Malware - Question | JoomShaper

Malware

GrafiekCC

GrafiekCC

SP Page Builder 1 week ago

Hi,

A lot, lot of files detected. Examples in hidden content.

How to delete and/or how to fix?? Is there possibly a patch for? Or a update within the fix is build? I reaf the code for in .htaccess file, but doens not work for me. Frontend/backend out>white screen

The most versions i use 6.6.2 and 6.6.0 Also older sites (J3)/PHP 7.4.x/8.1.x with versions 3.8.10 (Yes i know it's old)

So, what to do?

0
5 Answers
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227701

Hello,

We sincerely apologize for the inconvenience caused.

This issue has been fixed in SP Page Builder v6.6.2. Once you upgrade to v6.6.2, this specific vulnerability can no longer be exploited.

However, if your site was compromised before upgrading, simply updating the extension will not remove any malicious files or backdoors that may have already been uploaded. If those files remain on the server, attackers may still be able to access your site. Therefore, it is important to perform a complete cleanup before considering the site secure. Please follow the cleanup guide here: https://www.joomshaper.com/forum/question/45152 You can also use the following security scanner to help identify malicious files and delete them: https://github.com/zkrana/joomla-security-scanner Please make sure to read the README.md file in the repository for instructions on how to run the tool. After completing the cleanup and upgrading to v6.6.2, please let us know the outcome or if you need any further assistance.

We'll be happy to help. Thank you.

0
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227752

I reaf the code for in .htaccess file, but doens not work for me. Frontend/backend out>white screen

You can give HTProtect a try: https://htprotect.org/en/#htprotect I created it as an all-in-one solution to address the Joomla! security issues we've seen over the past few weeks.

Its .htaccess generator performs an HTTP 500 and redirect loop pre-check when applying the .htaccess protection shield, so it won't break your website.

0
GrafiekCC
GrafiekCC
Accepted Answer
1 week ago #227760

i don't understand it well. Sorry. I have to download that file (an .htaccess?) and place it instead of the existing one. Note i use admin tools, and made an by admintools generated .htaccess file. And what i have done is in the htacces maker in the section at the end placed that code/rules. And by save it brokes the site.

0
Ziaul Kabir
Ziaul Kabir
Accepted Answer
Support Agent 1 week ago #227803

Hello,

Thank you for the update.

The .htaccess rules are intended only as a preventive measure to help block similar exploit attempts. They do not remove malware that has already been uploaded, and they may conflict with custom .htaccess rules generated by third-party extensions such as Admin Tools.

Since your site displays a white screen after adding the rules, we recommend restoring your previous working .htaccess file first so your website is accessible again.

If your site has already been compromised, the recommended steps are:

  1. Restore a clean backup taken before the compromise, or manually remove all malicious files from the server.
  2. Upgrade SP Page Builder to v6.6.2 if you haven't already.
  3. Scan your site to identify any remaining malicious files or backdoors. You can use the Joomla Security Scanner mentioned above to assist with the cleanup.
  4. Once the site is confirmed clean, you may reapply the recommended .htaccess protection after verifying that it is compatible with your server configuration and any rules generated by Admin Tools.

Thanks

0
PH
Pascal - HTProtect.org
Accepted Answer
1 week ago #227761

And what i have done is in the htacces maker in the section at the end placed that code/rules. And by save it brokes the site.

Then delete .htaccess, reaccess the backend and try it without those section at the end stuff.

0