SOLVED backdoor.php.asq malware to hide in Roksprocket
-
-
- Riccardo
- Elite Rocketeer
- Posts: 1067
- Thanks: 21
-
I'm fighting to eradicate this malware: backdoor.php.asq
It is detected by BitDefender in the Roksprocket component folder
\templates\rt_plethora\roksprocket\layouts\lists\themes\default\conf-f0.php
and I ask if anyone has experienced the same situation... - Last Edit: 8 years 4 months ago by Riccardo.
- Riccardo Rausch
www.frontpageserver.it
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13481
- Web Designer/Developer
-
Since Joomla released 3.4.6 there has been an alarming rise in sites being hacked (3.4.8 corrects the issues so make sure you are using that).
It's nothing to do with roksprocket but rather that your site has been hacked and malicious files placed all over your site... we've seen lots of them and they tend to have weird filenames (not part of the plugin/extension in which they reside) and tend to have numbers in the filename "01" "02" etc.
I'm afraid it's just a laborious job to go through all your site and try to find the malicious files.
I suggest that you get a good security product such as Akeeba Admin Tools Pro or RSFirewall too. Of course, you should also change you passwords too.
Regards, Mark. -
The following users have thanked you: Riccardo
- Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
-
-
- Riccardo
- Elite Rocketeer
- Posts: 1067
- Thanks: 21
-
Thank you Mrt for your support. I have a habit to move me on my PC in armored terms against the malware; I use now for many years BitDefender and many anti-rootkit tools, etc. that guarantee me clean machines. Passwords are long, casually composed and NOT mathematically combined.
This infection comes certainly from a backdoor inside/hidden in the cms or from a managed account - from the client or from my collaborator.
I asked this question to gather more technical informations. Maybe be able to have some details on the origin and / or the exact location of this script and how it works. - Riccardo Rausch
www.frontpageserver.it
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13481
- Web Designer/Developer
-
bitdefender is only going to protect your PC - not your server? What security product do you have on your server - that's where the hack took place and that's where you need a security product such as Akeeba Admin Tools Pro or RSFirewall.
Regards, Mark. -
The following users have thanked you: Riccardo
- Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
-
-
- Riccardo
- Elite Rocketeer
- Posts: 1067
- Thanks: 21
-
The server is managed by my provider, that monitors the traffic for any misuse. The server operating system is protected with a antivirus software (I do not know which) but, it seems, does not cover individuals accounts/customers; ...because this malware has not been reported.
I used, years ago, some Ak**ba products until I had severe damage on several websites precisely because this software (I think was Ak**ba Backup) had a malware. Since that time, I haven't use products of Ak**ba. As I wrote in another thread with you, I try to use a specific and limited number of web software suppliers (cms and templates) - especially in payment and they have demonstrated long-term safety - and Rockettheme is one of these.
However I have already asked my service provider for a reliable security solution on server side. I'll see what he me propose in the coming days. - Last Edit: 8 years 4 months ago by Riccardo.
- Riccardo Rausch
www.frontpageserver.it
-
-
-
- jtechmedical
- Hero Rocketeer
- Posts: 434
- Thanks: 15
-
Fritz wrote:
I used, years ago, some Ak**ba products until I had severe damage on several websites precisely because this software (I think was Ak**ba Backup) had a malware.
I have used Akeeba Backup for many Years there has never been any malware in that software or in any of their other products. They produce some of the highest quality and most secure software you can get for Joomla.
Same with RokSprocket and Rocket theme products, no malware ever. In both cases something has lead you to get hacked (likely some poorly coded, and highly vulnerable extention).
I would recommend looking into a service that can truly help you with your security issues and identify the real root cause. Try this one, fix.myjoomla.com/
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13481
- Web Designer/Developer
-
Fritz - I have never heard of Akeeba products ever containing malware either. Even if it did (you said Akeeba Backup) I would expect that it had been infected as (again) a lack of adequate security on your Joomla environment (i.e. it's not the fault of Akeeba but rather the lack of a Joomla security product that lets a hack take place, once in they infect random files all over your site).
Using well known suppliers with a good reputation is very laudible but it does not protect you from being hacked. To stop that you need a Joomla security product installed in your Joomla instance. Even if you host has other security products on the server itself it is again unlikely that they offer sufficient security protection for your Joomla instance.
I personally use Akeeba Admin Tool Pro (AATP) on all my client sites. I review the logs from these often, one look at the logs would convince you just how important it is to use such a product. The number of hack attempts I get daily (thwarted by AATP) is breathtaking.
I strongly urge you to install a Joomla security product - otherwise you will be hacked again (they have hacked you once and now know you're an easy target, and word will spread).
Regards, Mark. - Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
-
-
- Riccardo
- Elite Rocketeer
- Posts: 1067
- Thanks: 21
-
Your words convinced me to reconsider my position on this team. I want to test willingly this security software on some of my websites. Maybe on my personal blog that I am developing over the kraken profile (once the gantry framework ends his continuous errors!).
Which membership package advise me among the many that are offered? - Riccardo Rausch
www.frontpageserver.it
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13481
- Web Designer/Developer
-
Please understand that this is my personal recommendation and RT is nothing to do with Akeeba.
See my screenshot for your two options:
1. Akeeba Admin Tools Pro AND Akeeba Backup
OR
2. Akeeba Admin Tools Pro on it's own
If you need help with these products after purchasing you should ask Akeeba and not RT.
Regards, Mark. - Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
-
-
- Riccardo
- Elite Rocketeer
- Posts: 1067
- Thanks: 21
- Thanks MrT! I will do this test. The support for Akeeba seems limited to the ticket, but I'll see...
- Riccardo Rausch
www.frontpageserver.it
-
Time to create page: 0.062 seconds