Text only | Text with Images

VirtueMart Forum

VirtueMart 2 + 3 + 4 => Security (https) / Performance / SEO, SEF, URLs => Topic started by: ptitcali on May 18, 2012, 13:14:16 PM

Title: compromised links
Post by: ptitcali on May 18, 2012, 13:14:16 PM
Hi there

I have a problem which worries me: when I go on the live update page, most of the links are then compromised, linking to custard, online pharma stores and prn websites.

This seems to happen only on the live update website.

I've tried to check .htaccess documents or look for links, it doesn't seem to have anything wrong, so I don't know how this happens.

FYI, I have joomla 2.5.4 and VM 2.0.6 (just upgraded from 2.0.2, the problem was already there)
Thanks for your help...
Title: Re: compromised links
Post by: jenkinhill on May 18, 2012, 13:49:56 PM
Which live update page is that? If the VM live update page then the only link I have is to http://virtuemart.net/downloads/virtuemart-releases/virtuemart-2-0-6/com_virtuemart.2.0.6.tar.gz  (I have VM2.0.7c but have never seen anything other than correct links).

Sounds like you site has been hacked? Are other link pages OK?
Title: Re: compromised links
Post by: ptitcali on May 21, 2012, 17:43:33 PM
Hi Jenkinhill

I mean, also the links of the menu of Joomla get compromised (Site, user, menu)

It's the only page where it does this, so I've trouble understanding what's going on..

Joomla and VM are both up to date, so I don't know how I would have been hacked... I've checked for things in the DB or the whole website, but couldn't find anything...
Title: Re: compromised links
Post by: ptitcali on May 21, 2012, 17:45:17 PM
links seems fine (if I go on them with the mouse, they show correctly), they just drive to the wrong page.

It was like the .htaccess file was compromised. I've checked it and there's nothing wrong...
Title: Re: compromised links
Post by: jenkinhill on May 21, 2012, 18:45:38 PM
Try on another computer & different browser.
Title: Re: compromised links
Post by: ptitcali on May 21, 2012, 19:34:29 PM
Already tried...
:-/
Title: Re: compromised links
Post by: jenkinhill on May 22, 2012, 14:01:08 PM
Using a different computer rules out malware affecting your browser, so the conclusion must be that there has been a hack of your site. The most recent general attack of servers/sites was with .htaccess redirect but you say that ,htaccess is OK? There is not more than one .htaccess file in root or one elswhere in the installation?  ( http://boardreader.com/thread/Joomla_htaccess_hacked_j0i5Xf45c.html )

You need to do more detective work looking in the database and in the Joomla and VM files.  Note that tyours is the only report I have seen of such an issue.
Title: Re: compromised links
Post by: ptitcali on May 22, 2012, 20:15:51 PM
Now this is getting really strange...

I've restarted with a clean install, other said:
- erased all data
- erased all DB
- reinstalled a clean Joomla
- reinstalled a clean VM and VM aio
and I get the same

Checked my computer for virus - nothing found.
What else shall I do?
Title: Re: compromised links
Post by: jenkinhill on May 27, 2012, 23:35:58 PM
Did you erase all .htaccess files as well? That is the only possibility left. Apart from your browser cache.
Text only | Text with Images