PHPJunkyard support forum


https://developers.phpjunkyard.com/

'gbook.php' file missing in action

https://developers.phpjunkyard.com/viewtopic.php?t=4091

Page 1 of 1

'gbook.php' file missing in action

Posted: Mon Jun 25, 2012 11:53 am
by Debonator
Script URL: nsmasschoir.org/gbook/gbook.php
Version of script: 1.7
Hosting company: FastWebHost
URL of phpinfo.php:
URL of session_test.php: ?? have gd_test.php in nsmasschoir.org
What terms did you try when SEARCHING for a solution: gbook.php missing; gbook.php removed by provider

Write your message below:
Here is a transcript of the issue as reported to the HelpDesk of FastWebHost.com
--------
Are you running a script to seek out and remove any file named gbook.php?

This particular file is constantly going missing from /www/nsmasschoir.org/gbook which is a subdomain under novacomputer.net

I am constantly having to ftp it back to it's original location.
--------
Their response:
---------
Hi,

Sorry we are not running any scripts and we do not remove any thing with out user permission.

Suman,
FastWebHost
----------
Personally, I don't believe them. How else can the gbook.php consistently be removed if not by the provider?

Re: 'gbook.php' file missing in action

Posted: Mon Jun 25, 2012 12:19 pm
by Debonator
Problem resolved by webhost provider:

Are you able to investigate what is happening to this file? Is there a history tracker? Once again, it has gone missing.

gbook.php was located in nsmasschoir.org/gbook/ a sub-domain of novacomputer.net

Thank you.


----------
Hi

We see that you are using base64_decode, due to this maldect software is detecting the script as suspicious script and moved to quartined.
=============
return
eval(gzinflate(base64_decode('DZdFssUIkgSv0ruuMi3EZLMSM7M2bZKemBlOP/8IGZbp4bmVx7
lN/ymvbPin/tqpGrKj/CfP9pLA/.......
obqEoF7bK6UBAErwP877///vt//w8=')));
} // END JunkMark()
================

We have changed the permissions for this file so that it cannot moved to quarantine of maldect software.

Vijay Kumar,
FastWebHost

Re: 'gbook.php' file missing in action

Posted: Mon Jun 25, 2012 1:59 pm
by Klemen
Here's a post explaining what this is and also provides an alternative file:
viewtopic.php?f=7&t=3781

Re: 'gbook.php' file missing in action

Posted: Mon Jun 25, 2012 2:37 pm
by Debonator
I was going to try the gbook17_evalfix.zip (found it also in a post re: malicious code) but my webhost provider had already changed the rights to prevent deletion of the original gbook.php. Once I pushed the issue, they were quick to provide a solution. Thank you for your response as well.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited