Not signed in (Sign In)

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

General Support: Odd files showing up in plogger directory

Bottom of Page

1 to 7 of 7

  1.  
    • CommentAuthorclaywso
    • CommentTimeJan 21st 2006
     
    I installed plogger a few months ago and only today upgraded to 2.1, without incident.

    i upgraded after noticing some odd files in the plogger directory getting tons of hits, such as:

    /g/images/shows/cvv2.full.info.txt.html
    /g/images/hax.for.soldat.html
    /g/images/k500i.worms.download.html

    That last one is a bit troubling, and perhaps they're all bad news. obviously, I never uploaded these files, and they don't show up in any FTP or file browsing on the server.

    so, any ideas on how to eliminate this problem now, and prevent it in the future?

    also, is there a way to tell within the admin panel the version of plogger that is running?

    thanks for the help!
    • CommentAuthorclaywso
    • CommentTimeJan 21st 2006
     
    ok, digging around a bit more, i see some files in the images directory on my server that aren't in the installation package. the files are:

    base.php
    guest.php and
    messages.php

    are those supposed to be there? each file begins with:

    <?php error_reporting(0)...

    thanks again
    • CommentAuthorddejong
    • CommentTimeJan 21st 2006
     
    None of those files should be there, and you would be right to remove them. If you would please, email them to derek@plogger.org, and we'll have a gander at them. Likely, they're files generated from Plogger's old security flaws, so it's lucky you upgraded. Additionally, be sure to change your database and Plogger passwords; use an MD5 tool (like the one in phpmyadmin) to generate an MD5 hash of your new admin password.

    Cheers,
    Derek
    •  
      CommentAuthormike
    • CommentTimeJan 21st 2006
     
    Wow those files are awfully suspicious =)
    Like Derek said, if you could send a zip of those files to security@plogger.org, Or Derek if you already have them could you pass them on to the list.

    If those files are invisible and you can't delete them from your FTP, contact your web host immediately and have them removed!
    • CommentAuthorddejong
    • CommentTimeJan 21st 2006
     
    I was just worried that an email to security@plogger.org would broadcast the files to those that might not want them. Anyhow, I don't have them yet, but if and when I do, I will pass them along.

    Cheers,
    Derek
    • CommentAuthorclaywso
    • CommentTimeJan 21st 2006
     
    i sent the files to derek@plogger.com

    turns out there were three php files in every directory in my plogger installation, along with an .htaccess file. when i removed one set of the files, i lost permissions on everything in the directory and couldn't download or delete anything, including images. i had my host remove the directory completely.

    is this the problem that the new release addresses?
    •  
      CommentAuthormike
    • CommentTimeJan 21st 2006
     
    Yes, the exploit was patched in 2.1.

    Here is an interesting thread on those files that were added to your system: http://www.jaguarpc.com/forums/showthread.php?t=13305

1 to 7 of 7

  1.