infected file in magento 1.9.3.3. /public_html/skin/Signedint.php
https://magento.stackexchange.com/questions/183864
-
10-10-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I received an email from my hosting provider saying that this file was quarantined due to detected malware: /public_html/skin/Signedint.php Was this originally a magento file that carried some function? Can I just delete it or do I need to replace it with a clean file? If i have to replace it, where can I get another file? I jupgraded my magento to 1.9.3.3 but still received the message that this file was corrupted. One of the AVs at virusTotal identified this file as CPR65E4.Webshell thanks
La solution
The file is indeed a malware. Here is a great list of commonly known vulnerabilities that can be found in Magento and WordPress.
https://gist.github.com/ins0/13a8fbbe84166377f3f3807b6efeae20
If you look at the list, you will find your file there. So delete it, and make sure your Magento is patched. If it is indeed patched, possibly prior the update to 1.9.3.3. the site was already infected, perhaps the file was there for a while, hosting scan never noticed it.
I would still scan the site with
www.MageReport.com
Delete the file, change all passwords (admin, database, hosting), and ask the host to scan your Magento files one more time.
Autres conseils
Also look in you var/package directory and you will find instance there. The malware will try to create the file again:
Here is the file I found added when I did git status on the site: Lib_Js_Int-1.9.5.0.xml
