Mort-lemur Posted December 7, 2009 Posted December 7, 2009 I just found a file in my images directory called Nipper Rat.php first few lines are as follows ÿØÿà JFIF ÿþ <CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100 ÿÛ C ÿÛ CÿÀ ‚ Z" ÿÄ ÿÄ µ } !1AQa"q2‘¡#B±ÁRÑð$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ ÿÄ µ w !1AQaq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ ? þý'Œw¿áÆWóôüÅ9n:Œç<qøuã¦h$`ôä/ù<zñ˦3JHÉàp¾Þ¼uþ¹íǨ`ñÇð㯶9Èã¯Oð4œ ¿\à“Ôg¯ËÇ?ç¸p#ŽÝÏ q× súŽGåÏí¹®XéiÛ¹µ»2þ×á¿Ä«}6%Ôâ·ó/,~èúŒ1ZÙ![ée•u×”Ý[&ÈÛÆ÷ Пżsñc3ð{…ò®&˸Bcg`r\ÇSˆ¨ðÔ2¼¿ƒÌ13wŒ¯•æ´ñR£_‡ÂCéá•Yãiã0ô¨ToéxS‡Ÿg8l¢8©`åˆF´p²Æ8ºØ¬>îŒjÑ“ŒwQµ=T9R¼“_ÿ Áx¿à¥e¨<û8|ñ>¡à_øïŸðŸxïÇz8ŽßÄ7õOÄðæ…áMjT”xXñ&«áÉ{®Øǽ¥Ûét%Õîµì˧ÁïÛÿ öàøOã â„?h_v>+šìêZÆãˆ3ø…¦Ý]:ZOkaã¿x·Ä#Ð<]§k²HÖs^ßØYëKs4š~¡¤jÐG-yn§àŸŠŸõ]WÅ~]CÅAaaá½ö±b’hóÛé¾5ñŽƒªÈþ Õì"—Jµ°ðç‹/uˆ"¸‰e‹K±¶ó>Ówmö¡ý›iëmBÛÂká _Õu»Ea¥xgÅ> ½‚ÓSøysãKjãVñ«¦™¢I¦^ü6ñŒ—×ÍÌñê:ú~…i-ÕÕŒ—Ùâ8“:ÍêG1À,VŸ´¥*TiÖÄÊ8eÈ©J‹t¨Ã QûuR¬¥ˆŒ]Uìàçì_²èFQá‡QŸñö6ix|Â8¼Ã”dЩ?oý£‡ÆÂXÜËa¡,¢xL*MjŸRLv"–Y”)æ¿Ñöý§,loÙSà×íi¥E ^|CðåÑñ'‡íç–kMÆþ×5_xïF±žqçÜiºwŒ|;ÛiW!n.tÈìî.#I%uWdd}?½îz:ò}=ùâ¿ÎágÃOÛçŸ</Â(¾*éþ¿´ÓüA¥ØxSâŒÞÐ. ñ¬¶úÛjº¥·ˆlàŸûKSñWV‰pnî/SRxuMJ8yÚãwüçáÁ¯‹&×|yûKøNð—„nQñ%ÇÏÈ|6úô×ÞÐõ?²<^Ú•‹ÜëP…Äp«4ík<2˜.mneú¬ÖÅTÃÒžAŽ‡¶©J·u)79(:°JP—³ÕÍ.gٳñn"ú+å66ÇÒñ{†jÔËð¼Çû9~'‹‡±ÃÔÄÃ.©‰Âcq^/š1ÂJ¤¡M:Ò‹•89ÆúF}zžAîqè½8àôãéAОGB}û9Æ=šþzÿ àÚo|vñÿ ìãýöˆø¹ñãGŽíÿ jï‹~µñ_ÄŸx£â«k øSÃ_ ¼>š.™¬x·PÔµ}Ó\±×¯-ôø¥ŽÚ+Ëûû&;››’ßЮWž;u<ÿ †3ý+ôI.VÕïn»~ñ½*žÖœ*ròó+ò·{júÙ_¾ÀAÏCÓ®O®zíÎ{÷öíFÓêï£ÿ ÄÒå}ˆÇéáŸË ˜t~T#ƒÉȾyÏ\nÿ '¦h ŒòzqÉÇnû‡¿çߥ4“Ž½†OÍÓŸnùÿ 9§ÉÁÇËèÞ£'§™ ÇN½9Éôú7øŽ+øLÿ ‚÷þÞ1øcûdüný Öµ}'ÂÐi ¼k[}BëE´»ÿ „¿áWïuB[í;S:ž«opé· áý&á´ä"›Æz]Ãx~Çû±Éã‘žÇÓƒÓ ÿ \Wù˜ÿ ÁÀüñÇþ -ûJ|B²ðΙikðSÁ> ø'>®æÖèjÞ.øm¤ø‡Â°ø‡P·kx¡—P·ñ¶·a£i’ÏöÉ¢‡JÒaó¶AQü§ð¶QÅy~ œeØ,ÆŽ[ša³|Ì0Ôñ˜|&cƒ¥‰XLlpµÔ¨UÅaýIàçZe†ÄªXÊ1†+‡Oí¼=âj\/Å8,m|-|uñú\ T°O¥‰ÂÕ£ Øš|µ£…Ž2–xªT+aç‹¡á*UxZøŠU>ðÏÆë…‚ú/x“TÓíµ8>É«[éú…å”Z…›E®£½ÅºÝZœ±ÜÆñIK’{»?Úâ&€$:Ä¿x}g’yïš×ÄZý¨¸.£+I!±Ö4ü¹›UÕ%’Y¼íÃRÔ†ïn]½{öIÿ ‚Dø—ã/ì?ðƒöá¿ý¢fÒ4¿Šßþ|á•Ãxnõ;m?Æÿ ´W‡¾Ýk¶¾3ŸÅÑÛ5ΞÚÅïˆa±—ÂSBæÃû=çEžKÈþpÿ ‚»þÈןðOÚbËà7‡~%k´}Cá߆¼sgâmkBÓ´Ö—[¾×ì§ÓšÏL¿¿‚E°“J¶tºf·’i.0-‘Yÿ þÁ“ÌV ˆiEÔQ“ŒÒ‡+jv¼!uΦ”¹yef÷jÿ What is this ?? Im worried......... Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.
