Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Test failed: Another Facebook extension is installed

Topic-icon Test failed: Another Facebook extension is installed

Active Subscriptions:

None
9 years 10 months ago #58836 by SengaB
Hello!

It took me a while to understand why I had so many spammers reported on Admin Tool (Akeeba plugins). When my own IP address login returned the same target URL report:https://www.frontmatter.com/index.php?option=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500&view=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00&id=179%3Ashopify-rolls-out-shop-section-on-facebook
at last, I understood that the JFBConnect plugin was the place to source the error.
I verified Facebook API settings and the Facebook Login does not show any error or alert. However, I found the error when running your plugin autotune. Looking at the history of the "spammers" report and users blocked from accessing the registration of the site, it seems that this error has been there since the installation.
Any help with this issue will be well appreciated.
Thanks & regards,
Agnes
The topic has been locked.
Support Specialist
9 years 10 months ago #58842 by alzander
The error isn't from JFBConnect or related to us at all.

The URL above is what automated tools use to try to find cracks in your server settings. *Some* very poorly configured servers and possibly really, really old versions of Joomla (like 1.x) can take a URL like:
index.php?option=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%
And parse that out to load the actual file on your server of /etc/passwd The passwd file is a security file on your server that holds credentials and other information a bad person could use to hack into your server further.

Your IP showed up in the log because you tried to visit that URL after you saw it in the logs.

For more details, feel free to look at the link below:
ulissesaraujo.wordpress.com/2009/01/23/http-attacks/

Again, the URL above is normally in logs because there are automated bots out scanning every site to see if they are vulnerable. There's nothing you can do about that. If you're still concerned though, ask the Akeeba Admin Tools developers.

Finally, for Autotune error, it's true. There's some plugin or module on your site that's inserting the following HTML into your page:
<!-- CoalaWeb Facebook JS -->
<div id="fb-root"></div>
        <script>      
            window.fbAsyncInit = function() {
            FB.init({
...
You'll want to disable that plugin or have it not include that bunch of Javascript which can conflict with JFBConnect.

I hope that helps.

Thanks,
Alex
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect v8.x Support (Joomla 3 Only) (CLOSED)
  7. Test failed: Another Facebook extension is installed
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS