Hey,
what are the default CHMOD settings by Folder in SMF? I changed every folder to 777 due to a problems with a script and today i found folders named ".log" with thousands of files i never uploaded...
Roger
and these folders have what name? and the files in them have what name? if a server is correctly configured 777 is not a risk, but in some setups it can be. so 755 for folders can work and 644 for files. How do I chmod? / what is chmod? (http://wiki.simplemachines.org/smf/What_is_chmod)
The files were named like women-giving-birth15344xx.htm and women-big-breasts8568xx.htm. The folders were named .log and where hidden
sounds like someone on your server was able to access your files, i would contact your host and let them know ASAP do not remove the files until your host has a chance to look at them. this is a MAJOR security issue.
already did. The support specialist wasnt able to track the source of the files... :-/
I now changed everything to 755, only the tp-downloads (Which comes from TinyPortal) to 777
then remove the files that were added and keep a close watch on your files and do a backup of your files and database often. dont be surprised if it happens again and you need to find a new host.
well, the host is one of the biggest in germany, i don't think, it was their fault (hosteurope)
Backup is running... thanks
just because they are large does not mean they are good at security.... which it seems like they are not given what you have said above.
another note: i found 4 php files named alyssa.php, twister.php, vampires.php and boldhead.php referencing the now deleted files in the logs. i also deletes thoses files
119.63.196.119 - - [02/Jul/2011:12:59:49 +0200] "GET /alyssa.php?q=renekton-outback&page=2 HTTP/1.1" 200 43069 "-" "Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" "administratum.de"
The folders containing those files are now also set to 755