Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 12:27 am EST
Geeklog Forums
unknown files in backups directory
Status: offline
cwsolie
Forum User
Newbie
Registered: 09/09/08
Posts: 2
Hi,
I'm seeing some strange files in my geeklog install (1.6.1sr1) and am wondering if there is any utility to report any files that are not a part of geeklog in the geeklog directory structure?
I found two files in my 'backups' directory, one called include.php and report.php and a .htaccess file that basically says if you find a 404 error go to report.php
if i browse to report.php i get a server error, but if i browse to just the 'backups' directory i get a listing of my geeklog_db_backup* sql files that are in that directory. If i do 'less report.php' in a shell there isn't anything in the file, but it takes up space (and i don't have permission to delete them).
-rw-r--r-- 1 nobody nobody 9583 Sep 23 2009 report.php
-rw-r--r-- 1 theoocom theoocom 481 Jun 21 2009 README
-rw-r--r-- 1 nobody nobody 396253 Jan 9 2008 geeklog_db_backup_2008_01_09_11_23_28.sql
d--------- 2 root root 4096 Jan 11 2007 damoon
-rw-r--r-- 1 nobody nobody 380845 Aug 27 2006 geeklog_db_backup_2006_08_27_22_19_21.sql
-rw-r--r-- 1 theoocom theoocom 343284 Jun 17 2006 geeklog_db_backup_2006_06_17_11_55_26.sql
-rw-r--r-- 1 nobody nobody 96387 Jan 31 2005 geeklog_db_backup_2005_01_31.sql
Thanks for any help!
I'm seeing some strange files in my geeklog install (1.6.1sr1) and am wondering if there is any utility to report any files that are not a part of geeklog in the geeklog directory structure?
I found two files in my 'backups' directory, one called include.php and report.php and a .htaccess file that basically says if you find a 404 error go to report.php
if i browse to report.php i get a server error, but if i browse to just the 'backups' directory i get a listing of my geeklog_db_backup* sql files that are in that directory. If i do 'less report.php' in a shell there isn't anything in the file, but it takes up space (and i don't have permission to delete them).
Text Formatted Code
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 include.php-rw-r--r-- 1 nobody nobody 9583 Sep 23 2009 report.php
-rw-r--r-- 1 theoocom theoocom 481 Jun 21 2009 README
-rw-r--r-- 1 nobody nobody 396253 Jan 9 2008 geeklog_db_backup_2008_01_09_11_23_28.sql
d--------- 2 root root 4096 Jan 11 2007 damoon
-rw-r--r-- 1 nobody nobody 380845 Aug 27 2006 geeklog_db_backup_2006_08_27_22_19_21.sql
-rw-r--r-- 1 theoocom theoocom 343284 Jun 17 2006 geeklog_db_backup_2006_06_17_11_55_26.sql
-rw-r--r-- 1 nobody nobody 96387 Jan 31 2005 geeklog_db_backup_2005_01_31.sql
Thanks for any help!
11
5
Quote
Status: offline
::Ben
Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Hi,
Seems to be a hacker job
Could you look in your data, logs, and public_html/images directories if there is also strange php files?
What are the permissions for these directories?
::Ben
I'm available to customise your themes or plugins for your Geeklog CMS
Seems to be a hacker job
Could you look in your data, logs, and public_html/images directories if there is also strange php files?
What are the permissions for these directories?
::Ben
I'm available to customise your themes or plugins for your Geeklog CMS
8
9
Quote
dcchuck
Anonymous
I see suspicious files in the data directory:
and logs directory:
permissions are wide open, and i dont think i would have ever set 777 on a directory
It would be handy to have a feature of Geeklog that looked for suspicious files like these, as i dont know what files should be where.
Thanks!
-rw-r--r-- 1 theoocom theoocom 122 Jun 21 2009 README
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 common.php
-rw-r--r-- 1 nobody nobody 9583 Sep 23 2009 contacts.php
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 common.php
-rw-r--r-- 1 nobody nobody 9583 Sep 23 2009 contacts.php
and logs directory:
-rwxrwxrwx 1 theoocom theoocom 3000 Jun 30 18:43 access.log
-rwxrwxrwx 1 theoocom theoocom 263643 Jul 1 05:25 error.log
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 links.php
-rwxrwxrwx 1 theoocom theoocom 20 Jun 9 2005 spamx.log
-rwxrwxrwx 1 theoocom theoocom 263643 Jul 1 05:25 error.log
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 links.php
-rwxrwxrwx 1 theoocom theoocom 20 Jun 9 2005 spamx.log
permissions are wide open, and i dont think i would have ever set 777 on a directory
drwxrwxrwx 2 theoocom theoocom 4096 Jul 1 05:47 data
drwxrwxrwx 2 theoocom theoocom 4096 Jul 1 05:47 logs
drwxr-xr-x 9 theoocom theoocom 4096 Jun 24 11:53 images
drwxrwxrwx 2 theoocom theoocom 4096 Jul 1 05:47 logs
drwxr-xr-x 9 theoocom theoocom 4096 Jun 24 11:53 images
It would be handy to have a feature of Geeklog that looked for suspicious files like these, as i dont know what files should be where.
Thanks!
9
9
Quote
All times are EST. The time is now 12:27 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content