Support community for TTG plugins and products.
NOTICE
The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.
This forum is now closed, and exists here as a read-only archive.
You are not logged in.
Pages: 1
I received an email from GoDaddy indicating that my Backlight configuration possibly contains malware. The substantive portion of the email states:
We recently completed a routine security checkup of our servers and platforms. Our scans flagged your norcrosspics.com hosting accounts as containing possible malware.
Please sign in to your hosting account and review the following content and remove or fix the files listed below:
html/backlight/custom/phplugins/_noversion.php
html/backlight/framework/delegates/Delegate_new.php
html/backlight/modules/8332d7df_bck_old.php
html/form-to-email.php
html/galleries/archives/basketball/20161113-norcross-basketball-individual-pictures/thumbnails/20161113-Norcross-Basketball-Individual-Pictures-43_backup.php
html/galleries/archives/basketball/20161119-basketball-blessed-trinity-v-east-jackson/photos/20161119-Blessed-Trinity-Titans-v-East-Jackson_bck_old.php
html/iqisibms.php
html/OLD-cart/application/views/_noversion.php
html/OLD-cart_data/_noversion.php
html/OLD-Saved Orders/5dce3d80_new.php
html/resources/autoindex/autoindex.php
html/resources/highslide/highslide.mobile_infoold.php
html/resources/images/favicon_ver1.php
I called them and they specifically listed html/iqisibms.php as malware and stated that the reason the other files are listed is because they have been injected with malware.. Before I go online and start messing with the configuration I want to confirm that html/iqisibms.php is not a file that should be part of the Backlight configuration.
Any thoughts or help would be appreciated.
Thanks.
Bob
Offline
Hi Bob, that file isn’t part of Backlight. Nor are the majority of those listed.
Are you running Wordpress?
Offline
No. Looks like I need to do a clean install. Any guidance so that I don't loose any settings?
Offline
Hi Bob, the following will protect your settings.
1. Make a backup of backlight/data, backlight/custom (if you have added custom CSS or PHPlugins), and .htaccess (if you have customised this)
2. Keep all gallery directories on the server
3. Upload all files and directories within backlight/ in your downloaded zip file other than backlight/data and backlight/custom.
4. Log into Backlight, click on Backlight > Publisher and visit Update Album Files
This leaves the issue of how your site was compromised in the first place. Wordpress and poorly written plugins is usually the culprit, but you've ruled that out. It's possible that your server was accessed through another account, or perhaps through your FTP login. I suggest changing all hosting-related passwords.
I'm happy to have a look around your site, to check for any remaining malware. If you'd like me to do that then please email me an FTP login.
Offline
plus you've got several old CE 4 (or earlier) folders in there. Unless you're site is still running CE4, you no longer need those.
Rod
Just a user with way too much time on his hands.
www.rodbarbee.com
ttg-tips.com, Backlight 2/3 test site
Offline
Thanks. I won't get to it until this weekend but I'll definitely take you up on your offers.
I'm guardedly hopefully that this might take care of the issues I have with GoDaddy mid-upload when I publish.
Offline
Pages: 1