| Posted by VIETHOSTING, 12-24-2011, 03:55 AM | | Hello,
Recent, we have a box with cpanel running hosting for joomla, all sites on have malware now, i have try some ways to clean, but cant clean all, and we cant do it manually too. This is details about that malware:
In /tmpl/default.php, /templates/template-name/index.php
And in /templates/template-name/index.html:
Any solutions to comment out that code or remove it from muti accounts? Sorry for my english, Thank for help !
|
| Posted by Steven, 12-24-2011, 04:03 AM | | If all of the site's have malware you have a bigger issue happening.
|
| Posted by VIETHOSTING, 12-24-2011, 04:13 AM | | Yes, this box has around 80 joomla sites, they have the same problem. I can comment out the js script code from html, but with php code in other file, not yet have a good way to remove or comment out, due to that file is .php and have many
|
| Posted by oxcommerce_com, 12-24-2011, 05:38 AM | | Maybe you hv to refer the original code.
|
| Posted by VIETHOSTING, 12-24-2011, 02:23 PM | | I have idea that i will try using sed command delete muti lines from line x to line y when they insert to same file index.php, index.html and default.php. I will give a try and i will update this if it can be help.
Last edited by VIETHOSTING; 12-24-2011 at 02:27 PM.
|
| Posted by khunj, 12-25-2011, 03:51 AM | | You should not use shell commands for that.
This kind of hack has been used very often lately and it is always located in the middle of the code and that can be tricky if you aren't used to clean up the mess.
Write a simple script - Perl or even PHP - that will do it (and will backup the files prior to any modification).
And also, I think you should check for outdated timthumb scripts on each Joomla installation.
|
| Posted by fshagan, 12-25-2011, 12:15 PM | | Editing PHP files can be hard; one mistake and the file is broken. If you're not a PHP programmer, and know how Smarty Templates work, editing them can be a huge hassle.
Can you overwrite all the PHP files with verified clean copies directly from Joomla? That may be easier than manually editing the files. Your customers will have to re-do any modifications they have made to the files.
You can also do a grep from the command line to find the string that identifies the infection. Do this from the /home folder:
There's a space between the last quote mark and the period.
You will (eventually) get a list of all files with that string in them. I suspect with 80 sites, you will have hundreds of files to deal with. You might want to redirect that command into a text file for easier reading.
|
|
 Add to Favourites
 Print this Article
|
