shadow007 Posted April 22, 2011 Share Posted April 22, 2011 Hi All, Everday, Three malicious files will be created in my /images folder on my site. they are: # (decoded file) ClamAV detected virus = [php.Shell-22]: '/home/condoms/public_html/images/application_bottom_top.php.jpg' # Suspicious image file (hidden script file): '/home/condoms/public_html/images/file_manager.php.jpg' # Suspicious image file (hidden script file): '/home/condoms/public_html/images/usr.php.jpg' # Known exploit = [Fingerprint Match]: '/home/condoms/public_html/images/usr.php.jpg' I have changed all ftp and cpanel passwords, and installed all recommended security addons here. But the three files still be created automatically everyday. So I have to create a .htaccess file with contents below in /images folder to deny their codes: <FilesMatch “.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$”> Order Deny,Allow Deny from all </FilesMatch> I can't find the related hole and malicious scripts which creates the three files. any suggestion will be appreciated. --- Stephen Everyone is changing the world. Everyone is a world. For everyone needs my help, PM or email if I amn't online. Link to comment Share on other sites More sharing options...
Taipo Posted April 22, 2011 Share Posted April 22, 2011 See my response in the security forum http://www.oscommerce.com/forums/topic/374318-help-images-folder-hacked-everyday/page__view__getlastpost - Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)- Another discussion about infected files ::here::- A discussion on file permissions ::here::- Site hacked? Should you upgrade or not, some thoughts ::here::- Fix the admin login bypass exploit here- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.