Mobile Joomla is calling external suspected images (malware)

BackMenu
Home
negative
9 years, 11 months ago
Hello, when i check the my joomla mobile website via "google mobile friendly check" system, it says, we have 2 external sources found and blocked by robots.txt 

These are ;
rc.rlcdn.com/361726.gif?n=1&33random=9.3025034201
clients.bluecava.com/data/pixel.png?p=145c07db-9bd4-440d-9130-b5b794ec4ce7&rand=9.3025034201

When i check them; 
www.virustotal.com/en/url/eef3f62d57ad211a64668c0fa421d4326fd6009705816d8094431ab4784b28c4/analysis/

This files calling only when mobile enabled. 

I have installed latest version of mobile joomla from here. And i m using free version. 

What is these files?? 
dryabov
9 years, 11 months ago
MobileJoomla doesn't add external resources except of support ads code. What is URL of your website? Check that your website is not hacked.
negative
9 years, 11 months ago
My website URL is ;  goo.gl/tWx08b

Website is not hacked of course because desktop view dont call anything like this. Only mobile joomla calling. Check at the www.google.com/webmasters/tools/mobile-friendly/ and see the calling these malwares while mobile joomla enabled.  
dryabov
9 years, 11 months ago
negative wrote:
Website is not hacked of course because desktop view dont call anything like this. Only mobile joomla calling. Check at the www.google.com/webmasters/tools/mobile-friendly/ and see the calling these malwares while mobile joomla enabled.  


It's quite popular to affect mobile version only by code injected by hackers (as it is harder to detect that site was hacked), usually such a code checks for "iPhone" or "Android" string in User-Agent header.

MobileJoomla Community includes standard Google AdSense code only, but it is unlikely that Google allows malware to be loaded in ads.

PS. I've noticed that your site loads a script from tcr.tynt.com, and seems that it might contain viruses: www.scumware.org/report/tcr.tynt.com.html
negative
9 years, 11 months ago
dryabov wrote:
negative wrote:
Website is not hacked of course because desktop view dont call anything like this. Only mobile joomla calling. Check at the www.google.com/webmasters/tools/mobile-friendly/ and see the calling these malwares while mobile joomla enabled.  


It's quite popular to affect mobile version only by code injected by hackers (as it is harder to detect that site was hacked), usually such a code checks for "iPhone" or "Android" string in User-Agent header.

MobileJoomla Community includes standard Google AdSense code only, but it is unlikely that Google allows malware to be loaded in ads.

PS. I've noticed that your site loads a script from tcr.tynt.com, and seems that it might contain viruses: www.scumware.org/report/tcr.tynt.com.html

Where is from calling this URL ? on mobile side? 

And how can i scan the mobile joomla or website ?
dryabov
9 years, 11 months ago
negative wrote:

Where is from calling this URL ? on mobile side?

Both desktop and mobile, at the bottom of html source:

<script type="text/javascript">
if(document.location.protocol=='http:'){ var Tynt=Tynt||[];Tynt.push('d7DtPG3Kir4i8bacwqm_6r');Tynt.i={"cc":"0","su":1,"st":0,"b":0,"ap":"Read More:","t":0,"el":" <a style=\"color: #003399;\" href=\"\" target=\"_blank\"></a>","as":""};
(function(){var s=document.createElement('script');s.async="async";s.type="text/javascript";s.src='http://tcr.tynt.com/ti.js';var h=document.getElementsByTagName('script')[0];h.parentNode.insertBefore(s,h);})();}
</script>
negative
9 years, 11 months ago
dryabov wrote:
negative wrote:

Where is from calling this URL ? on mobile side?

Both desktop and mobile, at the bottom of html source:

<script type="text/javascript">
if(document.location.protocol=='http:'){ var Tynt=Tynt||[];Tynt.push('d7DtPG3Kir4i8bacwqm_6r');Tynt.i={"cc":"0","su":1,"st":0,"b":0,"ap":"Read More:","t":0,"el":" <a style=\"color: #003399;\" href=\"\" target=\"_blank\"></a>","as":""};
(function(){var s=document.createElement('script');s.async="async";s.type="text/javascript";s.src='http://tcr.tynt.com/ti.js';var h=document.getElementsByTagName('script')[0];h.parentNode.insertBefore(s,h);})();}
</script>


I cant see that code when i check my source code on google chrome. I click show source the desktop view but i cant see like this. 
dryabov
9 years, 11 months ago
Maybe it is not displayed for authorized users. Did you try to check it in browser's incognito mode?
negative
9 years, 11 months ago
dryabov wrote:
Maybe it is not displayed for authorized users. Did you try to check it in browser's incognito mode?
I tried it but i cant see any code like this, can you please take the screenshot of source ?

Thank you
1

By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them. This site will not function correctly without cookies.

I accept cookies from this site.