You are here: Home Support Forums JEvents (Free Forums) Pre-Sales List of Events from eventcreator ical export
Recent
Categories
Tags
You need to be logged in to view a user's profile.
View Replies (6)

Resolved Infected file was uploaded to mod_jevents_cal sending SPAM

0
Votes
Undo
  1. compsos
    compsos
  2. Contribute to JEvents
  3. Monday, 16 May 2016
I received an email from CERT Australia specifiying:

"the national computer emergency response team (CERT), has received information indicating that your website has been compromised by the malicious 'Stealrat' remote access trojan (RAT). Websites compromised by Stealrat typically contain malicious PHP files that have been installed on the web server. Further information about Stealrat can be found by searching for "stealrat botnet".

Please note that simply removing the malicious PHP files will not make your website secure. There is a security weakness with the site that was exploited in order to install the malicious files, and this weakness must be remediated to prevent future compromises.

The malicious Stealrat files that have been identified on your site are listed below:

/ modules / mod_jevents_cal / tmpl / default / global.php"

It was jEvents v3.1.12 that was installed when this attack happened.
The jEvents on this infected website is now up to date and clean.

I was just letting you know to tighten the security of this module. Thank you for providing the module.
Integration JFBConnect from SecureCoast
Cancelling JEvents Club Subscription
Responses (6)
tonyp
tonyp
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Hello,

That file actually doesn't exist in JEvents and is likely part of a much bigger problem with your site.

JEvents has quite a tight policy on security and we always use the Joomla! MVC and functions which clean most atracks.

I would suggest hardening your website and making so everything is up to date whilst profaning a full malware scan.

Many thanks
Tony
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!
  1. more than a month ago
  2. Contribute to JEvents
  3. # 1
compsos
compsos
Accepted Answer Pending Moderation
0
Votes
Undo
Hi Tony,

Thanks for your time to respond.

Yes, it's true that file doesn't exists in JEvents and was just injected somehow.
The Joomla and jEvents are now up to date, we just couldn't update previously as the hosting server doesn't have the required PHP version.

It's good to know that JEvents has a tight policy on security.

Would you have a suggestion for the full malware scan?

Many thanks.
  1. more than a month ago
  2. Contribute to JEvents
  3. # 2
tonyp
tonyp
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
Hello Compsos,

What I have found in many cases is that the script which is allowing the injection is way way from where these malicious files are located, as if the hacker / bot uploaded the script into the same directory of the script they are using to inject then it would be easy to find and fix. So they tend to upload tens of files maliciously and then come back to them a few months later to play havoc as you likely won't have a backup old enough to restore and update.

The key is to be kept up to date. I would advise using the likes of watchful.li, doing a full malware scan. This checks the original checksums of the Joomla! files.

You should then look at the likes of Akeeba Admin tools to improve your .htaccess security, whilst using the WAF (firewall). Once that is done, you can then setup the filewatcher. If any files are modified since the lastscan it will notify you of the file that has been modified.

Many thanks
Tony
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!
  1. more than a month ago
  2. Contribute to JEvents
  3. # 3
compsos
compsos
Accepted Answer Pending Moderation
0
Votes
Undo
Hi Tony,

Thank you very much for that. I will have a look at watchful.li as well.
Have a great day.

Regards,
Shiena
  1. more than a month ago
  2. Contribute to JEvents
  3. # 4
tonyp
tonyp
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
An you too Shiena, you are very welcome.
JEvents Club members can get priority forum support at the Support Forum. As well as access to a variety of custom JEvents addons and benefits. Join the JEvents club today!Join the JEvents club today!
  1. more than a month ago
  2. Contribute to JEvents
  3. # 5
carcam
carcam
Support Team
Accepted Answer Pending Moderation
0
Votes
Undo
You can also try MyJoomla.com Their service is much more security oriented and they offer one site scan for free.
  1. more than a month ago
  2. Contribute to JEvents
  3. # 6
  • Page :
  • 1


There are no replies made for this post yet.
Be one of the first to reply to this post!

Members Area

Show your support

Unlike many Joomla calendars we do not charge to download JEvents - please show your support for this project by becoming a member of the JEvents Club Club members get access to early releases, exclusive member support forums, and Silver and Gold members can use many exciting JEvents addons

Your membership will ensure that JEvents continues to be the best events calendar for Joomla.

Login Form