• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Quick security specialist needed

Coop1979

Well-known member
#1
I have a malware infection on my server that I need assistance finding the source of, stopping, and blocking future damage. It is some sort of script that is inserting
PHP:
eval(gzinflate(base64_decode(...)))
into my XenForo scripts as well as scripts for my other domains on the server.

The server runs OS X, and anyone familiar with Linux, PHP-fpm, & Nginx would be of great assistance.

I found a php file posing as a gif file within /private/var/tmp and have removed it, but the files keep getting the malicious
PHP:
eval(gzinflate(base64_decode(...)))
code added to them.

Please message me with your experience and rates.
 

Coop1979

Well-known member
#4
I believe I found the invading file and quashed it like a bug. So far it's been 12 hours without any new code added to my files.

I have an OSCommerce site (an old one, too), that I believe is the source of the problem. I'll be deleting the whole thing over the weekend and moving to BigCommerce.

Thanks for the Wordpress heads-up - I have updated all installations on the server.
 

MattW

Well-known member
#5
I believe I found the invading file and quashed it like a bug. So far it's been 12 hours without any new code added to my files.

I have an OSCommerce site (an old one, too), that I believe is the source of the problem. I'll be deleting the whole thing over the weekend and moving to BigCommerce.

Thanks for the Wordpress heads-up - I have updated all installations on the server.
Exactly how I got done back in 2009 via OSCommerce. Moved to OpenCart after that.