Magento Forums
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Should Php files found in media directory

‎03-26-2016 04:27 AM
‎03-26-2016 04:27 AM

Should Php files found in media directory

Hi All,
I inherited a hacked shop. Version 1.8..
Cleaned, reinstalled, all security patches applied.
Actually running 1.9.2.4
I thought I had finished the process but tracing a denied file access I found the following:

 

from media/ find . -type f -name *.php
./tmp/catalog/system.php
./tmp/catalog/functions.php
./xmlconnect/lib.php
./import/b/info.php

from root/folder => grep -rl . -e "<?php      "
./media/tmp/catalog/system.php
./media/tmp/catalog/functions.php
./media/xmlconnect/lib.php
./media/import/b/info.php

 My question is whether there is any known information about such files?

Should these files put me on the track of similar others one?

I wonder if denying access to php and js files from media folder is a good way to go.

Any tips or hints welcomed.

Thanks in advance

-Charles

Labels:
0 Kudos
Reply