dtwood01 Posted November 27, 2023 Posted November 27, 2023 Hey all, very recently we received a notification from our WHM that there were two file paths to ipb_converge.php files that were flagged as malware utilizing SQL injection. Taking a look at both of these files, they are both identical, and all lines of code seem to be very well documented. They also have not been touched or modified since 2012, so we're wondering if they're in the right place or even necessary. It also seems odd that one of them resides within a css folder structure. Happy to provide any additional information, just seems odd that they're being flagged just now. Paths to files, just to know if they are actually in the proper place: public_html/forum/public/min/ipb_converge.php public_html/forum/public/style_css/ipb_converge.php
Solution Nathan Explosion Posted November 27, 2023 Solution Posted November 27, 2023 Old IPB v3.x files; if you're on v4.x then they are not part of if it (the 'public' folder doesn't exist in v4) - you might want to provide a screenshot of all the directories you see under public_html/forum as there are likely others that you can remove too.
dtwood01 Posted November 27, 2023 Author Posted November 27, 2023 Good to know, here is a screenshot of other directories inside public_html/forum.
Marc Posted November 27, 2023 Posted November 27, 2023 This should make it a bit easier for you to compare. This is a download of the stock platform. Bear in mind you will also have conf_global.php and maybe constants.php in there. Always make a full backup before you start deleting anything.
dtwood01 Posted November 27, 2023 Author Posted November 27, 2023 Great, thank you! We've got backups for sure. We'll put old items into an archive directory before completely deleting to make sure everything is working properly.
Recommended Posts