My server administrator has informed me with a list of maybe 100 of my Serendipity files which they say have a virus in them. They have disabled several directories along with Serendipity. My blog is down and the Administrator Suite.
I would like to delete all the Serendipity files except those I need for re-installing. What do I need to keep along with serendipity_config_local.inc.php?
If this has been answered, I apologize, I did not find it.
Save what files to wipe & install new SY9?
Save what files to wipe & install new SY9?
The best,
~Ed
~Ed
Re: Save what files to wipe & install new SY9?
Well, there are some posts regarding things like this in our forum. Searching for 'hacked', or so.
What you really need is serendipity_config_local.inc.php, which holds your database credentials. And keep the database itself, but this isn't file related, normally. Been hacked can be a serious issue or just changing some world readable files by dummies. You have to keep this in mind, since the database could be filled with injections too, a check is needed. Normally, if the hack came in by the old wysiwyg editor in older serendipity versions, you will have to deal with dummies. FTP or other serious site hacks can do more.
The rest depends on what you have done before. Assuming you want to keep what you have done before:
If using a self designed template, you have to backup this too. Same goes for plugins.
If you only have changed some css in your template, save that file only.
In the uploads/ dir you will find all media library files you have ever uploaded to the blog. Keep it.
But, if you really got hacked - I assume this was an early S9y version (*), if it was by serendipity - you will possibly have infected files in there. This definitely needs deep investigation before new use!
Interesting would be to see that ~100 file list by your hoster.
(*) Search the http://blog.s9y.org/ announcements to see what happend over time.
Here is a link to an experimental 'verify for hacked blogs' plugin, not really up to date, but still usable.
http://board.s9y.org/viewtopic.php?f=4&t=17755
This will/could list all files you'd need to investigate, when the blog has come up again.
What you really need is serendipity_config_local.inc.php, which holds your database credentials. And keep the database itself, but this isn't file related, normally. Been hacked can be a serious issue or just changing some world readable files by dummies. You have to keep this in mind, since the database could be filled with injections too, a check is needed. Normally, if the hack came in by the old wysiwyg editor in older serendipity versions, you will have to deal with dummies. FTP or other serious site hacks can do more.
The rest depends on what you have done before. Assuming you want to keep what you have done before:
If using a self designed template, you have to backup this too. Same goes for plugins.
If you only have changed some css in your template, save that file only.
In the uploads/ dir you will find all media library files you have ever uploaded to the blog. Keep it.
But, if you really got hacked - I assume this was an early S9y version (*), if it was by serendipity - you will possibly have infected files in there. This definitely needs deep investigation before new use!
Interesting would be to see that ~100 file list by your hoster.
(*) Search the http://blog.s9y.org/ announcements to see what happend over time.
Here is a link to an experimental 'verify for hacked blogs' plugin, not really up to date, but still usable.
http://board.s9y.org/viewtopic.php?f=4&t=17755
This will/could list all files you'd need to investigate, when the blog has come up again.
Regards,
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Re: Save what files to wipe & install new SY9?
Thanks for your reply and information Timbalu. I don't think my installation was that old 1.6.2. I will do as you suggest and see what happens. Here is the list of files my server admin sent. Please let me know if it gives you more insight or information I can use.