Ben Nevis Posted December 7, 2009 Posted December 7, 2009 I'd be worried too. Finding unexpected php files in an images directory is a classic sign of hacker attack, and it surely didn't get there by itself. I'd suggest delete it and check for other signs of infestation - use Site Monitor. If any are found, then you may have to delete everything and restore from a back up and make sure you apply all the recommended security measures to the restored site. www.jyoshna.com. Currently using OsC with STS, Super Download Store, Categories Descriptons, Manufacturers Description, Individual Item Status, Infopages unlimited, Product Sort, Osplayer with flashmp3player, Product Tabs 2.1 with WebFx Tabpane and other bits and pieces including some I made myself. Many thanks to all whose contributions I have used!
burt Posted December 7, 2009 Posted December 7, 2009 This is more likely a malformed image created using the GD library. Do you have a product called "Nipper Rat"
Ben Nevis Posted December 8, 2009 Posted December 8, 2009 This is more likely a malformed image created using the GD library. Do you have a product called "Nipper Rat" lol, true it isn't a php file and doesn't look anything like hacker code..! www.jyoshna.com. Currently using OsC with STS, Super Download Store, Categories Descriptons, Manufacturers Description, Individual Item Status, Infopages unlimited, Product Sort, Osplayer with flashmp3player, Product Tabs 2.1 with WebFx Tabpane and other bits and pieces including some I made myself. Many thanks to all whose contributions I have used!
Mort-lemur Posted December 8, 2009 Author Posted December 8, 2009 This is more likely a malformed image created using the GD library. Do you have a product called "Nipper Rat" Hi, Thanks for the replies, I did have an image called little-nipper-rat-trap.jpg so Im beginning to feel a little more relaxed. I already have site monitor installed and all the other great security measures suggested and have looked at my page source code and can't see anything "odd". But how could an image file be renamed as a PHP file? I can't see how I could have done this by accident. Thanks Now running on a fully modded, Mobile Friendly 2.3.4 Store with the Excellent MTS installed - See my profile for the mods installed ..... So much thanks for all the help given along the way by forum members.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.