dtwood01 Posted November 27, 2023 Share Posted November 27, 2023 Hey all, very recently we received a notification from our WHM that there were two file paths to ipb_converge.php files that were flagged as malware utilizing SQL injection. Taking a look at both of these files, they are both identical, and all lines of code seem to be very well documented. They also have not been touched or modified since 2012, so we're wondering if they're in the right place or even necessary. It also seems odd that one of them resides within a css folder structure. Happy to provide any additional information, just seems odd that they're being flagged just now. Paths to files, just to know if they are actually in the proper place: public_html/forum/public/min/ipb_converge.php public_html/forum/public/style_css/ipb_converge.php Link to comment Share on other sites More sharing options...
Solution Nathan Explosion Posted November 27, 2023 Solution Share Posted November 27, 2023 Old IPB v3.x files; if you're on v4.x then they are not part of if it (the 'public' folder doesn't exist in v4) - you might want to provide a screenshot of all the directories you see under public_html/forum as there are likely others that you can remove too. Link to comment Share on other sites More sharing options...
dtwood01 Posted November 27, 2023 Author Share Posted November 27, 2023 Good to know, here is a screenshot of other directories inside public_html/forum. Link to comment Share on other sites More sharing options...
Marc Posted November 27, 2023 Share Posted November 27, 2023 This should make it a bit easier for you to compare. This is a download of the stock platform. Bear in mind you will also have conf_global.php and maybe constants.php in there. Always make a full backup before you start deleting anything. Link to comment Share on other sites More sharing options...
dtwood01 Posted November 27, 2023 Author Share Posted November 27, 2023 Great, thank you! We've got backups for sure. We'll put old items into an archive directory before completely deleting to make sure everything is working properly. Link to comment Share on other sites More sharing options...
Recommended Posts