So, I've just started working with a new Joomla site, and something we've added has started hijacking various parts of the site and added links to various places we don't want. Unfortunately, I can't give out a link to the live site right now, but I can describe the problems:
In the footer, where it should say "Designed By: " and the name of the place we got our template from, it leaves the "Designed By:" but removes the name of the template author, and instead puts in two links (not giving the hijacker any more hits but here's the text of them), "online album" and "check whois"
When we hover over the site name, the alt text is set to "Forex Trading Home" which is most certainly not what it should be.
Finally, when you hover over the "Home" item in the main menu, a dropdown appears after a short delay, with a link to "cpanel reseller hosting" inside it.
Now, I'd like to get rid of these advertisements, but I've got no idea where they are coming from. If you guys know some commonly-hijacked files I can search in, or good debugging tricks to find them (I've tried FirePHP, but haven't had much success with it) I'd be much obliged. Unfortuantely, since a few people have been working on the site simultaneously, we're not really sure what extensions could have caused it (if that is in fact, the problem) - but all of them seemed ok, and came from the main Joomla extension site.
EDIT:
Here's a list of the modules I know were installed before we noticed the spam problems start happening:
EasyTemplate.
EasyTemplate - MultiPlugin
mod_picasaslideshow
Content - Picasa Album Embedding
Other than that, everything else was installed after the problems started, or was a theme that has since been uninstalled (and hence, I don't know what it is anymore). The theme that's on it now, I've looked at thoroughly, but is version of this Martial Arts Theme with a lot of modified images (and one change in the php from a .gif to a .png)
EDIT EDIT: So, still looking, but seems an older version of picasa2gallery (we had a new version at one point, but uninstalled it) had an LFI vulnerability. Perhaps that was the source. In any case, I think I'll be doing a full wipe, and just start over, really.
So, turns out the correct answer was "none of the above", not that I noticed that until after I erased everything to remove the hack.
Once I restored the theme, and nothing else, I noticed that the "hack" spam links were back, way too fast to even be an automated script.
That's when I discovered that there was a .gif file in the images directory that contained the "bad" PHP code to include the spam links. Ironically, the code they were using to make it was particularly bad, so at least I got a good laugh out of this long ordeal.
Moral of the story: Don't get themes from ThemZa, and if you do, be prepared to dig through them for cruft, if you like the way they look.
Your complete Joomla installation seems to be hacked, follow the guidelines what you should do now (re-installing and securing)
Check the server access logs. You'll most likely see accesses to a particular component (look for the com_* in the URI) that are excessive, or just out of place.
When this has happened to my sites it has been a particular component that hijackers are searching Google for (i.e. com_virtuemart was the last culprit) and then they attempt their exploit on the component hoping it is a flawed version.
If you can't positively identify and fix the hole they broke in through, it's likely the reinstall Tobias P. recommends is the only safe way. If somebody has access to files on that level, you have a big problem. You will need to identify which way they come in. This could have a multitude of reasons:
Somebody exploiting a Joomla security hole (or one in a plug-in)
Somebody having gained access to the FTP account through spying on a client computer
Somebody exploiting a weakness in the server software
this is most likely somebody exploiting a Joomla hole, and there's probably no reason to panic. But you definitely should find out, or do a reinstall. Maybe you'll find more specific help on the Joomla forums or with your ISP.
While you're at it, best change all FTP passwords too, just to make sure.
Good reading at Google: My site's been hacked - now what?
Related
I am trying to contribute to open source particularly Firefox(Mozilla), I have done my installation and set up but I have a challenge determining where to look in the codebase to find the file where a bugs occurs in order to propose a patch. I would greatly appreciate general guidance on how to proceed. This is my first time attempting to contribute to open source with Firefox.
Basically, upon seeing the bug as reported in Bugzilla(a website where mozilla bugs are reported), I am clueless on how to proceed from there.
welcome to SO!
I know that contributing to such a big codebase can sometimes feel overwhelming, but I can guarantee you that the Firefox devs really appreciate the efforts you are already putting (and will put!) in your contribution. So.. thanks for the help!
General tips
Firefox codebase is huge, complex and has many moving parts. Downloading and getting Firefox correctly built locally is already a big step forward, and will save you time later. If you haven't done that already, consider doing it!
Read the How To Contribute Code To Firefox documentation page. It gives a good overview of how a code contribution process looks like in Firefox.
