Jump to content

Strange script appearing in public_html


Recommended Posts

Hi,

I had two security checks running.

One was done by my hosting provider --> everything ok

The other was done by a prestashop module --> found two suspicious files, one was definitely a false alarm, but the second file seems strange according o the module developer

But my hosting provider says, everything is fine.

I deleted the weird looking file to see what will happen. The next day there is a similar file at the exact same spot in my public_html directory.

I attached a partial screenshot.

I changes all the passwords. What else can I do? I am not even sure if this is a malicious file or not. 

The file looks like this (changed the domain name for security reasons):

mydomain.com_1609704539.php

I am not a developer. Any help would be very appreciated. 

I am running prestashop 1.7.7.0.

Screenshot 2021-01-06 215358.png

Edited by Diho
adding prestashop version (see edit history)
  • Like 1
Link to comment
Share on other sites

Hi Diho,

regarding the file that automatically re-appeared next day, the recommended is to ask your hosting support about this, as it could easily happen that it is created by some server security scanner, like some malware scanner. Maybe this could be related to your script : https://support.comodo.com/index.php?/Knowledgebase/Article/View/1229/113/debug-for-malware-scanning

Kind regards, Leo

  • Thanks 1
Link to comment
Share on other sites

Hi everyone,

Special thanks to Leo@Prestachamps! He pointed me in the right direction.

I contacted my hosting provider.
The file is the scanner agent responsible to scan and clean/cure malware.

When a scanner agent file is downloaded or uploaded to the domain's web root, you will see such file

'domain-name_random-digits.php'.

 

The script present in the file is not malicious and is  designed to scan and clean/cure infection.

Yay!

 

Link to comment
Share on other sites

  • razaro changed the title to Strange script appearing in public_html

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...