Results 1 to 10 of 13
-
5th Jun 2012, 02:25 AM #1OPBannedWebsite's:
ProSpeedHost.com ProSpeedHost.net BlazingVPS.net ShoutCastRadios.com ShoutCastUK.co.uk CheapShoutcast.co.ukWHMCS - Suspicious File Found...
OK, so i was transferring files from my RDP via one of my sites FTP accounts... which happens to have WHMCS installed on the same account also, Then i spotted a file which i was pretty sure wasn't a normal file, and i hadn't seen it before... So i checked with a friend in the states to see if he had this file and he said no... So basically im wondering if anyone else has happened to come across this file in there whmcs root dir...
File Name: _d41f60d0
Size: 3051
With all this stuff that's been going on with WHMCS these last couple of weeks, Will be interesting to see what comes of this thread...
Note: I renamed the file " _d41f60d0.bak " and it didn't seem to affect the way whmcs ran...
Note: I currently have 3 sites running whmcs (all legit) and only one has the file above...
Look forward to your post's....UKInternetGroup Reviewed by UKInternetGroup on . WHMCS - Suspicious File Found... OK, so i was transferring files from my RDP via one of my sites FTP accounts... which happens to have WHMCS installed on the same account also, Then i spotted a file which i was pretty sure wasn't a normal file, and i hadn't seen it before... So i checked with a friend in the states to see if he had this file and he said no... So basically im wondering if anyone else has happened to come across this file in there whmcs root dir... File Name: _d41f60d0 Size: 3051 With all this stuff Rating: 5
-
5th Jun 2012, 02:39 AM #2MemberWebsite's:
bypassx.comCan you post contents of the file...? without contents is mainly impossible research deeper, because seems a random generated filename, admins can search for that file but perhaps on their boxes exists at another location with another name. If you supply file contents search can be done fast.
-
5th Jun 2012, 02:42 AM #3
-
5th Jun 2012, 02:46 AM #4MemberWebsite's:
bypassx.comCan you use pastebin or similar to post the code... seems ofuscated code.
The file not have any extension? .php, .cgi or similar.. ?
-
5th Jun 2012, 02:51 AM #5OPBannedWebsite's:
ProSpeedHost.com ProSpeedHost.net BlazingVPS.net ShoutCastRadios.com ShoutCastUK.co.uk CheapShoutcast.co.ukJust a file it seems... http://i.imgur.com/AJmwK.png
PM Sent by the way...
-
5th Jun 2012, 02:53 AM #6Member
it's just base64 encoded.
and nothing malicious in it :
Code:{"0":{"status":"1"},"146":{"ltext":"altavista","ldesc":"altavista lycos ebay google wikipedia msn about aol yahoo bing","lurl":"http:\/\/www.altavista.com\/","ltype":2},"273":{"ltext":"wikipedia","ldesc":"google wikipedia yahoo altavista lycos about ebay bing msn aol","lurl":"http:\/\/www.wikipedia.com\/","ltype":1},"400":{"ltext":"ebay","ldesc":"lycos altavista ebay bing aol google about wikipedia yahoo msn","lurl":"http:\/\/www.ebay.com\/","ltype":2},"527":{"ltext":"google","ldesc":"bing lycos ebay google altavista yahoo wikipedia about msn aol","lurl":"http:\/\/www.google.com\/","ltype":2},"654":{"ltext":"aol","ldesc":"altavista about yahoo ebay aol wikipedia msn lycos bing google","lurl":"http:\/\/www.aol.com\/","ltype":1},"781":{"ltext":"wikipedia","ldesc":"altavista lycos msn ebay bing wikipedia google aol about yahoo","lurl":"http:\/\/www.wikipedia.com\/","ltype":1},"908":{"ltext":"wikipedia","ldesc":"lycos google ebay bing altavista msn wikipedia about aol yahoo","lurl":"http:\/\/www.wikipedia.com\/","ltype":1},"1035":{"ltext":"lycos","ldesc":"altavista yahoo wikipedia ebay msn google aol lycos bing about","lurl":"http:\/\/www.lycos.com\/","ltype":2},"1162":{"ltext":"aol","ldesc":"about bing yahoo google lycos altavista msn ebay aol wikipedia","lurl":"http:\/\/www.aol.com\/","ltype":1},"1289":{"ltext":"ebay","ldesc":"lycos about yahoo google wikipedia aol bing msn altavista ebay","lurl":"http:\/\/www.ebay.com\/","ltype":2}}
http://upsimple.com best image hosting, fast & reliable, custom script, track your visitors!
-
5th Jun 2012, 02:54 AM #7OPBannedWebsite's:
ProSpeedHost.com ProSpeedHost.net BlazingVPS.net ShoutCastRadios.com ShoutCastUK.co.uk CheapShoutcast.co.ukMarc - Well i didnt think it was anything that was going to cause me any issues, just funny how its there out of 3 whmcs setups i have..
-
5th Jun 2012, 02:56 AM #8MemberWebsite's:
bypassx.comYes, it is some kind of malware, the file isn?t complete, hackers seems that couldnt success.
I bet that the code will be inserted as javascript because seems written in JSON.
-
5th Jun 2012, 02:59 AM #9Member
I don't think this has to do with WHMCS setup. If the script was any kind of malware, it's probably a hole in the server.
P.S.: Just wanted to remind you. WHMCS got hacked by social engineering and not any kind of exploit.
Super busy. I have to forward this email to 20 people in 5 minutes or else a ghost will visit me tonight and my room is a mess
-
5th Jun 2012, 02:59 AM #10BannedWebsite's:
budgetvds.com hilohost.com wdispatch.comI recommended that you install LMD which is Linux Malware Detect have it do it a full scan on your servers just cause a file might not be suspicious I wouldn't take any chance if I was you.
LMD Official Website
http://www.rfxn.com/projects/linux-malware-detect/
Install Instructions
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzvf maldetect-current.tar.gz
cd maldetect-*
sh install.sh
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
File lockers Achille Heels have been found
By filerking in forum File Hosts Official SupportReplies: 14Last Post: 5th Jul 2012, 02:07 PM -
My site shows "File not found" please help
By haluz in forum Webmaster DiscussionReplies: 2Last Post: 20th Jun 2012, 11:58 PM -
Remote server or file not found Of My site, Help Me
By Lutfar in forum phpBBReplies: 1Last Post: 14th Dec 2011, 01:18 PM -
New File Host Found
By m3th3lesh in forum File Host DiscussionReplies: 11Last Post: 27th Oct 2010, 08:37 AM -
The config.php file could not be found
By tzar in forum Server ManagementReplies: 13Last Post: 29th Sep 2010, 03:52 AM
themaCreator - create posts from...
Version 3.17 released. Open older version (or...