Don't feel shy about asking questions! The bug on Bugzilla (or the github ticket) is usually a good place to ask specific questions or general directions on how to fix a bug in Firefox, and folks are generally friendly, inclusive and happy to support you support them!
a. If you don't receive a direct response within a few business days (usually 2-3) from somebody on the bug, chances are the notification got swallowed in the "immense sea of notifications, emails, messages"(tm) that devs receive. See the next section about reaching out.
How to find who to talk to?
Who knows about a specific part of Firefox or any Mozilla product? This could seem like an hard thing to figure out, but there's a few tips.
If the bug report is on Bugzilla, good people to talk to would be the Reporter (if they are a Mozilla contributor) or the Triage Owner.
Mentored bugs are bugs that were triaged by the dev teams and that were designated to introduce folks to the codebase. For this bugs, a "Mentor" is usually shown under "Assignee" in the "People" section of the bug. That's a good person to ask questions!
Mozilla publishes the list of folks who are responsible about components in Firefox. You can find who to talk to based on where the code is/the bug was filed and then consulting this page.
You can send direct request over Bugzilla to individuals, they are called "needinfo requests". After logging into Bugzilla, on the specific page of the bug you need information on, scroll to the bottom. Type your question in the "Add comment" section, tick the "Request information from" checkbox and either pick the role of the person you want to flag from the dropdown, or select "other" and paste an email address there (that you have identified using the previous points). If the person is on bugzilla, the text field will autocomplete and show the relevant person.
If all the above fails, you can rely synchronous communication and chat with the devs over here in the # developers channel.
How to find what code to change?
If it's not in the bug, ask the reporter or the person responsible of that section of code. For bugs marked as "mentored", ask the assigned Mentor!
If the bugzilla bug doesn't mention specific files and you want to find out yourself without reaching out, your best ally is Searchfox. You can type some keywords from the bug at the top of the page and wait for the results in the codebase to come in. This is highly effective! If the bug asks changing CSS files, for example, you could add a file filter like *.css in the top right.
Another pro-tip is looking at what other bugs in that same bugzilla product/component touched. You would find that by clicking on the arrow next to the component, then picking "Recently Fixed Bugs in This Component": it will show a list of fixed bugs, you can pick one or more, then look at the attachments.
Hope this helps!
I know very little about coding, I'm afraid, and most of what I do know is on the front end, so my knowledge of Ruby is approximately nil. A while ago, though, I modified a plugin script for xbar as best I could because the default wasn't working--basically, the default script called for giving a URL in the dropdown menu when a Wanikani review showed up, but I couldn't find a way for that to happen so I instead did a janky but functional workaround where the plugin just checks for a review and if there is one it uses system("open", "https://www.wanikani.com") to open a window. That's all fine, it works okay even if it's a bit annoying.
That said, there are a number of Wanikani scripts that don't work properly on Safari, so I've been wondering whether I could get this plugin to open the url in Chrome instead when a review shows up, even though my system's default browser is Safari. Doing some poking around, it looked like there could be maybe some options if I used some other gems, but I've not had any luck getting anything external to work with this plugin...probably because I have no idea what I'm doing, but even so.
tl;dr Is there any way with just Ruby to specify a browser and use it to open a URL?
I'm a bit wary of showing the code just because, well, it's not mine, but noting the original code is by Github user Nzebo and I've only made a mess of it, the applicable section is here:
# calculate the next time a review is available
def calc_next_review_time
next_review_time = Time.parse(#summary['data']['next_reviews_at']).localtime
if next_review_time < Time.now.localtime
system("open", "https://www.wanikani.com")
else
next_review_time.strftime(' %l %p')
end
I very much apologize if this is a super silly question, or if it's...taboo to ask questions about modifying other people's code for personal use? (It hasn't been updated in four years, otherwise I would've put in a request or something, but...) Anyway, thank you for your time!
I recently installed a Firefox extension and noticed that it was doing something very odd in the background.
I'm a web developer and use Wordpress mainly. One day I was working on a page in WP admin and switched to the Text rather than Visual mode so I could edit some HTML. I noticed a load of junk html in there hidden using display:none
The class names rang a bell, it was the name of the extension I had installed several weeks previous
I immediately uninstalled the extension but of course it was too late. Since it was injecting code right into the text entry boxes in Wordpress, all that junk got saved with my pages. I had to weed through dozens and manually delete this junk, which in some cases had affected the layout.
