#1  
Old 17th December 2012, 09:47
kangoo kangoo is offline
Junior Member
 
Join Date: Sep 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default itsnoproblemo

Unfortunately a website on our webserver (ispconfi3) is compromised with "itsnoproblemo" scripts.
What can we do against that. How can we identify the infected pages? The website is an Joomla website.

Regards Kangoo
Reply With Quote
Sponsored Links
  #2  
Old 17th December 2012, 11:02
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

How did you identify this infection and how did you locate it?
Did you verify if your joomla installation is fully up to date, incluing all plugins?
Do you have a backup that you could consider as clean?
Do you use mod_php or su_php?

I'd personally recommend at least wiping the whole joomla installation, create it up to date from scratch and migrate the content in. Its much time and effort but its a safer way to not have any backdoors in that area of the system.
generally spoken reinstall the whole server from scratch, and reinstall / copy alls applications ony by one after verifying them as good as you can, that they are clean.
Reply With Quote
  #3  
Old 17th December 2012, 18:41
kangoo kangoo is offline
Junior Member
 
Join Date: Sep 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hello,

i use fast.cgi and suEXEC. I got an mail from cert, that the server is infected and I see that there is a problem on our network monitoring system.

On the server ther are a view websites. so i do not exactly know which one is infected.

The Joomla installation is from a customer.

Regards Kangoo
Reply With Quote
  #4  
Old 19th December 2012, 15:08
Ben Ben is offline
Moderator
 
Join Date: Jul 2006
Posts: 1,029
Thanks: 7
Thanked 62 Times in 56 Posts
Default

Then you should also ask the CERT that informed you about the issue, if they can help you further how to nail down which web page / application is infected.

never the less you should consider reinstalling the whole server in parallel, as you do not know the level of infection. But I am sure, depending an what malware in particular is found on the system, the can give you further tips.
Reply With Quote
  #5  
Old 19th December 2012, 20:53
kangoo kangoo is offline
Junior Member
 
Join Date: Sep 2008
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Hello, i found the issue by using clamscan. The problem is solved.

Thank´s for help!

Regards
Kangoo
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:18.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.