Diho Posted January 7, 2021 Share Posted January 7, 2021 (edited) Hi, I had two security checks running. One was done by my hosting provider --> everything ok The other was done by a prestashop module --> found two suspicious files, one was definitely a false alarm, but the second file seems strange according o the module developer But my hosting provider says, everything is fine. I deleted the weird looking file to see what will happen. The next day there is a similar file at the exact same spot in my public_html directory. I attached a partial screenshot. I changes all the passwords. What else can I do? I am not even sure if this is a malicious file or not. The file looks like this (changed the domain name for security reasons): mydomain.com_1609704539.php I am not a developer. Any help would be very appreciated. I am running prestashop 1.7.7.0. Edited January 7, 2021 by Diho adding prestashop version (see edit history) 1 Link to comment Share on other sites More sharing options...
ClassyDevs Posted January 7, 2021 Share Posted January 7, 2021 Hello, Diho Remove this script they are base 64 encoded code for hacking. Thank you Link to comment Share on other sites More sharing options...
Prestachamps Posted January 7, 2021 Share Posted January 7, 2021 Hi Diho, regarding the file that automatically re-appeared next day, the recommended is to ask your hosting support about this, as it could easily happen that it is created by some server security scanner, like some malware scanner. Maybe this could be related to your script : https://support.comodo.com/index.php?/Knowledgebase/Article/View/1229/113/debug-for-malware-scanning Kind regards, Leo 1 Link to comment Share on other sites More sharing options...
Diho Posted January 11, 2021 Author Share Posted January 11, 2021 Hi everyone, Special thanks to Leo@Prestachamps! He pointed me in the right direction. I contacted my hosting provider. The file is the scanner agent responsible to scan and clean/cure malware. When a scanner agent file is downloaded or uploaded to the domain's web root, you will see such file 'domain-name_random-digits.php'. The script present in the file is not malicious and is designed to scan and clean/cure infection. Yay! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now