The best,
~Ed
./public/serendipity/bundled-libs/Cache/Lite.php
./public/serendipity/bundled-libs/PEAR.php
./public/serendipity/bundled-libs/Smarty/libs/Smarty.class.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.run_insert_handler.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.smarty_include_php.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.eval.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.mailto.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.math.php
./public/serendipity/bundled-libs/XML/RPC.php
./public/serendipity/bundled-libs/getid3/module.archive.gzip.php
./public/serendipity/bundled-libs/getid3/module.audio-video.riff.php
./public/serendipity/bundled-libs/getid3/module.audio.ogg.php
./public/serendipity/bundled-libs/getid3/module.misc.iso.php
./public/serendipity/bundled-libs/getid3/write.id3v2.php
./public/serendipity/comment.php
./public/serendipity/exit.php
./public/serendipity/htmlarea/contrib/php-xinha.php
./public/serendipity/htmlarea/examples/files/ext_example-menu.php
./public/serendipity/htmlarea/plugins/Abbreviation/popups/abbreviation.html
./public/serendipity/htmlarea/plugins/ExtendedFileManager/Classes/ExtendedFileManager.php
./public/serendipity/htmlarea/plugins/ExtendedFileManager/config.inc.php
./public/serendipity/htmlarea/plugins/FormOperations/formmail.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/IM.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/ImageManager.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/NetPBM.php
./public/serendipity/htmlarea/plugins/ImageManager/config.inc.php
./public/serendipity/htmlarea/plugins/InsertPicture/InsertPicture.php
./public/serendipity/htmlarea/plugins/Linker/dialog.html
./public/serendipity/htmlarea/plugins/QuickTag/popups/quicktag.html
./public/serendipity/htmlarea/plugins/SpellChecker/aspell_setup.php
./public/serendipity/htmlarea/plugins/SpellChecker/spell-check-logic.php
./public/serendipity/htmlarea/plugins/SpellChecker/spell-check-savedicts.php
./public/serendipity/htmlarea/popups/fullscreen.html
./public/serendipity/include/admin/images.inc.php
./public/serendipity/include/admin/importers/movabletype.inc.php
./public/serendipity/include/admin/importers/voodoopad.inc.php
./public/serendipity/include/admin/overview.inc.php
./public/serendipity/include/compat.inc.php
./public/serendipity/include/functions.inc.php
./public/serendipity/include/functions_comments.inc.php
./public/serendipity/include/functions_config.inc.php
./public/serendipity/include/functions_images.inc.php
./public/serendipity/include/functions_trackbacks.inc.php
./public/serendipity/include/plugin_api.inc.php
./public/serendipity/include/plugin_api_extension.inc.php
./public/serendipity/include/tpl/config_local.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_bg.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cn.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cs.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cz.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_da.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_de.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_en.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_es.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fa.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fi.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fr.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_hu.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_is.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_it.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ja.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ko.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_nl.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_no.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pl.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pt.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pt_PT.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ro.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ru.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_sa.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_se.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ta.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tn.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tr.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tw.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_zh.inc.php
./public/serendipity/lang/serendipity_lang_bg.inc.php
./public/serendipity/lang/serendipity_lang_cn.inc.php
./public/serendipity/lang/serendipity_lang_cs.inc.php
./public/serendipity/lang/serendipity_lang_cz.inc.php
./public/serendipity/lang/serendipity_lang_da.inc.php
./public/serendipity/lang/serendipity_lang_de.inc.php
./public/serendipity/lang/serendipity_lang_en.inc.php
./public/serendipity/lang/serendipity_lang_es.inc.php
./public/serendipity/lang/serendipity_lang_fa.inc.php
./public/serendipity/lang/serendipity_lang_fi.inc.php
./public/serendipity/lang/serendipity_lang_fr.inc.php
./public/serendipity/lang/serendipity_lang_hu.inc.php
./public/serendipity/lang/serendipity_lang_is.inc.php
./public/serendipity/lang/serendipity_lang_it.inc.php
./public/serendipity/lang/serendipity_lang_ja.inc.php
./public/serendipity/lang/serendipity_lang_ko.inc.php
./public/serendipity/lang/serendipity_lang_nl.inc.php
./public/serendipity/lang/serendipity_lang_no.inc.php
./public/serendipity/lang/serendipity_lang_pl.inc.php
