I released a new Yii-based web application a few days ago. It was put on a shared server where an existing Joomla installation has been running for years - and continues to run.
Today the Ajax calls stopped working. I had updated two or three php files, but the Ajax calls were in unrelated files. I debugged the calls using Firebug and found that they were returning into the error section with a JSON parse error. The errorThrown is:
Note the script tagged on to the end. This all points to a malicious site.
I have no idea how to even begin solving this problem. The hosts (Bluehost) say I should wipe the site and then rebuild - but I don’t know if I will be simply restoring the malicious code when I restore.
One more bit of information: a few months ago, when I clicked on a link to the site (Joomla) AVG reported it was a link to a malicious site. Then the problem went away.
Any insights and suggestions will be greatly appreciated.
This is usually from older scripts on your server being attacked. For example, while the Yii framework build that you have may be fine and up to date, possible your Joomla site is not or a script that you were using somewhere within the site was not. This can even happen with custom scripts you make that you don’t maintain. What essentially happens is attacks find ways to use those breaches and exploits to gain access to your server in order to run their own scripts. In this case, their script runs a code that appends scripts to all your pages, be it php or html or any other language.
The only true way to prevent this is to ensure your sites are up to date and your scripts are secure. The malicious script in itself on your site is not something you can prevent because it wasn’t applied through your site, it was applied directly on it once attackers gain access.
This was a big problem about a year ago, lots of sites got hit for that. Common free based code frameworks were hit hard, like PHPBB (forums), and I believe Joomla was on the list as well.
To completely clean it you may have to have a service rep from your hosting do a scan from their end on your directories. Hope that helps.
I actually want to remove Joomla completely and replace it with a Yii-based CMS. I’m not sure if there is one that is mature enough yet though. Any recommendations?
Not sure, there is http://www.flexicacms.com/ that a user posted here in the forums somewhere that they built off of yii. And it’s free for personal use so it depends on what you’re using it for.
In all honesty, building the CMS wouldn’t be that hard, all the major work for CRUD statements are done when you compose models and apply that logic. You just have to customize things like user authentication and then build exactly what you want your CMS to do.
If you want something that will be fun, easy for you to understand and progressive to exactly what you need, then I’d recommend making a whack at making one yourself
If not check the Yii extensions area or try that flexica.
I filled out the form, (the fields were not mandatory on this form) clicked on Send, and got another error message, see below :
Fatal error: Access to undeclared static property: CommentService::$result in /home/giahan/public_html/protected/modules/Support/services/CommentService.php on line 47
Tried to find an email address to send the feedback and could not find one. Maybe somebody here can forward this to them…
When I was trying to send you the feedback about the problems I ran into, I found "webmaster@flexicacms.com" somewhere on your website, and so I tried standard email to send you the message, and that came back as undeliverable also. So you might want to search for that in your app.
Seriously making a fullblown CMS like Joomla is a HUGEEEEE effort. I tried several times for personal project since I was never satisfied with the current CMS And given up all the time because lack of time.