claus Posted September 6, 2011 Share Posted September 6, 2011 I just found this PHP fragment in my root folder, apparently added yesterday qt 10:13 PM. Just out of curiosity, is this thing supposed to be there? It's not even closed, hence, to my understanding a corrupted file anyway. Also, the .htaccess at the same location was tempered with yesterday, 12:42 AM. Seems like, it has adopted a 301 for one of the sites. Some feedback, please. Reagrds, Peter Heinrich Claus. P.S.: Below the posting area, where it reads Attachments, I get IPS Driver Error --snip-- <?php error_reporting(0); $authKey = '1216441309'; if($_GET['auth'] !== $authKey) { echo '403 Unauthorized'; die(); } $homeDir = dirname(__DIR__).'/'; $_GET['source'] = $homeDir.$_GET['source']; $_GET['dest'] = $homeDir.$_GET['dest']; switch ($_GET['action']) { case 'rename': rename($_GET['source'], $_GET['dest']); break; case 'copy': copy($_GET['source'], $_GET['dest']); break; case 'touch': file_put_contents($_GET['source'], ''); break; case 'save': file_put_contents($_GET['source'], $_POST['data']); break; case 'get': echo file_get_contents($_GET['source']); break; case 'mkdir': mkdir($_GET['source']); break; case 'ls': $files = array(); if ($handle = opendir($_GET['source'])) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { if(is_file($_GET['source'].''.$file.'')) { $type = 'file'; }else{ $type = 'folder'; } $files[] = array( 'path' => str_replace($homeDir, '', $_GET['source'].$file), 'name' => $file, 'type' => $type, ); } } closedir($handle); } echo serialize($files); break; case 'rm': unlink($_GET['source']); break; default: echo '600 Not Implemented'; break; } Quote Link to comment Share on other sites More sharing options...
Tjoene Posted September 6, 2011 Share Posted September 6, 2011 I had a similar file one day in my root folder. I have no clue on how it got there... Maybe the server placed it there? Quote Link to comment Share on other sites More sharing options...
Byron Posted September 6, 2011 Share Posted September 6, 2011 The name didn't contain "core" in it did it? Did you check to see what was inside the file? The only two files that the server might add to your site would be a core file or an error_log file. Quote Link to comment Share on other sites More sharing options...
claus Posted September 6, 2011 Author Share Posted September 6, 2011 Contents are included. See original post at top. File name as in topic title. I wonder, if it's save, to kick the thing off. Sorry, almost forgot about that. Nope, there is neither core-whatever, nor error-log. However, I would hardly expect to find them under public_html Quote Link to comment Share on other sites More sharing options...
Byron Posted September 6, 2011 Share Posted September 6, 2011 If you had any php files in your public_html folder then you might find those two error files. Anyway go ahead and delete the file. I would also recommend you change your password just to be safe. Quote Link to comment Share on other sites More sharing options...
claus Posted September 6, 2011 Author Share Posted September 6, 2011 Copy that. Actually, I never had anything in there, since everything files under the given domain's branch. Yep, was thinking to brush that ol' phrase anyway, thanks. Okay, it's gone. Also wiped clean the .htaccess, just in case. Quote Link to comment Share on other sites More sharing options...
jje Posted September 6, 2011 Share Posted September 6, 2011 Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks Quote Link to comment Share on other sites More sharing options...
Byron Posted September 6, 2011 Share Posted September 6, 2011 Hold on; don't delete those files! They are the core files for HelioPanel that allow the central panel to communicate with your account! Please leave them intact; thanks Sorry about that jje. He didn't mention that he was using the HelioPanel. I guess he'll have to start over with the HelioPanel if he wants to continue using it. Quote Link to comment Share on other sites More sharing options...
jje Posted September 6, 2011 Share Posted September 6, 2011 It's alright; I think he can just reinstall it. Quote Link to comment Share on other sites More sharing options...
claus Posted September 7, 2011 Author Share Posted September 7, 2011 Well, it's gone long. So what am I supposed to do now? Logging in to CP works all the same. Actually, I am logged in almost all day. Anyway, the way I see it, /core/ files really oughtn't live in the user's public branch, should they? I suppose, there are better places to store them, save from /accidental/ accidents. Quote Link to comment Share on other sites More sharing options...
Tjoene Posted September 7, 2011 Share Posted September 7, 2011 Woops , I deleted mine file a while ago... Need to look in my back ups if I still have that file. Do I need to manually restore it? Or will HelioPanel generate a new one? Quote Link to comment Share on other sites More sharing options...
jje Posted September 7, 2011 Share Posted September 7, 2011 It's fine; HelioPanel will just attempt to create a new hook file (I think). The reason it is located in public_html is so the HelioPanel can run the PHP script. If it was outside the public_html folder, it is not visible to the web therefore it couldn't be run. The name of the file is randomly generated numbers making it hard to guess; plus the script is configured to only run if the user is logged into cPanel. Pretty secure I think. In fact HelioPanel will be configured to reinstall corrupted or missing configuration files in the next release: https://github.com/HelioNetworks/HelioPanel/issues/69 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.