./public/serendipity/lang/serendipity_lang_pt.inc.php
./public/serendipity/lang/serendipity_lang_pt_PT.inc.php
./public/serendipity/lang/serendipity_lang_ro.inc.php
./public/serendipity/lang/serendipity_lang_ru.inc.php
./public/serendipity/lang/serendipity_lang_sa.inc.php
./public/serendipity/lang/serendipity_lang_se.inc.php
./public/serendipity/lang/serendipity_lang_ta.inc.php
./public/serendipity/lang/serendipity_lang_tn.inc.php
./public/serendipity/lang/serendipity_lang_tr.inc.php
./public/serendipity/lang/serendipity_lang_tw.inc.php
./public/serendipity/lang/serendipity_lang_zh.inc.php
./public/serendipity/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php
./public/serendipity/plugins/serendipity_event_blogpdf/serendipity_event_blogpdf/gif.php
./public/serendipity/plugins/serendipity_event_google_sitemap/serendipity_event_google_sitemap.php
./public/serendipity/plugins/serendipity_event_guestbook/serendipity_event_guestbook.php
./public/serendipity/plugins/serendipity_event_karma/serendipity_event_karma.php
./public/serendipity/plugins/serendipity_event_mailer/UTF-8/lang_fr.inc.php
./public/serendipity/plugins/serendipity_event_mailer/lang_fr.inc.php
./public/serendipity/plugins/serendipity_event_mailer/serendipity_event_mailer.php
./public/serendipity/plugins/serendipity_event_recaptcha/recaptcha/recaptchalib.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_cs.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_cz.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_ja.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_cs.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_cz.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_en.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_ja.inc.php
./public/serendipity/plugins/serendipity_event_spamblock_bayes/serendipity_event_spamblock_bayes.php
./public/serendipity/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php
./public/serendipity/plugins/serendipity_event_suggest/serendipity_event_suggest.php
./public/serendipity/plugins/serendipity_event_suggest/serendipity_event_suggest/serendipity_event_suggest.php
./public/serendipity/plugins/serendipity_event_textwiki/UTF-8/lang_pt_PT.inc.php
./public/serendipity/plugins/serendipity_event_textwiki/lang_pt_PT.inc.php
./public/serendipity/plugins/serendipity_event_todolist/serendipity_event_todolist/serendipity_event_todolist.php
./public/serendipity/plugins/serendipity_event_usergallery/JPEG_TOOLKIT/EXIF.php
./public/serendipity/plugins/serendipity_event_usergallery/JPEG_TOOLKIT/Photoshop_IRB.php
./public/serendipity/plugins/serendipity_event_usergallery/plugin_usergallery.tpl
./public/serendipity/plugins/serendipity_event_usergallery/plugin_usergallery_imagedisplay.tpl
./public/serendipity/plugins/serendipity_event_userprofiles/serendipity_event_userprofiles/Contact_Vcard_Build.php
./public/serendipity/plugins/serendipity_event_userprofiles/serendipity_event_userprofiles/serendipity_event_userprofiles.php
./public/serendipity/plugins/serendipity_plugin_adduser/serendipity_plugin_adduser/common.inc.php
./public/serendipity/templates/default/admin/media_items.tpl
./public/serendipity/templates_c/btemplate.php
./public/serendipity/templates_c/bulletproof^%%6D^6DE^6DE17693%%entries.tpl.php
The best,
~Ed
./public/serendipity/bundled-libs/Cache/Lite.php
./public/serendipity/bundled-libs/PEAR.php
./public/serendipity/bundled-libs/Smarty/libs/Smarty.class.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.process_cached_inserts.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.run_insert_handler.php
./public/serendipity/bundled-libs/Smarty/libs/internals/core.smarty_include_php.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.eval.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.mailto.php
./public/serendipity/bundled-libs/Smarty/libs/plugins/function.math.php
./public/serendipity/bundled-libs/XML/RPC.php
./public/serendipity/bundled-libs/getid3/module.archive.gzip.php
./public/serendipity/bundled-libs/getid3/module.audio-video.riff.php
./public/serendipity/bundled-libs/getid3/module.audio.ogg.php
./public/serendipity/bundled-libs/getid3/module.misc.iso.php
./public/serendipity/bundled-libs/getid3/write.id3v2.php
./public/serendipity/comment.php
./public/serendipity/exit.php
./public/serendipity/htmlarea/contrib/php-xinha.php
./public/serendipity/htmlarea/examples/files/ext_example-menu.php
./public/serendipity/htmlarea/plugins/Abbreviation/popups/abbreviation.html
./public/serendipity/htmlarea/plugins/ExtendedFileManager/Classes/ExtendedFileManager.php
./public/serendipity/htmlarea/plugins/ExtendedFileManager/config.inc.php
./public/serendipity/htmlarea/plugins/FormOperations/formmail.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/IM.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/ImageManager.php
./public/serendipity/htmlarea/plugins/ImageManager/Classes/NetPBM.php
./public/serendipity/htmlarea/plugins/ImageManager/config.inc.php
./public/serendipity/htmlarea/plugins/InsertPicture/InsertPicture.php
./public/serendipity/htmlarea/plugins/Linker/dialog.html
./public/serendipity/htmlarea/plugins/QuickTag/popups/quicktag.html
./public/serendipity/htmlarea/plugins/SpellChecker/aspell_setup.php
./public/serendipity/htmlarea/plugins/SpellChecker/spell-check-logic.php
./public/serendipity/htmlarea/plugins/SpellChecker/spell-check-savedicts.php
./public/serendipity/htmlarea/popups/fullscreen.html
