Welcome to Geeklog, Anonymous Wednesday, September 28 2022 @ 12:32 pm EDT

Geeklog Forums

unknown files in backups directory


Status: offline

cwsolie

Forum User
Newbie
Registered: 09/09/08
Posts: 2
Hi,

I'm seeing some strange files in my geeklog install (1.6.1sr1) and am wondering if there is any utility to report any files that are not a part of geeklog in the geeklog directory structure?

I found two files in my 'backups' directory, one called include.php and report.php and a .htaccess file that basically says if you find a 404 error go to report.php
if i browse to report.php i get a server error, but if i browse to just the 'backups' directory i get a listing of my geeklog_db_backup* sql files that are in that directory. If i do 'less report.php' in a shell there isn't anything in the file, but it takes up space (and i don't have permission to delete them).


Text Formatted Code
-rw-r--r--  1 nobody   nobody     8672 Sep 23  2009 include.php
-rw-r--r--  1 nobody   nobody     9583 Sep 23  2009 report.php
-rw-r--r--  1 theoocom theoocom    481 Jun 21  2009 README
-rw-r--r--  1 nobody   nobody   396253 Jan  9  2008 geeklog_db_backup_2008_01_09_11_23_28.sql
d---------  2 root     root       4096 Jan 11  2007 damoon
-rw-r--r--  1 nobody   nobody   380845 Aug 27  2006 geeklog_db_backup_2006_08_27_22_19_21.sql
-rw-r--r--  1 theoocom theoocom 343284 Jun 17  2006 geeklog_db_backup_2006_06_17_11_55_26.sql
-rw-r--r--  1 nobody   nobody    96387 Jan 31  2005 geeklog_db_backup_2005_01_31.sql



Thanks for any help!
 Quote

Status: offline

::Ben

Forum User
Full Member
Registered: 01/14/05
Posts: 1569
Location:la rochelle, France
Hi,

Seems to be a hacker job

Could you look in your data, logs, and public_html/images directories if there is also strange php files?
What are the permissions for these directories?

::Ben
I'm available to customise your themes or plugins for your Geeklog CMS
 Quote

dcchuck

Anonymous
I see suspicious files in the data directory:

-rw-r--r-- 1 theoocom theoocom 122 Jun 21 2009 README
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 common.php
-rw-r--r-- 1 nobody nobody 9583 Sep 23 2009 contacts.php


and logs directory:

-rwxrwxrwx 1 theoocom theoocom 3000 Jun 30 18:43 access.log
-rwxrwxrwx 1 theoocom theoocom 263643 Jul 1 05:25 error.log
-rw-r--r-- 1 nobody nobody 8672 Sep 23 2009 links.php
-rwxrwxrwx 1 theoocom theoocom 20 Jun 9 2005 spamx.log


permissions are wide open, and i dont think i would have ever set 777 on a directory

drwxrwxrwx 2 theoocom theoocom 4096 Jul 1 05:47 data
drwxrwxrwx 2 theoocom theoocom 4096 Jul 1 05:47 logs
drwxr-xr-x 9 theoocom theoocom 4096 Jun 24 11:53 images



It would be handy to have a feature of Geeklog that looked for suspicious files like these, as i dont know what files should be where.

Thanks!
 Quote

All times are EDT. The time is now 12:32 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content