Jump to content
GreenSock

MiloW

Intrustion when using TweenMax?

Warning: Please note

This thread was started before GSAP 3 was released. Some information, especially the syntax, may be out of date for GSAP 3. Please see the GSAP 3 migration guide and release notes for more information about how to update the code to GSAP 3's syntax. 

Recommended Posts

Hi,

 

I'm not a hard-coding developer so please excuse my lack of professional courtesy ; )

 

Anyway. I have this Joomla site and something works out bad.

Last night the site turned dead. Discovered a lot of files in the cache directory. After turning the cache off and on - the files come back. OK, so I' debugging. RS Firewall showed something like this:

 

components/com_layer_slider/base/includes/slider_markup_init.php Suspicious JS inclusion cdnjs.cloudflare.com/ajax/libs/gsap/1.16.1/TweenMax.min.js"></script>

 

I look inside the file - OK, there it is. First it was 1.12.2 or so, changed to the latest one. RS still sees this as a suspicious JS inclusion.

Unfortunately, I have no time to wait for the slider maker's response as my client is probably up by now (I started 3 hours ago, early in the morning). Hosting loaded my day-before-yesterday backup but this started to happen again.

 

The files which are growing in the cache are like this:

461eba3d86a698b21884bd2d67f164d5-cache-page-61e660625c6877de5807d38fb35f520a.php

page-xxxxxxxxxxxxxxx is different but the beginning is the same.

 

Inside:

EDIT: This seems to be something normal for cache : /

<?php die("Access Denied"); ?>#x#a:3:{s:4:"body";s:709:"<?xml version="1.0" encoding="utf-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/"><ShortName>Kliniki Ziemlewski</ShortName><Description>Klinika Warszawa | Wrocław | Poznań | Łódź</Description><InputEncoding>UTF-8</InputEncoding><Image type="image/vnd.microsoft.icon" width="16" height="16">http://www.klinikiziemlewski.pl/templates/jsn_time_pro/favicon.ico</Image><Url type="application/opensearchdescription+xml" rel="self" template="http://www.klinikiziemlewski.pl/component/search/?id=115&Itemid=118&format=opensearch"/><Url type="text/html" template="http://www.klinikiziemlewski.pl/index.php?option=com_search&searchword={searchTerms}"/></OpenSearchDescription>
";s:13:"mime_encoding";s:37:"application/opensearchdescription+xml";s:7:"headers";a:1:{i:0;a:2:{s:4:"name";s:3:"P3P";s:5:"value";s:50:"CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"";}}}

So now is my question: do you guys think it's something with the actual TweenMax or is it connected with Joomla cache somehow, and therefore it's not the library problem?

I hope the layer maker will contact me back soon.

 

Any chances that this library messes up with something about cache of the system? Anyone heard of anything? : )

 

Or is it coincidence that RS Firewall shows this (TweenMax file) as a possible JS inclusion (wrong word in the topic - sorry : )?

 

Thanks for any hints.

 

Milo

Link to comment
Share on other sites

I've never heard of this sort of thing before. I can assure you that TweenMax doesn't do anything to mess with Joomla's cache or anything like that - it just animates things (when you ask it to). There is no malicious code whatsoever. I Googled the error you mentioned and there are many reports of false positives. Apparently there are problems with the automated algorithm they're using to sense "malware" in your Joomla thing. 

 

GSAP is used by some of the biggest brands on the planet (Intel, McDonalds, Sony, Samsung, etc.). It's recommended by Google itself. If there were malware in it, I'm sure you'd see an outrage on the web about it. :)

 

I'm pretty confident there's nothing to worry about and you can write it off as a false positive. If you find any evidence to the contrary, please let us know. 

Link to comment
Share on other sites

It's not illegal to ask, though : )

 

Thanks and keep up the good work guys. Gonna investigate this further. I feel I'm close to the resolution.

Link to comment
Share on other sites

No problem. I certainly don't blame you for asking. Let us know what you find. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×