iframes on index.php

**Hektor** · 10-07-2007, 02:57 PM

I'm running Joomla on my server and every once in a while I'll notice external pages loading on my webpage. When I look at the source there are iframes attached to the bottom of it that should not be there. I am curious to know how they are getting there and what I should do. Anyone had this problem before? How can I fix it? I've chmod'd my files to 655 but it still happens.

powerspike · 10-11-2007, 08:33 PM

try chmod 444, this removed write access from the files, and leaves read access there. You'll probley find that one of the pieces of websoftware you have has a sec hole in it, i would recomend you goto each website of each piece of software, and upgrade them to the latest versions, also you might find that mods or plugs for various software might be the way in as well.

Jordan · 10-12-2007, 06:10 AM

644 might work also if your server isn't running phpsuexec. But, if your server is running phpsuexec and they are attacking your site as powerspike mentions "444" would be the best route.

Jordan · 10-18-2007, 07:42 AM

If you are running an old version of Joomla! I found that the .htaccess file needs to be updated.

Add this to the bottom of the .htaccess file:

Code:

########## Begin - Rewrite rules to block out some common exploits
#                              
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
# 
########## End - Rewrite rules to block out some common exploits

Original Link and Author: http://forum.joomla.org/index.php/topic,75376.0.html