Templates hacked

Questions related to the configuration of Joomla, Templates, and Security related questions/issues
Rate this topic: Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.Evaluations: 0, 0.00 on the average.
GK User
Mon Jul 03, 2017 8:56 pm
Hi,

We are using rockwall and university and other templates and in the last week we have been hacked.
Our site at http://theplanespotterscommunity.co.uk was reported as having a problem that if you went to the site and then hit the back button we were redirected to advertising sites. This only happened on the iPad/iPhone.
We spent quite a while figuring out it was the template and when we removed the rockwall template and uploaded the latest version the problem went. So this site is OK now. The only issue is it could be hacked again.

We currently have a site at researchcloud.perryworld.co.uk which has also been hacked.
This site uses the university template.
If you go to the site on an iphone/ipad and press the back button you will be redirected.

Let me know if you need access to the back end.
Thanks
Rich
User avatar
Senior Boarder

GK User
Thu Jul 06, 2017 1:10 am
I discovered that the problem must be at the cookie law Consent plugin. When you are on mobile and click on a link then site opens to a new window and on the original window an add is loading.
I tried to install latest version of hotel template but the template becomes damaged. Also i found that the same problem is on istyle template (latest version). When i disable the cookie law Consent plugin site works fine.
User avatar
Fresh Boarder

Joshua M
Thu Jul 06, 2017 9:48 am
Hello,
It's a problem with old not supported version of Cookie Law plugin, we've updated this plugin within our latest 12 templates. (unfortunately instyle template was not included). We'll update other templates as soon as possible. Thanks for the information.
User avatar
Moderator

GK User
Wed Jul 12, 2017 4:09 am
I should have checked here first - could have saved a lot of stressful hours. Thanks @perryworld for sharing this info.

Hi @Joshua M. Can you please confirm that ALL templates are now clean from this cookielaw.php file as I've found it in 3 of your templates so far and not too keen to download replacements only to find any haven't been covered... thanks...
User avatar
Expert Boarder

GK User
Wed Jul 12, 2017 4:18 am
Hey just in follow up to this problem - is it safe to remove the whole file cookielaw.php from the template?

The following code is currently commented out in ours <script type="text/javascript" src="https://s3-eu-west-1.amazonaws.com/assets.cookieconsent.silktide.com/current/plugin.min.js"></script> which as kept the probelm and the porn at bay, but I'll remove the entire files if that's better?
User avatar
Expert Boarder

Joshua M
Thu Jul 13, 2017 7:18 am
Hi,
Please check the updates section:
https://www.gavick.com/updates?task=group&id=4
click your template and if you find in the changelog "New Cookie Law plugin (SECURITY FIX)" - this template is updated.

Not updated yet: Magazine, Msocial, MusicState, News2, RockWall, ShopAndBuy, Simplicity, StoreBox

You can clear this file (don't remove it, because it may cause fatal error), it's enough to disable cookie plugin or clear your cookielaw.php file.
User avatar
Moderator

GK User
Wed Jul 19, 2017 4:03 am
Sorry Joshua, I've been on leave.
Thank you for that. I'll look into it.
User avatar
Expert Boarder

Joshua M
Wed Jul 19, 2017 8:18 am
Hi,
All templates are updated now.
User avatar
Moderator

GK User
Wed Jul 19, 2017 11:22 pm
Joshua M wrote:Hi,
Please check the updates section:
https://www.gavick.com/updates?task=group&id=4
click your template and if you find in the changelog "New Cookie Law plugin (SECURITY FIX)" - this template is updated.

Not updated yet: Magazine, Msocial, MusicState, News2, RockWall, ShopAndBuy, Simplicity, StoreBox

You can clear this file (don't remove it, because it may cause fatal error), it's enough to disable cookie plugin or clear your cookielaw.php file.


Technews for Joomla! 3 shows updated 13/7/17 but no mention of 'New Cookie Law' fix in changelog. I use this template and have the same problem described above.

Can you confirm if the issue has been resolved in the new version of the template?

Thanks
User avatar
Fresh Boarder

Joshua M
Fri Jul 21, 2017 8:30 am
Hi,
There's no information about "New Cookie Law" plugin, because for the TechNews this issue was fixed in previous template version (1.0.5)
https://www.gavick.com/updates?task=upd ... 66&catid=4

so if you are using version 1.0.5 or 1.0.6 the problem is fixed.
User avatar
Moderator


cron
Remember me
Register New Account
If you are old Gavick user, click HERE for steps to retrieve your account.