>>
Site Map
>>
Forums
>>
Security Issues
Forum module - topics in forum:
Security Issues - Get help in securing your PHP-NUKE Installation.
Found a new file possible hacked
I have been having issues of 2 trojan executables (update.exe and rafael.exe) being placed in the home directory of my site "inner-community.com/". It shut my site down a couple weeks ago when my provider scanned for virusses and found it and shut me down. When I delete them, They come back later on. I just found a file in my /modules/ folder called inc.php. I have the code if you want to see it. I have never seen this before and there is code that accesses the home dir of my site. The IP addresses that have been using rafael.exe are mostly from Brazil and Germany. Can anyone tell me how this inc.php could have gotten there?
Sounds like you might have been brute forced. Delete the file and change your FTP and cpanel passwords.
I actually deleted everything off my home dir and am re-installing Nuke. I was using 7.6 patched for My site and nCo Nuke for the leatherneck domain. I am going to put nCo Nuke on both of them. I guess a fresh install ensures no other files are hidden away.
