claus Posted September 6, 2011 Posted September 6, 2011 I just found this PHP fragment in my root folder, apparently added yesterday qt 10:13 PM. Just out of curiosity, is this thing supposed to be there? It's not even closed, hence, to my understanding a corrupted file anyway. Also, the .htaccess at the same location was tempered with yesterday, 12:42 AM. Seems like, it has adopted a 301 for one of the sites. Some feedback, please. Reagrds, Peter Heinrich Claus. P.S.: Below the posting area, where it reads Attachments, I get IPS Driver Error --snip-- <?php error_reporting(0); $authKey = '1216441309'; if($_GET['auth'] !== $authKey) { echo '403 Unauthorized'; die(); } $homeDir = dirname(__DIR__).'/'; $_GET['source'] = $homeDir.$_GET['source']; $_GET['dest'] = $homeDir.$_GET['dest']; switch ($_GET['action']) { case 'rename': rename($_GET['source'], $_GET['dest']); break; case 'copy': copy($_GET['source'], $_GET['dest']); break; case 'touch': file_put_contents($_GET['source'], ''); break; case 'save': file_put_contents($_GET['source'], $_POST['data']); break; case 'get': echo file_get_contents($_GET['source']); break; case 'mkdir': mkdir($_GET['source']); break; case 'ls': $files = array(); if ($handle = opendir($_GET['source'])) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { if(is_file($_GET['source'].''.$file.'')) { $type = 'file'; }else{ $type = 'folder'; } $files[] = array( 'path' => str_replace($homeDir, '', $_GET['source'].$file), 'name' => $file, 'type' => $type, ); } } closedir($handle); } echo serialize($files); break; case 'rm': unlink($_GET['source']); break; default: echo '600 Not Implemented'; break; }
Tjoene Posted September 6, 2011 Posted September 6, 2011 I had a similar file one day in my root folder. I have no clue on how it got there... Maybe the server placed it there?
Byron Posted September 6, 2011 Posted September 6, 2011 The name didn't contain "core" in it did it? Did you check to see what was inside the file? The only two files that the server might add to your site would be a core file or an error_log file.
claus Posted September 6, 2011 Author Posted September 6, 2011 Contents are included. See original post at top. File name as in topic title. I wonder, if it's save, to kick the thing off. Sorry, almost forgot about that. Nope, there is neither core-whatever, nor error-log. However, I would hardly expect to find them under public_html
Byron Posted September 6, 2011 Posted September 6, 2011 If you had any php files in your public_html folder then you might find those two error files. Anyway go ahead and delete the file. I would also recommend you change your password just to be safe.
claus Posted September 6, 2011 Author Posted September 6, 2011 Copy that. Actually, I never had anything in there, since everything files under the given domain's branch. Yep, was thinking to brush that ol' phrase anyway, thanks. Okay, it's gone. Also wiped clean the .htaccess, just in case.
jje Posted September 6, 2011 Posted September 6, 2011 Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks
Byron Posted September 6, 2011 Posted September 6, 2011 Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks Sorry about that jje. He didn't mention that he was using the HelioPanel. I guess he'll have to start over with the HelioPanel if he wants to continue using it.
jje Posted September 6, 2011 Posted September 6, 2011 It's alright; I think he can just reinstall it.
claus Posted September 7, 2011 Author Posted September 7, 2011 Well, it's gone long. So what am I supposed to do now? Logging in to CP works all the same. Actually, I am logged in almost all day. Anyway, the way I see it, /core/ files really oughtn't live in the user's public branch, should they? I suppose, there are better places to store them, save from /accidental/ accidents.
Tjoene Posted September 7, 2011 Posted September 7, 2011 Woops , I deleted mine file a while ago... Need to look in my back ups if I still have that file. Do I need to manually restore it? Or will HelioPanel generate a new one?
jje Posted September 7, 2011 Posted September 7, 2011 It's fine; HelioPanel will just attempt to create a new hook file (I think). The reason it is located in public_html is so the HelioPanel can run the PHP script. If it was outside the public_html folder, it is not visible to the web therefore it couldn't be run. The name of the file is randomly generated numbers making it hard to guess; plus the script is configured to only run if the user is logged into cPanel. Pretty secure I think. In fact HelioPanel will be configured to reinstall corrupted or missing configuration files in the next release: https://github.com/HelioNetworks/HelioPanel/issues/69
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now