views:

140

answers:

2

The only php page that I see with the code is the index.php, so I replace it with a backup and everyday I see it change to:

Parse error: syntax error, unexpected '<' in /nfs/c05/h02/mnt/73056/domains/essinteractive.com/html/index.php on line 93

I am in the process of deleting the site and reinstalling Joomla with all its plugins. Will I also have to rebuild the database? I don't know if this was just a PHP Injection or a SQL Injection. Is there a way to test for MySQL injection?

A: 

You said you see it change everyday to what you quoted, but that is what you see in your browser. You should check what you see when you open index.php with your code editor. My guess is that you will find part of the file deleted, at the end, and replaced by an iframe or script tag. If so, I expect your local computer has a trojan which uses the FTP credentials in your FTP client to inject malicious code into index.php and other files. If that is the case, then I have a script for that will clean your Joomla installation but the first thin to do is to change your FTP password.

E Wierda
I work with a mac, so don't think it's a virus changing my index page.
pcasa
A: 

At the end, there where 2 other files that where affected changing the page. Actually ended up replacing all 3 files and that was it.

The 3 files where:

Site Root > index.php 
Site Root > plugins > system > yoo_effects > lightbox > index.html

and a custom page that I had with a link to it.

pcasa