- Affected version
- v2.2.8 Patch 1
After an automatic file health check scan it told me that the index.php had changed. Looking at this file I discovered this bit of extra code:
/d59d8/
@include ("/.........../src/vendor/guzzlehttp/.ce5e9784.mo");
/d59d8/
Interestingly the dot at the beginning of the .mo file name means certain ftp file browsers can't display the file as if it is deliberately trying to be hidden.
Question: Has my forum site been hacked and is the .mo file dangerous or is it just part of a genuine update to the forum?
In case it is relevant, the forum is hosted on a GoDaddy webserver.
/d59d8/
@include ("/.........../src/vendor/guzzlehttp/.ce5e9784.mo");
/d59d8/
Interestingly the dot at the beginning of the .mo file name means certain ftp file browsers can't display the file as if it is deliberately trying to be hidden.
Question: Has my forum site been hacked and is the .mo file dangerous or is it just part of a genuine update to the forum?
In case it is relevant, the forum is hosted on a GoDaddy webserver.