest versions. You can find the latest versions via http://extensions.joomla.org and/or the developer websites.
You should also check http://vel.joomla.org/ to ensure that you are not using any vulnerable extensions.
You should also reset administrator password(s), the database password and your hosting password.
Repeat the above steps for any other websites that share the same web hosting account.
Check that any CRON jobs in your hosting account are legitimate.
If you are serious about eradicating malware from your website, you should probably subscribe to myJoomla.com or have the website professionally scanned by Sucuri or some other security expert.
Alternatively, you may be able to eradicate the malware by deleting the website and restoring from a backup or deleting the website and rebuilding it from scratch taking care not to reintroduce the malware from backed up files.
Related
I have two openx 2.8 servers running here. The issue is that trying to open the admin page redirects me to the full path www.myserver.com/www/admin/index.php with blank screen. Still I can access www.myserver.com/www/images/, delivery etc. I tried a lot of stuff without any success.
this one doesn't work for me OpenX Admin not accessible
I had something similar happen to me last week. Check your configuration file in the /var folder of your openx installation, probably called something like www.yoursite.com.conf.php. Mine was corrupted. I suspect outside malicious activity, especially since there are known vulnerabilities in OpenX.. I'm currently looking at upgrading to Revive Ad server, which is the successor and is supposed to offer a complete upgrade path.
I'm not a php nor moodle developer. I worked as a python developer for many years and now work as a devops eng.
One of my clients uses the moodle framework for their site with no source control. I've spoken with their lead developer and he insists there's no way to have a moodle repo without the entire directory structure in the repository, that is all the auth, admin, backup, badges, etc directories, since many files in those directories have been touched by their development team
I did a file count and it's over 50K files, which is insane for a code repo.
Has anyone managed to solve this problem for a moodle site before? Specifically a clean CI process using source control?
I have been through a similar process on several occasions. Your best bet is to clone a clean copy of Moodle from the github repo. Then look at the version.php file on the client site to identify the exact version they are using. Next checkout that same version in the clean copy (use gitk to search for that version number). Finally copy across the code from the client site and then the standard git commands should allow you to audit what has changed and commit it in sensible steps.
Once cleaned up, keep all the changes in a branch.
Just today when I tried to access my site I got a warning saying my site has harmful content.
I have tried scanning the site with clamAV and some other online sites for virus scan but did not find anything. I submitted my site to Google and it is still saying it is malicious. There is no sample URL for the malware, it only says "Undetermined malware"
I am using WordPress, there was no plugin updated recently. How can I find which part of my site is infected?
I tried console of google chrome, tried installing new anti-malware plugin (nothing found), tried to scan the site with different other websites and such but nothing gave any positive result.
Security on a website is very different from security on a home computer. Fixing this will be hard for someone who knows what they are doing, you have a lot of learning to do ahead of you before you will be able to accomplish this effectively. As a first step you need to try to identify when the problem started and revert to an earlier backup. Then remove ALL plugins, upgrade your WordPress installation to the latest version then change all the passwords associated with your site, then ONLY install the absolutely essential plugins - and make sure its the latest production versions of these.
This might fix the problem.
I thought this had to be a common problem, but I was not able to find an easy solution. The problem is, we are working with multiple people on developing a website, without any version control involved. Which leads to obvious problems with conflicting edits and someone messing up the whole site with no simple way to recover. Currently some work with Filezila + Notepad++ directly downloading, additing and uploading the files.
Others work with Netbeans on their local copy and upload the files automatically when saving.
What I would like to do now is intruduce a version control system that still lets everyone work on the live system, but checks for conflicts and allows to rollback files to previous versions.
I tried to set up GIT with a post-receive hook that copies everything to the webroot, but failed in doing so. Besides I think SVN might be a better solution because everyone has just to checkout/commit instead of pull/commit/push.
Is it possible to set up GIT/SVN the way I like to?
Is there a better solution?
I have an SVN server setup and a cron job on the dev server to pull the latest revision out every 60 seconds. Then I have another script on the live server that isn't croned but I can manually run which updates the live server to the specified revision when I request it.
This allows the devs to commit and automatically test on the dev server pretty much real time and then when we've reviewed the code changes etc on the dev server and we're happy with it then I manually run the update on the live server.
The "common" problems come from you letting them work on live website ...
A developer on live will always find a way to ruin your day!
Basically I've got various projects all version controlled using subversion. This is for many reasons: backup of files in case of bugs/issues in the future; backup of files in case of local system failure etc; collaboration from others in the company; etc..
One of the systems we work with is Wordpress which does updates and installs plugins through its administration panel and such, plus on installing it the system creates various files (including a wp-config.php file and a .htaccess file). This means that on install there are files on the server integral to the running of the system which aren't on the local systems and aren't in svn. Plus any installed plugins and updates aren't mirrored in version control or the local copy.
Plus it feels wrong (specifically when you compare with data normalisation in databases and such) to be working with two copies of the same code - one in version control and one on the server.
So my question is am I using the tools in the right way? Is there any way that the public_html folder from the server can "point" to the latest version in the repo? Or can SVN be configured to read from the public_html folder and automatically add+commit any files created/edited on the server?
Or do people just literally download anything that gets changed/created and add them to SVN manually? Or do people not care? Maybe I've misinterpreted what SVN is for? I'm using it for backup effectively.
Thanks
Tom
I only have versioned my own wordpress theme. All the other stuff including the data is live on the server and solely backuped from there.
The code of wordpress and the plugins used are developed elsewhere, they have their own repositories, and i do not mess mine with code I never will touch.
The question is how to deal with configurations. I am currently running a wiki where I document all the plugins installed live and what configuration properties I have set up.
A sync of live to local then goes like this:
Update wordpress version and plugins to the versions written in the wiki
Setting all configuration options as written in the wiki.
Importing the data base (except wp_options). Converting the static URL of wp_content files to the local scheme.
Syncronisation of the wp_content directory
In many cases your hosting provides regular backup. But is you use VPS you have more freedom to do whatever you want. I have made my public_html folder under version control and created a small script to commit every night. So I can have a complete version history of my site with changes traced. You can also create a script just to copy this folder elsewhere. There may be other better solutions for enterprises, but this may be enough for small project.