Why is there forceDownload.asp in the libraries component

More
12 years 2 months ago #28650 by jdc18
Hi

I was exporting data from an old website I did 7 years ago. Basically it got hacked so many times that it was crawling with backdoors. Now I am working with joomla 2.5 and flexicontent, and I am extremly paranoid. I had to look at 7 years of images with hidden php backdoors.
Today I was looking at google analitycs, checking the errors of the site and many pages were linking forceDownload.asp. So i thought i imported some javascript in the database. I looked in the database there was nothing, then I found in /components/com_flexicontent/libraries/multibox/Scripts/forceDownload.asp forceDownload.aspx.
I look in other installations and they have that too.
So I thought I might installed from the same file that have that and did some google, and I found this on code.google.com/p/flexicontent/s ... .asp?r=945
Is this correct? Did we got compromise at the repo?

Please Log in or Create an account to join the conversation.

More
12 years 2 months ago #28651 by ggppdk
This file is included in the multibox library distribution, and it is unaltered

is your server capable of asp?

you could try removing to see if it is related


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
12 years 2 months ago #28652 by ggppdk
Also once hacked,

even if original security problem is closed or the original password stolen is changed

note that there is probably one or 2 backdoors left behind


-- Flexicontent is Free but involves a big effort on our part.
Like the our support? (for a bug-free FC, despite having a long list of functions) Like the features? Like the ongoing development and future commitment to FLEXIcontent?
-- Add your voice to the FLEXIcontent JED listing with a 5-star...

Please Log in or Create an account to join the conversation.

More
12 years 2 months ago #28653 by jdc18
Thanks, I was just being paranoid. I know my server is not asp capable, but last time this website got hacked, it had jsp, asp, and php backdoors. Since then I have seen tons of bots trying for numerous backdoors on my apache logs. I guess bots upload any type of file to the server once they found they can upload stuff, and then they keep on adding backdoors.

I found embebed javascript in my database which I had to clean manually before importing. I found .png and jpeg with php code, I found php code in the database too. It was a huge mess to clean that up.

Please Log in or Create an account to join the conversation.

More
12 years 2 months ago #28654 by jdc18
By the way I am doing this on a separate server too.
Thanks again.

Please Log in or Create an account to join the conversation.

Moderators: vistamediajoomlacornerggppdk
Time to create page: 0.432 seconds
Save
Cookies user preferences
We use cookies to ensure you to get the best experience on our website. If you decline the use of cookies, this website may not function as expected.
Accept all
Decline all
Essential
These cookies are needed to make the website work correctly. You can not disable them.
Display
Accept
Analytics
Tools used to analyze the data to measure the effectiveness of a website and to understand how it works.
Google Analytics
Accept
Decline