Welcome, Guest. Please login or register.
Did you miss your activation email?
May 24, 2012, 07:52:15 AM

Login with username, password and session length
Search:     Advanced search
Interested in joining the WebsiteBaker team?
For more Information read here or on our new website.
155442 Posts in 21702 Topics by 7735 Members
Latest Member: lq0rrukl036lq
* Home Help Search Login Register
Pages: [1]   Go Down
Print
Author Topic: Urgent - Suspect file on my server  (Read 370 times)
potain

Offline Offline

Posts: 36
« on: October 10, 2008, 03:05:17 AM »
Hi

I am a little worried that my site has been hacked as my web logs reveal all sorts of unusual url redirections and I find that a file called newsletter.zip has been deposited in temp directory on the server.

I enclose a screen shot of its contents and a copy of the file and can I ask you to please let me know if this is a genuine website baker file - don't know how it got there as I never tried to install this module.

Thanks very much for your help and assistance.

Jean
Logged
potain

Offline Offline

Posts: 36
« Reply #1 on: October 10, 2008, 04:24:22 AM »
Hi

I also have an index.php in my temp folder:

 index.php
File Type: PHP script text

<?php

// $Id: index.php 519 2007-12-23 14:37:02Z Ruebenwurzel $

/*

 WebsiteBaker Project <http://www.websitebaker.org/>
 Copyright (C) 2004-2008, Ryan Djurovich

 WebsiteBaker is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 WebsiteBaker is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with websitebaker; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

header("Location: ../index.php");

?>

Is this OK?

Jean
Logged
ruebenwurzel
WebsiteBaker Org e.V.

Offline Offline

Posts: 7972



WWW
« Reply #2 on: October 10, 2008, 08:04:19 AM »
Hello,

1.) Your server is not hacked, you simply have tried to install the newsletter modul.
2.) The index.php in the temp directory is a core file of WB

Matthias
Logged
potain

Offline Offline

Posts: 36
« Reply #3 on: October 10, 2008, 10:39:25 AM »
Thank you very Matthias for your prompt reply and reassurance.

It's a great relief to know that those files are genuine as I was panicking a bit.

I must have tried a while ago to install the module and forgotten about it.

Sorry to have bothered you.

I'll have to look elsewhere for reason for those unauthorised URL relocation entries in my log files, great to know that WB is secure and safe.

Cheers and thanks heaps again.

Jean
Logged
Pages: [1]   Go Up
Print
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines Valid XHTML 1.0! Valid CSS!
Impressum & Datenschutz | powered by WebsiteBaker. ©2004–2010 by Website Baker Org e.V. , all rights reserved | Legal Notice & Privacy Policy