/img/p/3/list.php reporting as Malware by server software

[Geoff1066]

Hi

 

I am running Prestashop 1.6.013 and am getting notifications from my hosting company that the file /img/p/3/list.php is suspected to be malware. I am trying to establish whether the file has been hacked or whether the security software is reporting a false positive.

 

So a couple of questions...

 

1. Should such a file exist? /img/p/3/list.php

2. If so what should it's contents look like?

 

Apparently it's Base 64 encoded malware, and in the words of my host "It exhibits the same obfuscation techniques used by a broad range of malware. We would ask to see an unobfuscated version, if you are the developer, or to be shown where this source code was downloaded from.

 

Any help greatfully received.

 

Geoff

[Geo Burlibasa]

That file should not exist. First in the "img" folder shall be only image files or index.php files. Second, Prestashop does not have any kind of base64-encoded files.
Delete that file and scan your whole website.

[Geoff1066]

Thank you Geo, very helpful 

 

I will delete the file and get some upgrades done to hopefully prevent it happening again.

 

Geoff

[Geo Burlibasa]

In most situations, the modules are guilty for such vulnerabilities. Looking on the server logs may give you more informations to see which module shall you blame.