.jpg extension Files

Started by Kevin56, Jul 12, 2022, 12:38 AM

Previous topic - Next topic

Kevin56Topic starter

Hi.
Here's the problem: Someone uploaded files like my_site.com.jpg to the site, but these are not pictures.
One is php file, the second one is list of links, all others are empty.
Files in the images folder of the joomla template .

I deleted everything except the links list. If try to delete it, it appears again. Looks like there is a file somewhere else, which recover it.
If anyone has come across something similar, please share.
  •  

vikov

Ask your hosting provider to give you access logs files and you will see when malicious scripts were uploaded and from which IP address.

Also check the following logs:
/usr/local/apache/domlogs/user
/etc/httpd/logs/access_log
/var/log/messages
  •  

Fess

in theory, any most unlikely scenario is possible. Moreover, a hаcker may be more persistent than you and explores everything while you sleep. If you have been "at war" with a hаcker for a long time, he exploits some vulnerability unknown to you, he can even set up an experiment and find out whether you are watching jpeg files or not.

a couple of practical not-so-unlikely examples :

 Two files are used. Extremely simple php code can connect complex, already recorded in .jpeg. No antivirus will put such a simple code in the database, because there will be too many triggers. And you won't see anything criminal there manually.

 A fairly common vulnerability occurs when conditions coincide: if it is possible for a user to upload a photo, the engine writes the original bytes from the jpeg file without processing and you can run the .php code enclosed in the source due to the cgi settings.fix_pathinfo=1.
  •