Hello,
it took me two weeks to find malware in fckphplist. There are two files in
/lists-plugins/fckphplist/fckeditor/editor/filemanager/browser/default/images/icons/32
72b.php
78eb5
Mod edit: Files removed for security purposes.
I’ll post later after resetting my system.
Kind regards
willie
Neither file exists in my phpList installations and should be deleted.
It is unnecessary to post the contents of malware files here. Also for readers further info, these forums do not allow the posting of php files as they too are a security risk.
Hopefully once you’ve deleted these files, and checked that you have no other dubious files present, things will work better. Don’t forget to check that no directories have permissions greater than 755 and files no greater than 644, again, all for security.
You might need to replace your installation of phpList simply to ensure that there are no files running the two malware files. Also, double check your config/config.php file as that too might have an instruction added to run the files, otherwise how can the malware be run?
An additional security setting I like to use is to set the config/config.php file permissions to 444 unless I’m actually editing the file when I’ll temporarily restore it to 644.