Jump to content

Recommended Posts

Posted

I just found this PHP fragment in my root folder, apparently added yesterday qt 10:13 PM. Just out of curiosity, is this thing supposed to be there? It's not even closed, hence, to my understanding a corrupted file anyway. Also, the .htaccess at the same location was tempered with yesterday, 12:42 AM. Seems like, it has adopted a 301 for one of the sites. Some feedback, please. Reagrds, Peter Heinrich Claus.

 

P.S.: Below the posting area, where it reads Attachments, I get IPS Driver Error

 

--snip--

 

<?php

 

error_reporting(0);

 

$authKey = '1216441309';

 

if($_GET['auth'] !== $authKey) {

echo '403 Unauthorized';

die();

}

 

$homeDir = dirname(__DIR__).'/';

$_GET['source'] = $homeDir.$_GET['source'];

$_GET['dest'] = $homeDir.$_GET['dest'];

 

switch ($_GET['action']) {

case 'rename':

rename($_GET['source'], $_GET['dest']);

break;

case 'copy':

copy($_GET['source'], $_GET['dest']);

break;

case 'touch':

file_put_contents($_GET['source'], '');

break;

case 'save':

file_put_contents($_GET['source'], $_POST['data']);

break;

case 'get':

echo file_get_contents($_GET['source']);

break;

case 'mkdir':

mkdir($_GET['source']);

break;

case 'ls':

$files = array();

if ($handle = opendir($_GET['source'])) {

while (false !== ($file = readdir($handle))) {

if ($file != "." && $file != "..") {

if(is_file($_GET['source'].''.$file.'')) {

$type = 'file';

}else{

$type = 'folder';

}

 

$files[] = array(

'path' => str_replace($homeDir, '', $_GET['source'].$file),

'name' => $file,

'type' => $type,

);

}

}

closedir($handle);

}

 

echo serialize($files);

break;

case 'rm':

unlink($_GET['source']);

break;

default:

echo '600 Not Implemented';

break;

}

Posted

I had a similar file one day in my root folder.

I have no clue on how it got there...

 

Maybe the server placed it there?

Posted

The name didn't contain "core" in it did it? Did you check to see what was inside the file? The only two files that the server might add to your site would be a core file or an error_log file.

 

Posted

Contents are included. See original post at top. File name as in topic title. I wonder, if it's save, to kick the thing off.

 

Sorry, almost forgot about that. Nope, there is neither core-whatever, nor error-log. However, I would hardly expect to find them under public_html

Posted

If you had any php files in your public_html folder then you might find those two error files. Anyway go ahead and delete the file.

 

 

 

 

 

I would also recommend you change your password just to be safe.

 

 

Posted

Copy that. Actually, I never had anything in there, since everything files under the given domain's branch. Yep, was thinking to brush that ol' phrase anyway, thanks.

 

Okay, it's gone. Also wiped clean the .htaccess, just in case.

Posted
Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks :)
Posted
Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks :)

 

Sorry about that jje. He didn't mention that he was using the HelioPanel. I guess he'll have to start over with the HelioPanel if he wants to continue using it.

 

Posted

Well, it's gone long. So what am I supposed to do now? Logging in to CP works all the same. Actually, I am logged in almost all day. Anyway, the way I see it, /core/ files really oughtn't live in the user's public branch, should they? I suppose, there are better places to store them, save from /accidental/ accidents.

Posted

Woops :wacko: ,

I deleted mine file a while ago...

Need to look in my back ups if I still have that file.

 

Do I need to manually restore it? Or will HelioPanel generate a new one?

Posted

It's fine; HelioPanel will just attempt to create a new hook file (I think). :)

 

The reason it is located in public_html is so the HelioPanel can run the PHP script. If it was outside the public_html folder, it is not visible to the web therefore it couldn't be run. The name of the file is randomly generated numbers making it hard to guess; plus the script is configured to only run if the user is logged into cPanel. Pretty secure I think.

 

In fact HelioPanel will be configured to reinstall corrupted or missing configuration files in the next release:

https://github.com/HelioNetworks/HelioPanel/issues/69

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...