PhotoPost Community - View Single Post

pistebasher · April 23rd, 2011, 05:59 PM

Yesterday my host performed an emergency shutdown of my site because a large number of malicious php files had appeared in my Data directories. Here is a list of the files :-

data/588/date.php
data/588/thumbs/configs.php
data/588/mini/include.php
data/588/medium/guest.php
data/552/system.php
data/552/thumbs/include.php
data/552/mini/date.php
data/552/medium/configs.php
data/546/properties.php
data/546/thumbs/report.php
data/546/mini/time.php
data/546/medium/includes.php
data/595/finfo.php
data/595/thumbs/options.php
data/595/mini/common.php
data/595/medium/properties.php
data/554/finfo.php
data/554/thumbs/options.php
data/554/mini/common.php
data/554/medium/properties.php
data/560/time.php
data/560/thumbs/includes.php
data/560/mini/report.php
data/560/medium/messages.php
data/include.php
data/566/layout.php
data/566/thumbs/date.php
data/566/mini/system.php
data/566/medium/include.php
data/572/commands.php
data/572/thumbs/system.php
data/572/mini/layout.php
data/572/medium/date.php
data/541/guest.php
data/541/thumbs/remote.php
data/541/mini/base.php
data/541/medium/links.php
data/592/tests.php
data/592/thumbs/commands.php
data/592/mini/contacts.php
data/592/medium/layout.php
data/565/options.php
data/565/thumbs/time.php
data/565/mini/properties.php
data/565/medium/report.php
data/574/report.php
data/574/thumbs/messages.php
data/574/mini/includes.php
data/574/medium/create.php
data/575/contacts.php
data/575/thumbs/layout.php
data/575/mini/commands.php
data/575/medium/system.php
data/576/tests.php

I have deleted the suspect files and my site is now up but how to stop this happening again? Site is running standalone 7.1, all latest files.

April 23rd, 2011, 05:59 PM	#1 (permalink)
pistebasher Member Verified Customer Join Date: Oct 2005 Posts: 264	Photopost site hacked Yesterday my host performed an emergency shutdown of my site because a large number of malicious php files had appeared in my Data directories. Here is a list of the files :- data/588/date.php data/588/thumbs/configs.php data/588/mini/include.php data/588/medium/guest.php data/552/system.php data/552/thumbs/include.php data/552/mini/date.php data/552/medium/configs.php data/546/properties.php data/546/thumbs/report.php data/546/mini/time.php data/546/medium/includes.php data/595/finfo.php data/595/thumbs/options.php data/595/mini/common.php data/595/medium/properties.php data/554/finfo.php data/554/thumbs/options.php data/554/mini/common.php data/554/medium/properties.php data/560/time.php data/560/thumbs/includes.php data/560/mini/report.php data/560/medium/messages.php data/include.php data/566/layout.php data/566/thumbs/date.php data/566/mini/system.php data/566/medium/include.php data/572/commands.php data/572/thumbs/system.php data/572/mini/layout.php data/572/medium/date.php data/541/guest.php data/541/thumbs/remote.php data/541/mini/base.php data/541/medium/links.php data/592/tests.php data/592/thumbs/commands.php data/592/mini/contacts.php data/592/medium/layout.php data/565/options.php data/565/thumbs/time.php data/565/mini/properties.php data/565/medium/report.php data/574/report.php data/574/thumbs/messages.php data/574/mini/includes.php data/574/medium/create.php data/575/contacts.php data/575/thumbs/layout.php data/575/mini/commands.php data/575/medium/system.php data/576/tests.php I have deleted the suspect files and my site is now up but how to stop this happening again? Site is running standalone 7.1, all latest files.