Geoff1066 Posted February 12, 2017 Share Posted February 12, 2017 Hi I am running Prestashop 1.6.013 and am getting notifications from my hosting company that the file /img/p/3/list.php is suspected to be malware. I am trying to establish whether the file has been hacked or whether the security software is reporting a false positive. So a couple of questions... 1. Should such a file exist? /img/p/3/list.php 2. If so what should it's contents look like? Apparently it's Base 64 encoded malware, and in the words of my host "It exhibits the same obfuscation techniques used by a broad range of malware. We would ask to see an unobfuscated version, if you are the developer, or to be shown where this source code was downloaded from. Any help greatfully received. Geoff Link to comment Share on other sites More sharing options...
Geo Burlibasa Posted February 12, 2017 Share Posted February 12, 2017 That file should not exist. First in the "img" folder shall be only image files or index.php files. Second, Prestashop does not have any kind of base64-encoded files.Delete that file and scan your whole website. Link to comment Share on other sites More sharing options...
Geoff1066 Posted February 12, 2017 Author Share Posted February 12, 2017 Thank you Geo, very helpful I will delete the file and get some upgrades done to hopefully prevent it happening again. Geoff Link to comment Share on other sites More sharing options...
Geo Burlibasa Posted February 12, 2017 Share Posted February 12, 2017 In most situations, the modules are guilty for such vulnerabilities. Looking on the server logs may give you more informations to see which module shall you blame. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now