forum.coppermine-gallery.net
Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: Delia_35 on November 26, 2015, 03:01:24 am
-
I just moved my website to a new host and during the move they said they found a malicious file (/include/inc.php) in coppermine and quarantined it. Has anyone else had this problem? Any idea how I can fix it?
-
I can't figure out how to edit posts, but I forgot to say that I'm currently running the newest release (just upgraded a few days ago).
-
Can we have a link to your install. Does it all work OK? Are you sure that is the complete filename as that is not a normal filename from the package.
-
Here's my install:
http://www.scarlettsweb.net/photogallery
Seems to be working ok. That was the file name in the email I got. Here's the full thing:
'ClamAV detected virus = [{HEX}php.cmdshell.Macker.297.UNOFFICIAL]': /home/heatrvyf/public_html/scarlettsweb.net/backup-11.24.2015_02-21-04_scarlett/homedir/public_html/photogallery/include/inc.php
-
photogallery/include/inc.php
That's no Coppermine file, so it's fine that they removed it.
-
Ok, thank you! Very strange my old host didn't detect it. But I guess I should be grateful that my new one did.
-
Delia,
Please check your site for other occurrences of that file and remove...
The message seems to indicate they found it in a 'backup' directory:
'ClamAV detected virus = [{HEX}php.cmdshell.Macker.297.UNOFFICIAL]': /home/heatrvyf/public_html/scarlettsweb.net/backup-11.24.2015_02-21-04_scarlett/homedir/public_html/photogallery/include/inc.php
You want to be sure it doesn't also exist in the 'live' directories..
You indicated a recent upgrade to CPG - be sure any other software you use is updated as well - to insure you have no known security exposures.