Pietroalberto Posted October 19 Share Posted October 19 Hi, I had my domain suspended for malware, this is the report: FILES INFECTED IN YOUR HOSTING ACCOUNT: ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ /home/cantina/public_html/themes/niara/header.tpl SMW-INJ-27348-js.spam.polyfill-3 Infected /home/cantina/public_html/themes/community-theme-default/header.tpl SMW-INJ-CLOUDAV-js.spam-27295-5 Infected /home/pcb/public_html/themes/berto/header.tpl SMW-INJ-27348-js.spam.polyfill-3 Infected /home/pcb/public_html/themes/niara/header.tpl SMW-INJ-27348-js.spam.polyfill-3 Infected /home/pcb/public_html/themes/community-theme-default/header.tpl SMW-INJ-CLOUDAV-js.spam-27295-5 Infected ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~ I replaced the reported file, taken from the backup and updated the theme from the core updater. Do you have any advice on how to search for malware and prevent it or useful information Thanks Link to comment Share on other sites More sharing options...
0 the.rampage.rado Posted October 19 Share Posted October 19 This polifill was flagged as malware by everybody because the domain that served it was overtaken by some hackers and they used it to distribute junk. There is no records that it was abused on any thirty bees / prestashop shops The both thirty bees themes were updated right after this was disclosed. No need to scan for anything. If you have some tool build into your hosting - you can use it. Otherwise don't worry. In order to be on schedule with thirty bees' development you can track code changes here: https://github.com/thirtybees You can also help develop the platform by submitting issues or enhancement ideas here: https://github.com/thirtybees/thirtybees/issues As you can see in GitHub the development is active and many bugs are fixed, many new features are active. I would suggest if you want your shop to be in best shape switch and update to edge (also for your community themes). Cheers! EDIT: Just saw that you replaced header.tpl form a backup - this will not solve your issue. This code was part of the theme for very long time, before the domain was overtaken by those Chinese hackers. Its usage was normal and it had purpose on very old IEs. You have to modify the file as described in the link above - just delete the lines in red. 1 Link to comment Share on other sites More sharing options...
Question
Pietroalberto
Hi, I had my domain suspended for malware, this is the report:
FILES INFECTED IN YOUR HOSTING ACCOUNT:
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
/home/cantina/public_html/themes/niara/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/cantina/public_html/themes/community-theme-default/header.tpl
SMW-INJ-CLOUDAV-js.spam-27295-5 Infected
/home/pcb/public_html/themes/berto/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/pcb/public_html/themes/niara/header.tpl
SMW-INJ-27348-js.spam.polyfill-3 Infected
/home/pcb/public_html/themes/community-theme-default/header.tpl
SMW-INJ-CLOUDAV-js.spam-27295-5 Infected
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
I replaced the reported file, taken from the backup and updated the theme from the core updater.
Do you have any advice on how to search for malware and prevent it or useful information
Thanks
Link to comment
Share on other sites
1 answer to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now