XF 2.2 Possible Malware

BasilFawlty

BasilFawlty

Active member
I recently had my data center run CLAMAV and they reported that 6 .jpg images were being reported as malware. I downloaded the suspect images and looked at them on a separate (purgable) computer. They was all identical images, small 48x48 pixels images of the Mona Lisa. They were all in my Avatar directory.

I'd like to figure out where on my site these images are being referenced and possibly who uploaded them, but not sure how to go about that. Unfortunately these were uploaded some time ago (2021) and I no longer have raw access files archived that far back. Yes, I know I can delete them, and I will, but I'd kinda like to figure out where they are and maybe who uploaded them. All 6 images are in the avatars directory, like this:

/home/xxxxx/public_html/community/data/avatars/o/4214.jpg (for example)

Any thoughts on how I might go about figuring out where on the site these images are showing up? Thanks in advance.
 
Sort by date Sort by votes
The image is 4214.jpg so the user who uploaded it would have the ID of 4214
Code: 
https://path-to-xf-install/members/4214/

Example:
Rich (BB code): 
https://xenforo.com/community/members/chris-d.11388/
https://xenforo.com/community/data/avatars/l/11/11388.jpg

You can just run a search on their posts to see where they're referenced in your forum.

Maybe an SQL search to find 4214.jpg if people copy/paste the image URL in forum posts / etc.
 
Upvote 0 Downvote
M@rc said:
The image is 4214.jpg so the user who uploaded it would have the ID of 4214
Code: 
https://path-to-xf-install/members/4214/

Example:
Rich (BB code): 
https://xenforo.com/community/members/chris-d.11388/
https://xenforo.com/community/data/avatars/l/11/11388.jpg

You can just run a search on their posts to see where they're referenced in your forum.

Maybe an SQL search to find 4214.jpg if people copy/paste the image URL in forum posts / etc.
Click to expand...
Thanks for that info! I have off-loaded the images to an expendable thumb drive and deleted them from my server. I suspect this was a false positive (it happens), but better to err on the side of caution. All 6 of the images were the same thing - small 48x48 pixel images on the Mona Lisa.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

B
  • Question Question
XF 2.2 URLs posted on my forum are redirecting to unknown url (possible malware?)
Replies
3
Views
38
Mr Lucky
Mr Lucky
woei
  • Question Question
XF 2.3 Old links to domain that is serving malware
Replies
4
Views
61
Chromaniac
Chromaniac
R
Not a bug Malware - Anti Virus Pop Up
Replies
2
Views
116
joszwa
joszwa
D
  • Question Question
XF 2.2 How to check the forum is malware free?
Replies
4
Views
72
Kirby
K
tenants
  • Question Question
XF 2.3 Is it possible to have user upgrades that are both reoccurring and one off (different amounts)
Replies
1
Views
32
Mr Lucky
Mr Lucky
Back
Top Bottom