On 09/28/2012 09:55 AM, hannah commodore wrote:
On 28/09/2012, at 9:40, Roger <arelem@bigpond.com> wrote:
Further, If he (is developing on a windows home pc and) has no intrusion protection, high quality fire walls, etc, he could find that his personal machine is also hacked and that he is inadvertently placing the code while developing. The FTP credentials stored on a desktop with malware are the most common cause of inserted malicious code, I've found.
Another common one is a vulnerable version of Joomla, which is easy for spiders to find on the web.
I'd recursive grep over the whole sites files for eval( and variations of '<scr'+'ipt>' used to inject html.
also often the bad code will only be served to specific users to e.g. prevent google from detecting the site hosts malicious code _______________________________________________
Thanks Hannah, you have given me something else to consider. I'll run those on our server. If my understanding is correct, Joomla has had, and still has security issues as did/does Typo3. They are being addressed but may be still an issue to be dealt with. Trouble with the above approach is denial. The fellow doesn't know web security, personal computer security and probably is not going to have a clue what the above means let alone trying it. He won't know grep or what else to look for. Add this to "it doesn't' happen to me", "my pc is secure", " it's not my fault". Roger