Keyword

Malicious code inserted into K2 pages

More
5 months 1 week ago #167797 by Greg
Greg created the topic: Malicious code inserted into K2 pages
Hi!

Something puts russian links onto my K2 pages.

I tried to post this on this forum with code too, but the forum rejects it as malware. :)
So I posted it on Stackoverflow, here is a link:

StackOverflow question about this problem

My problem is, I cannot find out, what puts the russian links inside that div, which belongs to /components/com_k2/templates/default/item.php

Any idea how to find it and get rid of it?

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167802 by Krikor Boghossian
Krikor Boghossian replied the topic: Malicious code inserted into K2 pages

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167813 by Greg
Greg replied the topic: Malicious code inserted into K2 pages
Nope, sorry, my template doesn't have an override for K2. Checked each template, and nothing.

Checked each javascript referenced on my page, nothing.

So, what changes that div inside K2's item.php?

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167828 by Krikor Boghossian
Krikor Boghossian replied the topic: Malicious code inserted into K2 pages
It can be a template file, a php file which is triggered externally, or a malicious 3rd party K2 plugin.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167851 by Greg
Greg replied the topic: Malicious code inserted into K2 pages
1. Template doesn't have override for K2.

2. Can you help, what to look for in the code? What can put that many text inside the div? Searched my whole server for the pertinent parts of that code (the russian links change, the HTML code around them doesn't), but found nothing.

3. Not using any K2 plugins except the built-in ones.

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167861 by Krikor Boghossian
Krikor Boghossian replied the topic: Malicious code inserted into K2 pages
Can you send me a link to your site?
Have you looked at your JavaScript files?

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
5 months 1 week ago #167874 by Greg
Greg replied the topic: Malicious code inserted into K2 pages
epicgenerator.net/index.php/gallery/season-1/season-1-fantasy

My original post also has a link to a stackoverflow question, which has the relevant code to look at.


I have checked all .js files on that page, specifically for preg replace, but this is why I'm asking you, I'm not a coder and I don't know how something like this can be done at all.

What method can it use to put the code inside that div?

Please Log in or Create an account to join the conversation.

More
5 months 3 days ago #167924 by Krikor Boghossian
Krikor Boghossian replied the topic: Malicious code inserted into K2 pages
Hello,

Apart from a gallery there are no links present.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

More
5 months 2 days ago #167941 by Greg
Greg replied the topic: Malicious code inserted into K2 pages
The gallery is a K2 page.

If you use Chrome, right-click the pagination, Inspect it, and

The article part of K2 closes after the pagination, and the next div that opens, is the class clr in question, that has the unwanted code.

Please Log in or Create an account to join the conversation.

More
5 months 2 days ago #167947 by Krikor Boghossian
Krikor Boghossian replied the topic: Malicious code inserted into K2 pages
epicgenerator.net/index.php/gallery/season-1/season-1-fantasy?template=protostar
With the default template (no overrides) the code is not there. This mean that the issue lies with the template.
You need to address this issue to the template's developer.

IMPORTANT: Please search the forum before posting a question!

JoomlaWorks Support Team Member

---
JoomlaWorks
www.joomlaworks.net/

Please Log in or Create an account to join the conversation.

Moderators: william white