Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersExploit attached to Website - Need advice or assistance removing


16520 posts

Uber Geek
+1 received by user: 4614

Trusted
Lifetime subscriber

Topic # 115315 21-Mar-2013 14:01
Send private message

I have a client who runs a support site based on what we think is Kayako (A proprietary helpdesk software encrypted with Zend which makes searching for the exploit even harder because everything is encrypted.).

It appears through some method not clear to us at this stage, a malware kit has been inserted, something like Sweet Orange. It's possible it's because the code base underneath has been 

It manifests itself in appending a <script> section to the webpage (after the closing </html> tag). But it doesn't always do it, it's either random or some more sophisticated algorithm.I can't find it anywhere in .php files so I suspect it's either encrypted or stored in the database as part of template. I think it's out of our level of expertise, wondering if anyone here has some advise or could offer some assistance? 

Create new topic
13799 posts

Uber Geek
+1 received by user: 1717


  Reply # 784988 21-Mar-2013 14:14
Send private message

Is it using the latest version? If not you need to run the latest version, as the old one possibly has a security hole? Kayako would be the company you need to contact for support on their software.

983 posts

Ultimate Geek
+1 received by user: 214

Subscriber

  Reply # 786358 24-Mar-2013 19:24
Send private message

Can you do the folllowing?

1 - Remove your code base and reinstall it - gets rid of the chance of it being in your code.
2 - Run an sql search across your content db. Specifically search for the <script>..... string that appears.
3 - Check your htaccess files and rewrite rules.

4 - does it happen on all browsers and on multiple clients? Is it possible it is being brought in via thrid party include / from adverts or similar?

Shane




nunz

 
 
 
 


Try Wrike: fast, easy, and efficient project collaboration software
Webhead
1928 posts

Uber Geek
+1 received by user: 577

Trusted
Lifetime subscriber

  Reply # 803046 21-Apr-2013 13:30
Send private message

Not sure if they support your platform. but Sucuri does a malware scan and removal service. They support many different platforms. Check out http://sucuri.net/




Jarle on Twitter - Senson NZ - WordPress experts



16520 posts

Uber Geek
+1 received by user: 4614

Trusted
Lifetime subscriber

  Reply # 803049 21-Apr-2013 13:33
Send private message

Hi, in the end, the vendor wasn't much use and the customer decided to cut their losses and restore to a month earlier version of the site, and then update the platform. Sorry I didn't update sooner.

Webhead
1928 posts

Uber Geek
+1 received by user: 577

Trusted
Lifetime subscriber

  Reply # 803050 21-Apr-2013 13:38
Send private message

If they care about uptime and catching things quickly then it might be worth spending 90 USD a year to have their site constantly checked and have someone on call if something goes wrong. In the 90 USD there is cleanup included.

I have only used the service a short while, but they seem updated on the threats that are out there, and for WordPress (Which is what I mostly work with) they have good plugins and setup to monitor the health of the site.




Jarle on Twitter - Senson NZ - WordPress experts

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Opera launches new mobile browser: Opera Touch
Posted 25-Apr-2018 20:45

TCF and Telcos Toughen Up on Scam Callers
Posted 23-Apr-2018 09:39

Amazon launches the International Shopping Experience in the Amazon Shopping App
Posted 19-Apr-2018 08:38

Spark New Zealand and TVNZ to bring coverage of Rugby World Cup 2019
Posted 16-Apr-2018 06:55

How Google can seize Microsoft Office crown
Posted 14-Apr-2018 11:08

How back office transformation drives IRD efficiency
Posted 12-Apr-2018 21:15

iPod laws in a smartphone world: will we ever get copyright right?
Posted 12-Apr-2018 21:13

Lightbox service using big data and analytics to learn more about customers
Posted 9-Apr-2018 12:11

111 mobile caller location extended to iOS
Posted 6-Apr-2018 13:50

Huawei announces the HUAWEI P20 series
Posted 29-Mar-2018 11:41

Symantec Internet Security Threat Report shows increased endpoint technology risks
Posted 26-Mar-2018 18:29

Spark switches on long-range IoT network across New Zealand
Posted 26-Mar-2018 18:22

Stuff Pix enters streaming video market
Posted 21-Mar-2018 09:18

Windows no longer Microsoft’s main focus
Posted 13-Mar-2018 07:47

Why phone makers are obsessed with cameras
Posted 11-Mar-2018 12:25


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.