Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

1.7.0.2 Filesystem.php.suspected

SOLVED
Go to solution
‎09-17-2015 11:43 PM
‎09-17-2015 11:43 PM

1.7.0.2 Filesystem.php.suspected

Hi,


I have a Magento site running 1.7.0.2, which recently (9/11) fell victim to a SUPEE attack.

The four SUPEE patches has since then been applied, the file system cleaned out (as far as possible, since Magento has thousands of files), the database and the logs checked.

 

I noticed a peculiarity in the logs some days later, which essentially seem to break the CMS and Backup pages in Admin only.

Filesystem.php had been renamed to Filesystem.php.suspected in the following locations:

/lib/Varien/Data/Collection/
/includes/src/Varien/Data/Collection/

I checked with an old copy of the files, and no changes have been made to the files themselves, so I renamed them back to normal, and everything worked as it should. Then a day later, I find that they are renamed again. I suspected maybe anti-malware in Plex, but turning that off had no effect on the renaming.

 

Does anyone know what might cause this, and what might be the culprit?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
‎09-18-2015 02:01 AM
‎09-18-2015 02:01 AM

Re: 1.7.0.2 Filesystem.php.suspended

@Parallax It's difficult to know by your question what exactly is hppening.But you can do following things which may help you.

1) Inform your hosting provider to scan your application for any viruses or Trojans.

2) Check the Magento files and folders permissions once and set those to recommended one.

3) stop using FTP, use SFTP instead.

4) Do not use Magento default admin url.Use a custom url for the admin panel access.

5) Change all the user names and passwords for the cPanel,FTP (better do not use it).

6) If you worked with some third party for development work on your Magento installation then change all user name and passwords. Also change all the admin access granted to them.Any users created for SOAP and REST api access.

7) Add IP restriction to your Magento admin so that it can be accesses from a particular ip address only.

 

Try above mentioned point and see if it help you or not.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

View solution in original post

1 REPLY 1
‎09-18-2015 02:01 AM
‎09-18-2015 02:01 AM

Re: 1.7.0.2 Filesystem.php.suspended

@Parallax It's difficult to know by your question what exactly is hppening.But you can do following things which may help you.

1) Inform your hosting provider to scan your application for any viruses or Trojans.

2) Check the Magento files and folders permissions once and set those to recommended one.

3) stop using FTP, use SFTP instead.

4) Do not use Magento default admin url.Use a custom url for the admin panel access.

5) Change all the user names and passwords for the cPanel,FTP (better do not use it).

6) If you worked with some third party for development work on your Magento installation then change all user name and passwords. Also change all the admin access granted to them.Any users created for SOAP and REST api access.

7) Add IP restriction to your Magento admin so that it can be accesses from a particular ip address only.

 

Try above mentioned point and see if it help you or not.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum