Malicious cache/data file

skb · February 07, 2017, 06:30:44 AM

I recently gor an email from my host that they blocked Port port 80, 443, 587 and 465 for my site as they found a malicious file on my site. The file under reference was named data_(then some text & numbers)SMF-modsettings.php. I was told that a "quarantine" folder had been created and the said file was there for me to check. C-Panel did not show any such folder. I did a full home directory scan and nothing fishy was found. Finally I was able to unblock the ports. My questions;

(1) What are these data_ files in the cache ?
(2) No mods have been un/installed recently, what could be the source of the malware ?
(3) Preventive measures, if any ?

Illori · February 07, 2017, 06:52:43 AM

the data_ files are the cache files for the SMF file cache.

Dzonny · February 07, 2017, 07:41:22 AM

You should ask your host to provide you a full path to that file that they said is malicious, so you can see it. We can't tell much without more details though, it may be that this is just a false-positive as well.

Do you have any other software running on your host? Which SMF version are you running?

Kindred · February 07, 2017, 07:44:28 AM

What mods do you have installed?

News:

Malicious cache/data file

skb

Illori

Dzonny

Kindred