Strange file on my FTP - ftp

Can any one know what this file is about? http://www.symbios.pk/x.dep.PIE.htc? Is it safe to keep on server? I've never seen such before and this is one of highest accesses pages on my site.

At a fast glance, this looks safe and appears to stem from a CSS3 compatibility layer: CSS3 PIE. If you are worried, you can always re-download the file from the website and re-add it, but I would keep a backup first in case of any version incompatibilities.
The file on your web server doesn't match Beta 1.0.0's PIE.htc exactly but it is rather similar and it also already good to know that a .htc file does indeed come from CSS3 PIE. The extension of a file obviously doesn't say much about its contents but it's still reassuring to see that it is an expected file ending. (I've never encountered an .htc file before, so this raised some concerns for me.)
As for it being visited a lot, this doesn't have to mean anything. Possibly the file is being checked out by bots or someone is hotlinking your JS file; it's hard to say without context but if it's a JavaScript file from some framework you should be fine. The good news here is that this is JavaScript, so it can't compromise your server (but it could attack a browser loading the file).
If all else fails and you know where your pages use this file, you could try renaming the file so anyone hotlinking or just guessing for the existence of the file would have a tougher time. I don't really understand why someone would take interest in a small JavaScript file, though.
Interestingly, visiting your main page at symbios.pk doesn't load the file, though. Maybe some back-end module? If multiple people are working on the website, I would suggest asking all of the developers if they know about this file. It would be interesting to compare the creation date with that of similar files.

Related

Joomla 2.5.16 take up to 2min to load

A relative asked me to fixed a Joomla website (v2.5.16) who has been hacked last year, probably due to lack of update (is up to date now), unfortunately I have no information about this. The issue is that the front end take 2~ min to load. The administration is loading normally so whatever the issue is, it depend of the front end. I already disabled all modules one by one and switched the template with another one to make sure that thebug is not in template or plugins folders, without success.
I must add that the problem is "probably" more recent than the hack, according to this person. So maybe there was a script somewhere reaching a random server which may not work anymore.
PS : the website is on a shared hosting. I have the FTP access but no ssh.
I know that I don't give any details which can lead to resolve this, but I need more a method to track what can go wrong and where than a solution.
Thanks in advance,
We have written a lengthy post explaining why a website might be slow: http://www.itoctopus.com/20-questions-you-should-be-asking-yourself-if-your-joomla-website-is-slow
From the looks of it, it might that the website is still hacked. Try overwriting the Joomla files with a fresh Joomla install and see if that addresses the problem.
Solving this issue will probably involve some or all of the following:
updating Joomla and all third party extensions to the latest versions
checking for and fixing malicious files using http://myjoomla.com or
https://sucuri.net or similar
analysing the performance of the website using http://gtmetrix.com
(it's free) or similar to pinpoint and fix what is taking the most time to
load
If the website has been hacked, you may need to reset passwords etc once the malicious files have been removed. See https://joomla.stackexchange.com/a/180/120 for more information about securing the website once it is fixed.

Malicious code hidden in image

I've come across a dodgy file upload on our server. It is an image and the MIME TYPE checks out, though on the server it was also uploaded with the extension .asp and .cer.
On the surface its a photo some weird chinese symbols and the letters asp, though I am sure it is hiding malicious code. I did a google search by image and it came out in a few possibly unsecure directories in some other sites.
This is out of my league to even verify. Out of interest I opened the file in notepad and it has the clear string "Google" which only makes me believe more that it is malicious.
All I need to know is
1- is it malicious?
2-did it run and what did it do?
3- how do i protect against it?
I cant give the link to the actual file on my server since Its been removed, but I can zip and mail it to anyone who wants to take a look.
If anyone has some advise on where to start I would appreciate it.
Heres a link to the same image, which came up on my google search though this one most likely has different code injected
http://www.bakjuweel.be/ShowImage.aspx?img=/upload/fotogalerijen/13/3.asp;.jpg&w=135&h=111
UPDATE
After alot more research I have found that it had a modified header to inject code. I run it through virustotal.com and my suspicious were confirmed. https://www.virustotal.com/en/file/3eac6e45d5923632089b538ca86d576c9994bd25be7940165ec997484d7c6715/analysis/
What it does or whether it executed is still unknown
OK, the file was malicious it contained encoded php, all of which im not sure of there were far too many encoded layers. It created a backdoor that fetched and executed remote code. This file was not detected by any of our antivirus software, what gave it away way was <% eval(. was the only part not encoded.A hacker took advantage of a vunerability in an old version of FCKeditor to add and execute it. I am still looking for a way to prevent it in the future.

