ipb_converge.php throwing flag on malware scan

[dtwood01]

Hey all, very recently we received a notification from our WHM that there were two file paths to  ipb_converge.php files that were flagged as malware utilizing SQL injection. Taking a look at both of these files, they are both identical, and all lines of code seem to be very well documented. They also have not been touched or modified since 2012, so we're wondering if they're in the right place or even necessary. It also seems odd that one of them resides within a css folder structure.

Happy to provide any additional information, just seems odd that they're being flagged just now.

Paths to files, just to know if they are actually in the proper place:
public_html/forum/public/min/ipb_converge.php
public_html/forum/public/style_css/ipb_converge.php

[Nathan Explosion]

Old IPB v3.x files; if you're on v4.x then they are not part of if it (the 'public' folder doesn't exist in v4) - you might want to provide a screenshot of all the directories you see under public_html/forum as there are likely others that you can remove too.

[dtwood01]

Good to know, here is a screenshot of other directories inside public_html/forum.

[Marc]

This should make it a bit easier for you to compare. This is a download of the stock platform. Bear in mind you will also have conf_global.php and maybe constants.php in there. Always make a full backup before you start deleting anything.

 

 

 

 

[dtwood01]

Great, thank you! We've got backups for sure. We'll put old items into an archive directory before completely deleting to make sure everything is working properly.