cancel
Showing results for 
Search instead for 
Did you mean: 

I badly need help as recently my host suspended my website due to possible " malicious"

I badly need help as recently my host suspended my website due to possible " malicious"

Hi Guys,

 

I badly need help as recently my host blocked port 80 due to "malicious" script in magento-(1.9.2.3) file (they want me to remove it). i have no idea about it. this is the first time i encounted this issue.  The reported content is  public_html/js/tiny_mce/plugins/paste/js/pasteword.js

 

I like to check is the "public_html/js/tiny_mce/plugins/paste/js/pasteword.js" part of magento files or ? What should i do?

 

Looking forward for your kinds replays.

 

Thanks.

2 REPLIES 2

Re: I badly need help as recently my host suspended my website due to possible " malicious&quot

I have a fairly clean install of 1.9.2.3 and i can confirm its a file in the installer so would say its a required file, upon looking at the code it does the below:

 

  • Finds a iframe.
  • Overwrites the frames internal HTML with another iframe (this might be why it detects)
  • Then gets above added iframe.
  • Adds the selected theme and adds some more HTML.
  • Then displays it in a new window.

 

See below code for a clean file an double check yours hasn't been edited.

 

Mine has 103 lines including empty lines.

 

tinyMCEPopup.requireLangPack();



var PasteWordDialog = {

	init : function() {

		var ed = tinyMCEPopup.editor, el = document.getElementById('iframecontainer'), ifr, doc, css, cssHTML = '';



		// Create iframe

		el.innerHTML = '<iframe id="iframe" src="x-javascript&colon;\'\';" frameBorder="0" style="border: 1px solid gray"></iframe>';

		ifr = document.getElementById('iframe');

		doc = ifr.contentWindow.document;



		// Force absolute CSS urls

		css = [ed.baseURI.toAbsolute("themes/" + ed.settings.theme + "/skins/" + ed.settings.skin + "/content.css")];

		css = css.concat(tinymce.explode(ed.settings.content_css) || []);

		tinymce.each(css, function(u) {

			cssHTML += '<link href="' + ed.documentBaseURI.toAbsolute('' + u) + '" rel="stylesheet" type="text/css" />';

		});



		// Write content into iframe

		doc.open();

		doc.write('<html><head>' + cssHTML + '</head><body class="mceContentBody" spellcheck="false"></body></html>');

		doc.close();



		doc.designMode = 'on';

		this.resize();



		window.setTimeout(function() {

			ifr.contentWindow.focus();

		}, 10);

	},



	insert : function() {

		var h = document.getElementById('iframe').contentWindow.document.body.innerHTML;



		tinyMCEPopup.editor.execCommand('mceInsertClipboardContent', false, {content : h, wordContent : true});

		tinyMCEPopup.close();

	},



	resize : function() {

		var vp = tinyMCEPopup.dom.getViewPort(window), el;



		el = document.getElementById('iframe');



		if (el) {

			el.style.width  = (vp.w - 20) + 'px';

			el.style.height = (vp.h - 90) + 'px';

		}

	}

};



tinyMCEPopup.onInit.add(PasteWordDialog.init, PasteWordDialog);

 

 

Re: I badly need help as recently my host suspended my website due to possible " malicious&quot

Topic moved to the Technical Issues section. 

 

The file pasteword.js doesn't seem to be a legitimate file in Magento. 

 

You may need to go through your files to check through on which of them are infected or hacked. Here's a good guide to start with:-

https://www.stopbadware.org/common-hacks

 

If you do not know how to do so, you may either need to wipe the slate clean and restore from the last good backup or hire a security provider like Sucuri to go through your files and database.