Hi
I downloaded a backup my site and
my security said
I have
Backdoor
HP/WebShell.A
I.E. a file called doc.php
Has anyone else got this?
the mybb files don't content any file with the name doc.php
(2011-12-01, 08:28 PM)mohdows Wrote: [ -> ]the mybb files don't content any file with the name doc.php
Hi
Many thanks for your help!
That's what I thought
I just wanted other to know.
It's most likely a c99/GNY shell that someone uploaded to your forums. delete it, and look through your access logs for any suspicious activity.
(2011-12-01, 08:44 PM)Booher Wrote: [ -> ]It's most likely a c99/GNY shell that someone uploaded to your forums. delete it, and look through your access logs for any suspicious activity.
Hi Booher
I deleted file doc.php
is that the one you are saying?
yes that's it
(2011-12-01, 08:49 PM)mohdows Wrote: [ -> ]yes that's it
Hi mohdows
Many thanks!
You could also check by going to that shell/suspicious php file URL and see actually what it was. I was shelled few days back as well and that is how I check, it'd be mostly a c99 or web based file manager script.
Hi crazy4cs
OK will do
Thanks for your help everyone!
And change your password for some complex one, and don't give password to friends. And think about on which host you are