I have a site that I believe has been hit with a virus. This is what shows up at the bottom of the administrator source code;
-----

-----

I really need a 'Smart Person' to jump in and save the day!!!

Thanks in advance for any assistance.
Ed

Hi Ed,

Open a support ticket with ftp details and Ill take a look.

Cheers Anthony

Thanks for your help... I owe you one, two or three!

Hi Ed

Tom Canavan of JoomlaRescue.com - help@joomlarescue.com - Anthony had notified me you were being attacked by evil code ...

I would be more than happy to provide a flat rate quote for clean up and check out of the site.

I've been seeing this particular attack a lot lately.

I am in the States, but try to keep somewhat Oz hours - so I"m usually on most of the time.

THank you

Tom,

Thanks for your reply to my client's most recent attack. I have visited with the owners of the site and they would like to get a quote on how to better secure the Joomla install I did for them as well as the dedicated server it resides on. I have sent you an email with my direct contact info (Eastern USA) and I'd love to visit with you. Thanks again.

Ed

p.s. I'm sorry that your 'first' post on this forum had to deal with my issues!

A note to anyone reading this.
Prevention measurements

- Ensure you use the latest browser version
- Disable javascript if possible
- Use Firefox with addon "noscript" (!)
- Download and install some free antivirus software, make sure it stays updated
- Use http://www.avg.com.au/index.cfm?FREE onlinescan to test suspicious links you are given in emails or find online.

Keep your Joomla versions up-to-date.

Joomla! versions, prior to the current (at this time 1.5.14) have several known (and resolved) exploits, both of which are mentioned in the first post as the discovered compromise attempts (attempting to acquire admin logon and even older, PHP register_globals ON allowing configuration.php variable injections) Both these exploits are covered by the practices in the Security Guide http://forum.joomla.org/viewtopic.php?f=432&t=335090, with the second only being relevant to J! 1.0 releases prior to J! 1.0.13 AND only if PHP register_globals are enabled on the server.

Read the two links provided in the Security link above as they BOTH give great info.