I contacted the developers, and they gave me some rubbish about it being totally normal, everyone does this sort of thing, its within the Mozilla dev terms, and that it was a feature not a horrific Malware as I was putting forward.
In this case it was just html/css, but what if they were injecting JS/php etc, they could be causing all kinds of damage
I just wondered from a development perspective what peoples thoughts were. Is this legal?
Many thanks in advance
The best course of action is to spread awareness. I would not do here, but maybe write a detailed article explaining which extension it is, what it does, how, why it's bad, how to get rid of it, and alternatives.
Medium, your own blog, Hacker News and other social outlets will certainly be welcoming of such informations. The developers are very well aware of what they are doing so don't expect them to broadcast it and/or take action.
Be also sure to read their ToS again, see what you agreed to. If something seems suspicious you can talk to a lawyer or probably report them, altough this is beyond what I know.
I am a Mozilla Addon reviewer. Please report your findings as Abuse report and/or addon review (it will be read).
As a web developer I use Firebug constantly, and I've had just about enough of these persistent errors/warnings that always show up no matter what. One of them is the "The Components object is deprecated" error (which should be a warning) and the other is "Exposing chrome JS objects to content without exposedProps_ is insecure and deprecated".
I've taken a screen shot of the three items I get all the time no matter: http://snaps.vertigofx.com/009/snap1330_2013-03-27_06.54.41.png
Sometimes I get other errors/warnings, too, and like the ones I already mentioned they are not related to anything I am working on, so I just have to try to ignore them. However no matter how "used to them" I may think I be, when I see that red text I automatically think I've broken something and it just bugs me.
I just recently upgraded Firefox to 19.0.2. Before that the errors/warnings were even worse, but they're still not gone. I've found one forum thread on the internet regarding the "Components object" one and the original poster said he got it to go away but wasn't specific enough on what that was.
Anyway, if anybody knows what I can do to rid myself of these, I would really appreciate it.
I've Googled around a bit on this issue and haven't been able to come up with anyone else having an issue to this one, so a) I apologize if this is a known issue; and b) I'm thinking this proves that I must be doing something horrifically wrong, yeah? :-)
My application has a very rich landing page which is the first page that is shown after a new launch. It has a panorama control, a large background image (but much smaller than the 2000x2000 limit) and recurring and ongoing animations. Prior to updating my tools to the January refresh, this page ran relatively smoothly. After updating and running the app in the emulator, the background of this page is white (despite the fact that the emulator is on the "dark" theme), performance is quite poor (both in terms of swiping through the panorama and in terms of my recurring animations). When I run the same project on my device, all is well (since, quite obviously, my device's OS is not on the updated image).
Clearly I must be doing something grievously wrong to merit such a cataclysm, but I'm not sure what it might be. I've tried disabling bitmap caching in the places where I'm using it, removing third party tools I'm using such as Peter Torr's awesome tilt effect and his memory usage counter, and several other hail-Mary-style moves, and the problem remains. I also looked through the provided resources and change log to see if perhaps something related has changed, but I didn't see anything.
I'll try to provide example code later if it would be of any use to any would-be saviors out there, but the app is pretty complex and large in terms of lines of code and file size, so it might be a bit tricky. i just thought I'd toss this out there and see if anyone might happen to see it and think of an obvious solution.
Thanks so much in advance for your time and help.
P.S.: I cross-posted this question on the official WP7 dev forums. Sorry if that's against the rules - I'm not a regular SP-poster, as you can tell. If it's a problem, let me know and I can delete the other post.
I was ultimately able to resolve this by creating a brand new project using the updated tools and copying my code, assets, and relevant project settings into it. The app now runs flawlessly on the emulator (or, at least, the flaws in it are my flaws and not the emulator's :-)).
I believe I originally created the project on an earlier version of the SDK, so maybe I had some kind of invalid or incorrect project settings. If I get a moment later, I'll compare the project files to see if I can identify a setting or difference that explains the disparity.
Thanks to all who looked (and to Matt, who even responded :-)). I'll report back if I have any more information that might be of help.
UPDATE: Updating for anyone who might be having this issue as well - my resolution above was a false positive. Creating a new solution and copying stuff in does indeed work, but only until you save and close the new solution. Upon reopening, the problem recurs. Grrrr. I'll post back if I come up with anything else.