Magento site still not updating after changes to files

I have been trying to get my Magento site to take some changes but it is still not refreshing the changes. I have disabled caching and flushed all of them on every single occasion I have also cleared my browser cache and it still does not take changes. I have gone as far to delete several files from the server that the theme relies on but it still functions like nothing was ever removed! What could be my issue?
You keep editing those files. I do not think those files are the files you think they are.
You question is pretty short on details, but my first guess if your system is running with the compiler enabled, which means it's loading its class files from
includes/src
Googling around to learn about the compiler would be a good idea.
I'd try adding the following to the end of your index.php file
echo '<--';
print_r(get_included_files());
echo '-->';
This will list every file PHP used during the request. Compare the full paths with the ones you're editing, and I bet you'll find a discrepancy.

Show which images are used and which are unused in a website directory

This is a little bit of a strange question.
I've been working on a website and in it's early stages of development it went through some drastic redesigns (several of them in fact) and now the directory is bloated with images and assets which were part of the old designs. Some of these assets were re-used and some were not. The server space of which I'm uploading the website is smaller than the website at the moment and I know once I clear out the old assets that it'll fit on the webspace.
I'm basically wanting some magical tool to filter out which images have been used and which have not - so ultimately I can remove the ones that have not been used.
I ask it in this forum because if there isn't a magical tool to do this (I sincerely hope there is), I'll need to write some sort of script (PHP perhaps?) to accomplish this.
I have never found one, and tend to take the approach of manually removing old images that I can easily tell are no longer needed. And accepting that I will not get them all.
The reverse approach to this is to remove all of the images, and see which ones are needed ( using firebug or suchlike to identify missing images on the pages ).
The problem with an automated tools is that images in css and code may not be picked up. If you set an image in code, from a range of parameters, how can any tool find that?
I hope someone else can come along and prove me wrong....

akamai caching and site rendering

I am the web guy for a large TV station. Our site is cached by Akamai. Pages render perfectly in our testing environment (not cached) and on our "origin" page (again, not cached), but when they are viewed on our live environment (the cached site), they do not render exactly the same as how I coded them. Maybe it's a tiny bit of spacing, maybe it's a CSS element (backgrounds especially) not displaying, and worst of all, forget all about floating DIVs. It's insane how much table design I have to do because of the failure to float.
Does anyone else have experience with caching like this? Is there a tool I can use to see the changes in rendering?
There is no one I can go to for support, because the company doesn't believe the problem exists. Please assist if you can.
The site is built on a VB.Net backend that I do not have access to. I only have access to the front end.
I've been working on sites behind Akamai and can honestly say they don't mess with your code, so that's not the issue. It's more than likely one of the following:
You have a cache latency issue - You updated your html and css, and one of the two updated while the other is still cached by Akamai or using timestamps to increment dependent files. There are several solutions here including making sure to clear cache via Akamai's control panel as well as more programmatic ways of coding. Headers can also be used though not really a preferred way.
Absolute URL's - Relative url's are best when testing on multiple environments to ensure your pointing everything to the same environment.
This is definitely an environment issue not an Akamai issue.
Are stylesheets, Javascript files etc all loading correctly from Akamai?
Can you save a copy of a page retrieved directly from your "origin" server and a copy saved using Akamai, then use diff to look for changes?
And, most importantly, have you asked Akamai about it? It's not really a programming question :)
Download all files as static files from development and then from production. And use a tool like WinMerge to see the differences.
Also does this problem go away if you do CTRL-F5 to refresh the browser?
Perhaps Akamaia isn't seeing the updated versions of your CSS files that are <link />'d in your HTML code? It might be a good idea to embed a version number in the URL so that when you release an updated version of the HTML, it's always going to ask Akamai for a new version of the CSS as well (this applies to images as well I suppose).
Theoretically, Akamai should recognize updated caching headers that your web server sends but I've never worked at a job where we didn't have to have some counter-measures in place to make sure that we could force Akamai to refresh its cached version.

Resources