cancel
Showing results for 
Search instead for 
Did you mean: 

Should Php files found in media directory

   Did you know you can see the translated content as per your choice?

Translation is in progress. Please check again after few minutes.

Should Php files found in media directory

Hi All,
I inherited a hacked shop. Version 1.8..
Cleaned, reinstalled, all security patches applied.
Actually running 1.9.2.4
I thought I had finished the process but tracing a denied file access I found the following:

 

from media/ find . -type f -name *.php
./tmp/catalog/system.php
./tmp/catalog/functions.php
./xmlconnect/lib.php
./import/b/info.php

from root/folder => grep -rl . -e "<?php      "
./media/tmp/catalog/system.php
./media/tmp/catalog/functions.php
./media/xmlconnect/lib.php
./media/import/b/info.php

 My question is whether there is any known information about such files?

Should these files put me on the track of similar others one?

I wonder if denying access to php and js files from media folder is a good way to go.

Any tips or hints welcomed.

Thanks in advance

-Charles