I am using Concrete 9.2.2 under PHP Version 7.3.33. Yes I need to upgrade, but I have a problem that is stopping everything. The Avasat One anti-virus on my PC has decided that my site is home to a Trojan. That is always useful to know so I went into CPanel and ran the virus check. Nothing found. Going back to Avast One I looked at the details they provided and they pointed to a file in the JS folder in Concrete. Back in Cpanel that was soon found and deleted. However, for the rest of the day Avast One blocked my attempts to do stuff on the site. Next day, into the site and Avast popped to say it had found a Trojan. It was located in the JS folder in a .js file of a different name. Back to CPanel and the file was soon deleted although Avast One did not believe it. I then spent much time complaining to Avast. Next day, ready to get to work I was stopped by Avast who had found a Trojan in the JS folder. Another .js file but with a different name. I have been in and deleted it, but killing the JS folders at the rate of one a day seems silly. Why not delete the whole folder?
The other related question is what is the JS folder and what do its components do? Would life without it be unbearable? I would welcome your advice.
Ok, so are these really rogue JS files or are you slowly deleting core JS files? What are some of the one’s you’ve deleted? If they’re really malware then you have a breach and deleting them one-by-one is not going to work. Also, false positives happen all the time with these anti-whatever programs.
Change your passwords.
Clean up anything else in your web space.
Something has access to either your local computer where you upload files to Concrete from, or to your webserver.
It’s extremely unlikely that this stuff is coming in through Concrete CMS itself, the platform has been rigorously tested by many people, many times, and meets US Department of Defense security standards.
Thank you for your responses. I have been through all the password changing stuff when the site got hacked. The Hosting team got that sorted out for me and have been generally helpful.
The files deleted so far are:
Bootstrap.js, tquery.js, Vue.js and Moment.js with Main.js now being flagged up on the desktop as the latest ‘naughty’, but not on this laptop.
I have also been advised to backup application/files/ and /application/config/database.php then delete all the files and do a fresh install of V9.4.X. That sounds sensible but not what I want to do now as I am still trying to update my other (old) site from V5 or 6 which is proving difficult.
I have not managed to sort this problem, despite attempting to white list the site with Avast. Thus I think it is time to do a clean install of V9.4 rather than an upgrade.
To do that I assume that I will need to copy and save mydatabase.sql and also database.php. Anthing else that I ought to save on the local PC? Presumably I should then delete everything in my user space, load whatever version of PHP that V9.4 needs and finally run Softaculous to do the new install. Once done I need to import mydatabase.sql and database.php to replace the default ones put in place at the install.
However, that seems almost too easy, so I would be grateful to know what I have missed and whether I am on the wrong track.
Since your problems all eminate from the concrete folder, why not replace the root/concrete folder with the one from a 9.4.3 download.
Then rename the application/config/update.php file to updateold.php and visit your site in a browser to perform the update.
Next delete all files and folders in the root/updates folder.
Login to your site and clear the cache.
If yous site has been previously infected, it is critical that you replace the /concrete folder as @ConcreteOwl has suggested and remove the /updates. Note replace, not just over-write. You need to be 100% clear of any lingering damage.
Many thanks for the ‘emphasis’ which makes complete sense. I think that I have sorted out the Avast issue or at least found a way to keep Avast from getting in the way. So I will begin work this afternoon…