Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

Godaddy Malware Email Rate Topic   - - - - -

 
  • CutRiteFX
  • Senior Member
  • Members
  • Join Date: 02-Jun 08
  • 429 posts

Posted 31 January 2018 - 10:18 PM #1

Got this email from Godaday and was wondering if this is something that I need to address or not.

 

We recently completed a routine security checkup of our servers and platforms. Our scans flagged your mydomain name hosting accounts as containing possible malware.

Please sign in to your hosting account and review the following content and remove or fix the files listed below:
 

 

htaccess.spam-seo.suspicious-rewrite.003 - html/.htaccess

 

rex.multi_vars.004 - html/app/addons/customers_also_bought/init_bck_old.php

 

rex.link_sequence.001 - html/app/lib/vendor/amazonwebservices/aws-sdk-for-php/_docs/STREAMWRAPPER_README.html

 

php.backdoor.uploader.006.02 - html/app/lib/vendor/phpmailer/phpmailer/examples/send_file_upload.phps

 

rex.multi_vars.004 - html/app/payments/paybox_files/_old.php

 

rex.multi_vars.004 - html/js/addons/discussion/discussion_bck_old.php

 

rex.multi_vars.004 - html/js/lib/elfinder/_infoold.php

 

rex.multi_vars.004 - html/var/langs/hr/core_bck_old.php


CS-Cart 4.7.4


 
  • FDGWEB
  • Junior Member
  • Authorized Reseller
  • Join Date: 20-Aug 10
  • 125 posts

Posted 02 February 2018 - 06:01 PM #2

Yes, you most likely have malware from the looks of it.

 

Tom


FDG Web, Inc - Seattle Web Design : Custom CS-Cart Programming & Design | Toll-Free: 877.239.3083

Download Proposal Templates & Web Design Contract Samples

 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10548 posts

Posted 02 February 2018 - 07:12 PM #3

You should never see a php file in the js directory.  That indicates an infection.  But before you delete it, scan your entire site (including images) to find where the file is referenced and make the appropriate adjustments.  Many of the other files seem to be old files that are not used but seem to have made it into the distributions or you have developers who have modified the files and kept the old ones on the site as backup.  I would think the README is a false positive.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.


 
  • CutRiteFX
  • Senior Member
  • Members
  • Join Date: 02-Jun 08
  • 429 posts

Posted 03 February 2018 - 03:45 AM #4

At one time we had wordpress installed on the same server and it got infected. We removed it a couple of years ago. Some of these file dates are from 2013 to 2015. I just deleted them all except

htaccess.spam-seo.suspicious-rewrite.003 - html/.htaccess

 

I checked the .htaccess and it looks ok.

 

Thanks for the help.

And @tbirnseth. What would you recommend for a scanner for our stite?

I used sucuri.net and it checked out ok.


CS-Cart 4.7.4


 
  • tbirnseth
  • CS Cart Expert
  • Authorized Reseller
  • Join Date: 08-Nov 08
  • 10548 posts

Posted 03 February 2018 - 04:15 AM #5

Our EZ Admin Helper has a scanner for known cs-cart specific intrusions.  It provides lots of other features too (see the Attachment tab for docs) or go here.


EZ Merchant Solutions: Custom (USA based) B2B Development, Consulting, Development and Special Projects (get a quote here).
Commercial addons, payment methods and modifications to meet your business and operations needs.