December 29, 2012 in Classic self-hosted technical help
We are one of many IP.Board owners victimised by the latest IP.Board security issue.
Can anyone advise a scanner for finding the sucpicious files that are possibly still located in our webroot?
We are running Linux (Centos) and IPS support was unable to give us any further advise :sad:
filezilla is the first chance:
search for " *.pHp " and set searching case sensitive
This occasion infected file has this file.extension ( pHp with H capital letter )
Date of file is 21 of december or later, in any situation I read about)
My hosting company does it for me upon request, or they will eventually catch it and send me a list of where the bad files are at. You might want to also ask your host.
I have find that all of mine were in cache for this last breach. Previous to that, they were in public and cache.
Here's another tool that might help:
This scan, as well as many other doesn't work in this case. I need something I can run locally.
I do not have a hosting provider, since we host our own site on our own servers.
Anyone else any tips?
the problem is: what are you looking for ?
Why are you searching malicious code ? It's only to prevent ?
When your site is working and you patched in november and 2 days ago you are fine
We did get infected just before applying the patch.
I want to make sure all infected files have been removed.
have you a local copy of files of forum ? A files backup, not db.
I usually run BEYONDCOMPARE every week to investigate if there are new files or modifications
Anyway the ticket assistance replied me that the infected files are into cache, probably.
Download them and check them all. They are not too many
This topic is now archived and is closed to further replies.
Started Sunday at 05:51 PM
Started 3 hours ago
Started 21 hours ago