Security and privacy

 
 
C. Berisso (April 2007)
My site was hacked. Students get re-directed when accessing blog tag
 

Hello all,

I hope someone can help me get rid of a malware that is re-directing my students to a ".ru" website selling Viagra.

I have all my courses in Moodle 1.9.10. My site was hacked around Dec 24th, and I discoverd a malicious Troyan (php file) in one of my website folders just by chance. I did get rid of that php, and thought that things were fine.

Yesterday, several syudents reported that when they click on the "blog" tab within their "profile" window, they eitehr get re-directed to a Viagra website, or their antivirus refuses to render the link warning that there is an unsafe ".ru" website.

Has anyone encounter this problem before? How can I get rid of the problem, where do I have to look for the offending file? I don't know if there are more tabs that will reproduce this problem, but if it is only the "blog", can I get rid of that tab (I don't use the blog for my classes).  Any suggestion will be welcome.

Thank you

Cristina

 

 
Average of ratings: -
Picture of Helen Foster
Re: My site was hacked. Students get re-directed when accessing blog tag
Group DevelopersGroup Documentation writersGroup Moodle HQGroup Particularly helpful MoodlersGroup Testers

Hi Cristina,

Sorry to hear about your site being hacked. Hopefully the documentation Hacked site recovery can help you, and you can upgrade your site to the latest stable version as soon as possible.

 
Average of ratings:Useful (1)
Picture of Justas Pranskaitis
Re: My site was hacked. Students get re-directed when accessing blog tag
 

Hi, Have you  tried searching your moodle sql database for the page that students are getting redirected?

it looks like it was persistent xss attack and you should find some records related with this .ru site

 
Average of ratings: -