Fixing a scripting vulnerability in Joomla
One of our former clients let us know that a viewer to their website had been alerted to a virus.
As I still have access to the site, I quickly looked to see what was on the remote server and noticed a file called “spongy47.html” in the document root.
This file appears to run a script from a so-called “adult” domain (interestingly it doesn’t appear to have been bought yet – and no, I’m not interested in buying it!). And don’t get me started on the meaning of “adult” here!
The content of the file is simply (domain deleted):
<html><head><script>location = ‘[some dodgy domain]’;</script></head></html>
Naturally, I’ve removed it and asked everyone to change/upgrade their passwords.
Perhaps this is just getting ready for an exploit, as that domain isn’t registered yet. I couldn’t find any references on the web to either the filename or the dodgy website.