Jump to content

How to scan for suspicious files after IP.Board security issue?

Featured Replies

Posted

We are one of many IP.Board owners victimised by the latest IP.Board security issue.

Can anyone advise a scanner for finding the sucpicious files that are possibly still located in our webroot?

We are running Linux (Centos) and IPS support was unable to give us any further advise :sad:

Cheers,

Michel

My hosting company does it for me upon request, or they will eventually catch it and send me a list of where the bad files are at. You might want to also ask your host.

I have find that all of mine were in cache for this last breach. Previous to that, they were in public and cache.

Here's another tool that might help:

http://sitecheck.sucuri.net/scanner/

  • Author

Thanks,

This scan, as well as many other doesn't work in this case. I need something I can run locally.

I do not have a hosting provider, since we host our own site on our own servers.

Anyone else any tips?

Michel

the problem is: what are you looking for ?

Why are you searching malicious code ? It's only to prevent ?

When your site is working and you patched in november and 2 days ago you are fine

  • Author

We did get infected just before applying the patch.

I want to make sure all infected files have been removed.

have you a local copy of files of forum ? A files backup, not db.

I usually run BEYONDCOMPARE every week to investigate if there are new files or modifications

http://www.scootersoftware.com

Anyway the ticket assistance replied me that the infected files are into cache, probably.

Download them and check them all. They are not too many

Archived

This topic is now archived and is closed to further replies.

Recently Browsing 0

  • No registered users viewing this page.