Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 29, 201212 yr We are one of many IP.Board owners victimised by the latest IP.Board security issue. Can anyone advise a scanner for finding the sucpicious files that are possibly still located in our webroot? We are running Linux (Centos) and IPS support was unable to give us any further advise :sad: Cheers, Michel
December 29, 201212 yr filezilla is the first chance: search for " *.pHp " and set searching case sensitive This occasion infected file has this file.extension ( pHp with H capital letter ) Date of file is 21 of december or later, in any situation I read about) http://community.invisionpower.com/topic/375899-suspicious-file-in-cache/ gp
December 29, 201212 yr My hosting company does it for me upon request, or they will eventually catch it and send me a list of where the bad files are at. You might want to also ask your host. I have find that all of mine were in cache for this last breach. Previous to that, they were in public and cache. Here's another tool that might help: http://sitecheck.sucuri.net/scanner/
December 29, 201212 yr Author Thanks, This scan, as well as many other doesn't work in this case. I need something I can run locally. I do not have a hosting provider, since we host our own site on our own servers. Anyone else any tips? Michel
December 29, 201212 yr the problem is: what are you looking for ? Why are you searching malicious code ? It's only to prevent ? When your site is working and you patched in november and 2 days ago you are fine
December 29, 201212 yr Author We did get infected just before applying the patch. I want to make sure all infected files have been removed.
December 29, 201212 yr have you a local copy of files of forum ? A files backup, not db. I usually run BEYONDCOMPARE every week to investigate if there are new files or modifications http://www.scootersoftware.com Anyway the ticket assistance replied me that the infected files are into cache, probably. Download them and check them all. They are not too many
Archived
This topic is now archived and is closed to further replies.