Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersExploit attached to Website - Need advice or assistance removing
networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

#115315 21-Mar-2013 14:01
Send private message

I have a client who runs a support site based on what we think is Kayako (A proprietary helpdesk software encrypted with Zend which makes searching for the exploit even harder because everything is encrypted.).

It appears through some method not clear to us at this stage, a malware kit has been inserted, something like Sweet Orange. It's possible it's because the code base underneath has been 

It manifests itself in appending a <script> section to the webpage (after the closing </html> tag). But it doesn't always do it, it's either random or some more sophisticated algorithm.I can't find it anywhere in .php files so I suspect it's either encrypted or stored in the database as part of template. I think it's out of our level of expertise, wondering if anyone here has some advise or could offer some assistance? 

Create new topic
mattwnz
20141 posts

Uber Geek


  #784988 21-Mar-2013 14:14
Send private message

Is it using the latest version? If not you need to run the latest version, as the old one possibly has a security hole? Kayako would be the company you need to contact for support on their software.



nunz
1421 posts

Uber Geek
Inactive user


  #786358 24-Mar-2013 19:24
Send private message

Can you do the folllowing?

1 - Remove your code base and reinstall it - gets rid of the chance of it being in your code.
2 - Run an sql search across your content db. Specifically search for the <script>..... string that appears.
3 - Check your htaccess files and rewrite rules.

4 - does it happen on all browsers and on multiple clients? Is it possible it is being brought in via thrid party include / from adverts or similar?

Shane

jarledb
Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #803046 21-Apr-2013 13:30
Send private message

Not sure if they support your platform. but Sucuri does a malware scan and removal service. They support many different platforms. Check out http://sucuri.net/




Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.



networkn

Networkn
32349 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #803049 21-Apr-2013 13:33
Send private message

Hi, in the end, the vendor wasn't much use and the customer decided to cut their losses and restore to a month earlier version of the site, and then update the platform. Sorry I didn't update sooner.

jarledb
Webhead
3253 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #803050 21-Apr-2013 13:38
Send private message

If they care about uptime and catching things quickly then it might be worth spending 90 USD a year to have their site constantly checked and have someone on call if something goes wrong. In the 90 USD there is cleanup included.

I have only used the service a short while, but they seem updated on the threats that are out there, and for WordPress (Which is what I mostly work with) they have good plugins and setup to monitor the health of the site.




Jarle Dahl Bergersen | Referral Links: Want $50 off when you join Octopus Energy? Use this referral code
Are you happy with what you get from Geekzone? Please consider supporting us by making a donation or subscribing.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright