1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.5 Identify Who Posted Malware

Discussion in 'Troubleshooting and Problems' started by dash, Sep 11, 2015.

  1. dash

    dash Member

    My hosting provider has setup maldet and I just got a report regarding some problem files detected.

    Note the first one is located at:
    /home/public_html/forum/internal_data/image_cache/0/784-ea41368e816eb90373a83b7e0d526182.data

    as per the code below.

    How can I tell which post this image is associated with and who posted it?

    Code:
    malware detect scan report:
    SCAN ID: 091015-0329.31336
    TIME: Sep 10 03:53:19 -0500
    PATH: /home*/*/public_html
    RANGE: 2 days
    TOTAL FILES: 6665
    TOTAL HITS: 3
    TOTAL CLEANED: 0
    
    NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 091015-0329.31336
    FILE HIT LIST:
    {HEX}php.cmdshell.unclassed.
    358 : /home/public_html/forum/internal_data/image_cache/0/784-ea41368e816eb90373a83b7e0d526182.data
    {HEX}php.cmdshell.unclassed.358 : /tmp/nginx_client/0019734821
    {HEX}php.cmdshell.unclassed.358 : /tmp/nginx_client/0019734820
     
  2. Mike

    Mike XenForo Developer Staff Member

    Note this wasn't an uploaded file; it was an image linked for a post.

    You should be able to go to this page:

    <url>/admin.php?logs/image-proxy-details&image_id=784

    If you have referrer tracking enabled, it will tell you where the image was used and you should be able to identify the user from there.
     

Share This Page