Thursday, 9 April 2015

Solved: Autson Slideshow Clickjack Issue in Joomla

A client notified me that their Avast AntiVirus was blocking their own site because of clickjack attempts, more specifically JS:Clickjack-A [Trj] with a big shiny red TROJAN HORSE BLOCKEDalert.
Avast blocking clickjack trojan
It came down that the cause was a legitimate module, called Autson Slideshow. this nice slideshow module that has unfortunately now been discontinued and the develope's site is non-functional as well. 
I didn't want to remove the module, because the website had it on the front page, and I also didn't want to install and configure a different module with the same functionality. I needed a solution, and I found it on the net.
Here's how I recovered the usability of Autson Slideshow:
1. Open \modules\mod_AutsonSlideShow\tmpl\default.php
2. Around line 564 locate and delete this script that looks something like this:
< script language="JavaScript" >
function dnnViewState()
var a=0,m,v,t,z,x=new Array('xxxxxx'),l=x.length;while(++a<=l){m=x[l-a];
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
< /script >

3. At the very end of the file, around line 788, locate and delete this code:

<p class="dnn">By A <a href="" title="web design company">Web Design</a></p>

After removing these two chunks of code from Autson Slideshow Avast did not report a clickjack attempt on page load. I ran several online scanners and none of them reported anything suspicious so having made these changes, Autson Slideshow can be used with no warnings.

PS: I used sucuri and webinspector to run an online scan of the website for malware.
Solution found at

No comments:

Post a Comment