Support

Admin Tools

#15116 Warning malicious files found under your account on server

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by user67498 on Friday, 22 February 2013 04:06 CST

Friday, 22 February 2013 03:36 CST

user67498

Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the tickets before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 2.5.9
PHP version: 5.3.19
MySQL version: 5.0.95
Host: (optional, but it helps us help you)
Admin Tools version: 2.4.4

Description of my issue: My account blocked twice this month because of admintools_breaches.log

I received the following message:

Your account yyy hosted on server xxx
 is hosting the follwoing malicious files/scripts :

{HEX}base64.inject.unclassed.7 : /home/yyy/public_html/logs/admintools_breaches.log

I have the specific file and I can send it you if  you want.

Thanks

Friday, 22 February 2013 03:51 CST

nicholas

I've seen that before. Your host is doing something stupid. They are using an autoated file scanner without properly configuring it.

This is a log file of all hacking attempts launched against your site. It contains the raw query strings found in those requests. It is a .log file which is non executable and located inside a directory which is not publicly accessible. Your host must add this file to their whitelist. Good luck with that. In the previous identical case the host claimed that they can't configure their automated scanner. Your only workaround is turning off Admin Tools' logging which also disables the automatic IP ban and makes Admin Tools half-useless as it can no longer block IPs causing repeated security exceptions on your site.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 22 February 2013 04:06 CST

user67498

Thank you Nicholas. I will contact them :)

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!