Support

Admin Tools

#27284 sucuri and siteground listing site as having malware

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 08 March 2017 02:08 CST

Tuesday, 07 March 2017 17:42 CST

Shriek
Hi.
Sucuri and Siteground are reporting a site at sirtrack.co.nz as having malware with this message:

Internal Server Error 500-error.php?warning.500_internal_error.1 http://sirtrack.co.nz/404testpage4525d2fdc ( View Payload )
Internal Server Error 500-error.php?warning.500_internal_error.1 http://sirtrack.co.nz/404javascript.js ( View Payload )

Site error detected. Details: http://labs.sucuri.net/db/malware/500-error.php?warning.500_internal_error.1
HTTP/1.1 500 Internal Server Erro

When I delete the htaccess file created by admintools the warnings go away and site reports clean, so I presume its not actually infected, and admin tools didn't come up with any changed files. I rolled the site back to last week, before it was getting the prob, but didn't make a difference. Is there something I should change in the htaccess file creator?
I realise this is an old site and they were supposed to be moving somewhere else by now...
Thanks for your help
Andrew

Wednesday, 08 March 2017 01:58 CST

nicholas
These files ARE NOT created by Admin Tools. So it's possible that your site is hacked for a very long time. Therefore all backups taken since it was hacked will contained the hacked code, hence restoring the site results in your site being reported as hacked. Moreover, the PHP File Change Scanner only works on .php files. Therefore it makes sense that it didn't warn you about a Javascript file being changed or added: it's not going to scan these files.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 08 March 2017 02:03 CST

Shriek
Hi Nicholas.
I didn't mean that admin tools created those files. Those files aren't actually on the server anyway. I think Sucuri use them as dummy urls or something - not really sure. Site turned up clean when I asked siteground to scan. Like I said though, I deleted .htaccess and rescanned with sucuri and it came up clean. Created htaccess with the htaccess maker in admin tools and it showed up again.
Thanks
Andrew

Wednesday, 08 March 2017 02:08 CST

nicholas
If the files are not on the server and you are sure that the site is clean then you have a problem with Sucuri. I think you're confused. We are Akeeba Ltd, not Sucuri Inc. Please direct your support questions regarding Sucur's products to Sucuri, Inc.

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!