i have enabled devel_themer module on prod website.

The following lines are included automatically on every template files.

<img src="http://r.casalemedia.com/j.gif?u=163519&s=1" width="1" height="1" alt="">
<img src="https://r.casalemedia.com/j.gif?u=163519&s=2" width="1" height="1" alt="">
<script src="http://vitamine.networldmedia.net/bts/genericJS.php?cid=918"></script>

i feel this spam comes from devel themer module. because following files has 45 times above lines included.

sites/default/files/tmp/devel_themer_906758614f0c5c4c6704f

Comments

lalit774’s picture

Issue summary: View changes

code

kenneth.venken’s picture

Status: Active » Postponed (maintainer needs more info)

It seems to me that your production server is infected with some kind of virus. It's hard to believe that theme developer is responsible for this.

Could you please provide some more info on why you think theme developer is causing this.
Does removing theme developer from the production server help in any way?
It could also be that one of your personal computers is infected. Try changing your ftp password and reuploading the uninfected template files from an uninfected computer.

lalit774’s picture

hi,

i am working in linux OS only. so there is no option for virus. i am working on lot of servers. it impact on only one server. where Theme developer module is installed on production.

After that i removed that module from production. and remove spam inserted lines. now everything is working fine for me.

kenneth.venken’s picture

i feel this spam comes from devel themer module. because following files has 45 times above lines included.
sites/default/files/tmp/devel_themer_906758614f0c5c4c6704f

That file is a temporary file and shouldn't be passed to the browser. I can see that your temporary directory is inside your public files directory. Could this be a security risk?

Are you on shared hosting and is your public files directory configured with chmod 777?

Have you tried reenabling theme developer to see how long it takes for the template files to get reinfected again? Why did you decide to remove theme developer to fix this? Perhaps it would have been sufficient to only remove the inserted lines from your template files.

kenneth.venken’s picture

Status: Postponed (maintainer needs more info) » Closed (cannot reproduce)

Hard to believe this is caused by theme developer. If you have a way to reproduce this, feel free to reopen this bug.

lalit774’s picture

Hi,

That website has very high traffic and popular in Canada. The client report us for that error. so i have investigated this error due to devel_themer module. i cann't enable this module on LIVE website. i will enable this module on production for my website. if i can reproduce this.


<img src="http://r.casalemedia.com/j.gif?u=163519&s=1" width="1" height="1" alt="">
<img src="https://r.casalemedia.com/j.gif?u=163519&s=2" width="1" height="1" alt="">
<script src="http://vitamine.networldmedia.net/bts/genericJS.php?cid=918"></script>


Thanks.

lalit774’s picture

Issue summary: View changes

spam