Jump to content

Holiday Closure, Support Availability Notice

Invision Community

Invision Community

is this an exploit or what?

Posted January 31, 201312 yr

Just found this on cache/

cat 7a8a823f8b7c.pHp 

==============================================================================
=========================        END       ===================================
========================= /interface/blog/xmlrpc.php?sid=14eb97dd10564a7e7e42c90ca9aa66de& ===================================
==============================================================================

January 31, 201312 yr

doesn't look legit to me...

January 31, 201312 yr

Author

me neither, i tried to decode it, but i was not able to do it :S

February 1, 201312 yr

I just found a very similar file in my cache directory.

..Al

February 1, 201312 yr

That looks like a leftover file from a previous exploit and should be removed. It is certainly not a file IP.Board utilizes.

February 1, 201312 yr

That looks like a leftover file from a previous exploit and should be removed. It is certainly not a file IP.Board utilizes.

Oh, I removed it alright. With prejudice!

February 1, 201312 yr

wold think anything using pHp (capitol H) would never be legit.

February 1, 201312 yr

Author

yesturday i had chmod 000 the file in the meanwhile

February 2, 201312 yr

Here is an article you can use to help clean up your site if needed http://community.invisionpower.com/resources/guides.html/_/knowledge-base/how-to-clean-your-site-from-infection-r266

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

No registered users viewing this page.