Exploit Java Exploit (type 1718)
Permalink
Hi all
Earlier today I got reports that a site we have built in concrete5 is getting the above error in AVG anti virus protect.
Its suggesting some script is being accessed fromwww.www.nahoonservices/wp-content/plugins/rss-poster/sort.html...
I've replaced various bits of the site and cleared the cache but i'm still getting the error, the only folder that hasn't been updated is the files folder.
Anyone any ideas how I can track down the cause?
Earlier today I got reports that a site we have built in concrete5 is getting the above error in AVG anti virus protect.
Its suggesting some script is being accessed fromwww.www.nahoonservices/wp-content/plugins/rss-poster/sort.html...
I've replaced various bits of the site and cleared the cache but i'm still getting the error, the only folder that hasn't been updated is the files folder.
Anyone any ideas how I can track down the cause?
I located the code it was some javascript that created an iframe to call that page.
This has occurred on a second site we run for concrete5 too, but it appeared in the content block in the footer.
Could this be a loophole in concrete5 security or perhaps editors with infected computers?
This has occurred on a second site we run for concrete5 too, but it appeared in the content block in the footer.
Could this be a loophole in concrete5 security or perhaps editors with infected computers?
I'm sure its not the loophole in C5 security. Its a virus program which adds a script to call a third party site as an iframe. It often happens if you used to edit sites in unprotected computers.
Note: After removing the scripts, you must change all the passwords like hosting password, FTP password, dashboard password and install proper anti-virus to protect your computers. Also make it sure not to open share your password with others.
Rony
Note: After removing the scripts, you must change all the passwords like hosting password, FTP password, dashboard password and install proper anti-virus to protect your computers. Also make it sure not to open share your password with others.
Rony
Thanks I thought as much
I've seen things similar to this before.
Change all passwords, if you're unsure if you're resecured the hosting account, consider posting in the Jobs Board.
Change all passwords, if you're unsure if you're resecured the hosting account, consider posting in the Jobs Board.
Just speculating, could it be spurious, driven from an iframe or jsonp call?