bfarber Posted September 21, 2009 Share Posted September 21, 2009 File Name: Global Suspicious File CheckerFile Submitter: bfarberFile Submitted: 11 Jul 2006File Category: IPB 2.1.x Tools This tool should be uploaded to your public_html directory and visited in your browser. It will list all files on your server and weight them in relation to IPB depending upon how suspicious they are. A bold filename means that it's been modified in the past 7 days. An orange filename means that it's over 100k in size (and most of the trojans are) A red filename means it's likely to be a known trojan's filename or it was created by userid 99 (nobody). Now, it is VERY important that you not just delete any files without knowing what you are doing. Check any suspected files out first...see if they really are bad scripts or not. Skin files can be cached as a different user than the web or ftp user at times, as it runs via php. Sometimes you apply patches and a file was recently modified. Just be sure what you are doing before deleting files you may need. Make a backup first. This tool includes some helpful filters at the top. You can show all files, or you can filter by "larger than 100k", "user 'nobody'", or "modified within past 7 days". This, like any other tool, is only as good as the operator makes it.Click here to download this file Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.