Where to find and fix malware infected files in Joomla 2.5 - joomla

I am trying to remove the line of code below that has been inserted into several pages on my Joomla 2.5 site:
<div class="top">
<style>
div.links {
width:150px;
height:1px;
padding:0px;
font:11px Tahoma;
overflow:hidden;
}
</style>
Sucuri states that this code is is in several pages such as:
http://www.mrvtv.com/index.php/public-documents
http://www.mrvtv.com/index.php/board-of-directors
and several others with urls like this. My problem is that I do no know where or how to find these pages in Joomla to remove this code. I have looked at all the index.php files but they don't look like the page source code where i can see the offending lines.
Thanks for any help out there with regards to finding these pages and fixing them.
Very best,
Jo

The easiest way to find the files it to use SSH/Shell access and searching through all of them using grep.
SSH into your server using an SSH client, such as Putty
Run the following command:
grep -R 'div.links' /path/to/joomla
If done correctly, it will output a list of all the files containing div.links.

Another way to identify modified files is to use Phil Taylor's tool at http://myjoomla.com - the tool can help revert modified core files back to their original state and your first audit is free.

Check the index.php file of your template.
You do need to update though, and I'd replace all files with fresh. ALthough it seems like a strange thing for someone to do.

Related

How to use d3's zoomable-sunburst

I'm trying to use zoomable suburst to display some data. I've generated the json file and am able to use the site to display my data. Now I'm trying to do this on my local machine, but am not sure of the correct way to go about this.
I think there are a couple of ways of going about this. One would be to just dump the js code into a js file and import it into an html file. I've seen some implementations on github give me the ability to do this, but they are not as clean as the one i've found on observablehq. And I'm unable to get the one on observablehq to work locally doing a copy/paste.
I also see an option on observablehq where i can download the code. I did that and the readme that came with it says that i need to run it on a server (ex. python -m http.server), but when i run the server from the folder containing the downloaded code, i keep getting a bunch of
code 404, message File not found
Now I'm a bit confused. I'd like to know the "right" way to go about using zoomable sunburst to show my data, and if it's at all possible to run this on my local.
Any suggestions/advice would be great. Thanks.
I'm super late to the party, but here is what was the problem for me :
I was running python -m http.server in the wrong directory, i.e the directory that didn't have index.html file inside. on I ran it in the directory that had the index.html file it worked perfectly.
hope this helps someone!

Joomla K2 meta property="og:description" Hacked

We use Joomla and K2 for our website. On this page website in the the meta property="og:description" has been hacked and it shows this content="buy zolpidem us zolpidem online... And wo when we post to Facebook we get this text in the description.
Any idea where to look for this text and delete it? I have searched and found the K2 file that pulls the text. I just dont know where the text lives.
Thanks,
John
I just had this happen with Wordpress... in my case deleting and reinstalling the Facebook plugin fixed this particular issue. The strange thing was the FB plugin wasn't modified in any way.
The larger issue was the site had been hacked - which in your case is almost certainly true as well. I'm not familiar with Joomla, but scan the rest of your files/folders for malware or suspicious code (and your site structure for invisible files and folders (beginning with a '.'), possibly reinstall your files, check your htaccess file to make sure nothing has been added, check the registered users on the site -- any suspicious admins? -- and change your passwords.
In other words, this is a symptom of a greater problem, and not the problem itself.
Here is what I did. I had the hosting copy run a grep to search on my web data for the string containing the malicious text.
Once we found the files I used clean PHP files from another Joomla instal to overwrite the hacked files.
The hacked PHP file was pulling a string of malicious text from a text file named value(s)
I then backed-up the website and installed another layer of security called Admin Tools. The Pro version cost money but could be used on as any websites as I needed.

URL in Joomla does not work

I have a live joomla website which i copied on my development server which has the URL "dev.xxx.ch". The base site works but when i click on a link it fails. The link is generated right: dev.xxx.ch/gyger/ but then the sites goes to xxx.ch
Can anybody fix me?
Check your configuration.php file in your root directory. This line should say:
public $live_site = 'http://dev.pingag.ch';
If it doesn't change it. With that said, that's not the only thing you need to worry about. Make sure you have followed the proper directions on copying over a site.
I also highly recommend using Akeeba backup. It is free and takes care of everything for you. Really the only way to go. Although a word of warning with Akeeba backup, make sure to follow the documentation carefully, it will save you tons of time.

PHPcrawler - tmp file

I downloaded the latest version of phpcrawler, and I can access a test website of my own.
I only have an image and some text on this site, I run the crawler and I receive the text minus the image because I did the proper $crawler->addNonFollowMatch("/.(jpg|gif|png)$/ i");
I cannot get it to save the tmp file It does not save the unique tmp file in the folder I run the crawler from, I have tried to save a named file no luck.
I did run into many depreciated errors on different lines in all the php files, for example: #fopen, the # cause problems in different area's. I use PHP and can also do Regex.
David.
I answered my own question, since I see that PHPCrawler questions really do not get answered; I saw a question from last year not answered. I will answer it also, though it might be too late to do any good. This is the answer.
I added in a modified phpcrawler I adjusted for my needs:
$fp = fopen('c:/test/poopoo.txt','w');
fwrite($fp,($page_data['source']));
fclose($fp);
You put it before flushing the file and create your instance of class.
I found out using PHP Simple HTML DOM Parser from this project works well. If you need more control use RegExp, but that does have a steep learning curve.

Remove file extension from a URL

I am trying to make my site look more professional by removing the html endings from the pages..
ex. just leaving at http://33tpm.com/es/tienda
All the answers Ive found so far are so confusing that I don't really understand anything..
Can someone please help me out?
Thank you
Thomas
It's hard to answer this without knowing what web server you are using.
On Apache, you would usually use mod_rewrite to change the appearance of URLs without changing the underlying file structure. An example of hiding .html would be:
RewriteRule ^/some/directory/(.*)$ /some/directory/$1.html

Resources