I did a lot of research on this and it appears people who use Avast or AVG seem to have had the same problems with ebay over the years with this JS: redirect in one variation or another. I called Ebay support they said to stop using Firefox! I want to continue using Firefox so please someone with knowledge or experience with this please respond. I tried another new computer and it gives same message on firefox with Avast.ĭo you think this is a false positive with Avast? I've tried everything including a complete restore of my computer. Malawarebytes detects nothing wrong with my computer. However i can indeed sign in and use ebay normally. This happens only at when I click on the 'login' from the main site ( Avast sometimes comes up with the message 'Threat secured We safely aborted connection to because it was infected. I have a computer with Windows 7 using Firefox Quantum 63.0.3 (64-bit). I know that IPSwitch offers an FTP program that will do SFTP as well.I'm new here been using Firefox for a number of years. Move away from FTP and use something that has SFTP or SCP. This is why sometimes you'll get a site cleaned, but as they upload a new javascript menu file, for instance, that is the only file that contains the malscript. Or we've also seen cases where it automatically looks at the FTP traffic and adds their malscripts (malicious javascript) to certain files as they're being uploaded. While we haven't been able to isolate the virus, we've found that people who's websites have been compromised are typically using a PC that's infected with something that sniffs the FTP traffic and obtains the username and password, then the cybercriminals (hackers, crackers, whatever) use their automated systems to continually re-infect your website. FTP sends username and password in plain text. Too often people think that FTP is a safe and secure protocol - it's not. What we have found is that it's not the hosting provider, it's not some vulnerability in the software (Drupal), it's not some hole in a plugin - it's the PC you're using to send the files up to the server. We scan them for vulnerabilities and find they are relatively secure. We have been seeing a lot of websites getting compromised. Some one please help as this is causing av of many legit users problem in visiting the sites. What are the possible files that can give rise to the code when the page is generated? How can an internal search be made on the drupal files - downloading and searching by windows search do not show the malacious code. The hosts say they have no other cgi, files etc that can cause this and apprentlyĬhecking the web directory gives no suspicious file. This issue is reported in avast forums also ( do a google search on JS:Redirector-G ) The thing but in drupal apparently it still persists even after cleaning index files or freshly uploading js files. NewThis is happening with new installation of latest 5x drupal as well as other pages/scripts.įor some pages/scripts cleaning the index files ( index php, index.html) etc corrects \modules\img_assist\drupalimage\editor_plugin_src.jsĬan anyone tell me how the page is generated and where this could be coming from? It has been inserted between the end of the and the start of the tags \modules\img_assist\drupalimage\editor_plugin.js \modules\img_assist\img_assist_tinymce.js \modules\img_assist\img_assist_textarea.js These are some of the corrected files, I have checked that they are still uninfected: The problem is that the code is still showing up in the browser right after the tag and I need to find where this is in the code or database Once this has been fixed I'll upgrade but I need to find the problem first. If it is an FTP based attack that won’t prevent it happening again but at least I can identify the files and rectify it quickly now. I’ve removed the code and write protected the files in case it was a SQL injection attack. I have downloaded the site and run TextCrawler which identified 17 infected files I have been asked to support an old version of drupal 4.7.4 which has been infected with JS:Redirector-G This may not be drupal problem but ftp attack or sort of itīut need some urgent help to clean drupal or any module or utility in drupal As version could not be changed I am repeat posting for drupal 5x ( and may be 6x also)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |