• Home

Warning

You do not have a menu item pointing to the list all Akeeba Ticket System categories for the English (en-GB) language. Ticket links may be broken until you add such a menu item.

#4 – can not download

Posted in ‘Assistance’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Friday, 02 August 2013 23:56 UTC
iveth
Hi   You have a Trojan or your site has been hacked - My computer blocks your website when trying to download
Saturday, 03 August 2013 08:43 UTC
hpjadmin

Hi,

thank you for the heads up.

I just finished checking viruses and logs for unusual activities, and everything looks clean.

There was however an issue with the software managing the releases of our components, which made strange errors with the site styles and routing (trying to download the toomanyfiles plugin you would get the little helper package).

This was a strange routing issue which could have raised the flags of your antivirus; however I tested with joomscan, maldet, clamav, nod and avast and everything looks clean.

Would you try again or provide more details to confirm the issue is solved?

Saturday, 03 August 2013 14:43 UTC
iveth
Hi   The problem is still there the trojan is called something like php shell    
Saturday, 03 August 2013 15:07 UTC
hpjadmin

Ok then, it's fairly clear now. Please disregard my previous message as the issue described was totally unrelated.

Joomla Little Helper has a "clean cache" feature which deletes the content of the cache folders.  In order to achieve max performance on large sites, it tries to use some system functions (namely rm -rf) to delete folders.

Php can be configured to prevent usage of some direct system access calls, so I use an approach which - alas - can be found in viruses too: I test if the functions system, exec etc. are available and if so I use them; after this, I proceed with the standard (and much slower) php functions as a rollback. 

This leads me to think it may be a false positive; please let me know what antivirus product you are using so I may investigate further with the producers and create a test case.

It would be extremely easy to remove the direct system calls, but then the clean cache will easily take 10 seconds on a website with moderate traffic, as opposed to 1/100th of a second of the direct system call: would you recommend we release a "small sites only" version without those calls?  On most company websites it wouldn't make any difference.

Saturday, 03 August 2013 16:27 UTC
iveth
My Anitvirus is Avast - and I have disconected it and I have finally downloaded your little helper software - thanks - I will play with the icon features - do you have this extension for Joomla 15?
Saturday, 03 August 2013 17:42 UTC
hpjadmin

Little Helper's features help mostly while setting up a site, and I think (hope) nobody has been installing 1.5 for quite a while.

Joomla 1.5 sites are often hacked, the version is not mantained since ages, and I guess the JED won't even publish 1.5 versions any longer.  Hence there is no J1.5 version planned.

Tuesday, 10 February 2015 12:33 UTC
hpjadmin

Update: Avast has accepted to include our file in their exclusion list, hopefully this will solve the issue as no other antivirus mark it as infected.

This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.