./public/serendipity/include/admin/images.inc.php
./public/serendipity/include/admin/importers/movabletype.inc.php
./public/serendipity/include/admin/importers/voodoopad.inc.php
./public/serendipity/include/admin/overview.inc.php
./public/serendipity/include/compat.inc.php
./public/serendipity/include/functions.inc.php
./public/serendipity/include/functions_comments.inc.php
./public/serendipity/include/functions_config.inc.php
./public/serendipity/include/functions_images.inc.php
./public/serendipity/include/functions_trackbacks.inc.php
./public/serendipity/include/plugin_api.inc.php
./public/serendipity/include/plugin_api_extension.inc.php
./public/serendipity/include/tpl/config_local.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_bg.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cn.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cs.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_cz.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_da.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_de.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_en.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_es.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fa.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fi.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_fr.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_hu.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_is.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_it.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ja.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ko.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_nl.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_no.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pl.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pt.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_pt_PT.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ro.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ru.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_sa.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_se.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_ta.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tn.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tr.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_tw.inc.php
./public/serendipity/lang/UTF-8/serendipity_lang_zh.inc.php
./public/serendipity/lang/serendipity_lang_bg.inc.php
./public/serendipity/lang/serendipity_lang_cn.inc.php
./public/serendipity/lang/serendipity_lang_cs.inc.php
./public/serendipity/lang/serendipity_lang_cz.inc.php
./public/serendipity/lang/serendipity_lang_da.inc.php
./public/serendipity/lang/serendipity_lang_de.inc.php
./public/serendipity/lang/serendipity_lang_en.inc.php
./public/serendipity/lang/serendipity_lang_es.inc.php
./public/serendipity/lang/serendipity_lang_fa.inc.php
./public/serendipity/lang/serendipity_lang_fi.inc.php
./public/serendipity/lang/serendipity_lang_fr.inc.php
./public/serendipity/lang/serendipity_lang_hu.inc.php
./public/serendipity/lang/serendipity_lang_is.inc.php
./public/serendipity/lang/serendipity_lang_it.inc.php
./public/serendipity/lang/serendipity_lang_ja.inc.php
./public/serendipity/lang/serendipity_lang_ko.inc.php
./public/serendipity/lang/serendipity_lang_nl.inc.php
./public/serendipity/lang/serendipity_lang_no.inc.php
./public/serendipity/lang/serendipity_lang_pl.inc.php
./public/serendipity/lang/serendipity_lang_pt.inc.php
./public/serendipity/lang/serendipity_lang_pt_PT.inc.php
./public/serendipity/lang/serendipity_lang_ro.inc.php
./public/serendipity/lang/serendipity_lang_ru.inc.php
./public/serendipity/lang/serendipity_lang_sa.inc.php
./public/serendipity/lang/serendipity_lang_se.inc.php
./public/serendipity/lang/serendipity_lang_ta.inc.php
./public/serendipity/lang/serendipity_lang_tn.inc.php
./public/serendipity/lang/serendipity_lang_tr.inc.php
./public/serendipity/lang/serendipity_lang_tw.inc.php
./public/serendipity/lang/serendipity_lang_zh.inc.php
./public/serendipity/plugins/serendipity_event_bbcode/serendipity_event_bbcode.php
./public/serendipity/plugins/serendipity_event_blogpdf/serendipity_event_blogpdf/gif.php
./public/serendipity/plugins/serendipity_event_google_sitemap/serendipity_event_google_sitemap.php
./public/serendipity/plugins/serendipity_event_guestbook/serendipity_event_guestbook.php
./public/serendipity/plugins/serendipity_event_karma/serendipity_event_karma.php
./public/serendipity/plugins/serendipity_event_mailer/UTF-8/lang_fr.inc.php
./public/serendipity/plugins/serendipity_event_mailer/lang_fr.inc.php
./public/serendipity/plugins/serendipity_event_mailer/serendipity_event_mailer.php
./public/serendipity/plugins/serendipity_event_recaptcha/recaptcha/recaptchalib.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_cs.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_cz.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/UTF-8/lang_ja.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_cs.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_cz.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_en.inc.php
./public/serendipity/plugins/serendipity_event_spamblock/lang_ja.inc.php
./public/serendipity/plugins/serendipity_event_spamblock_bayes/serendipity_event_spamblock_bayes.php
./public/serendipity/plugins/serendipity_event_spartacus/serendipity_event_spartacus.php
./public/serendipity/plugins/serendipity_event_suggest/serendipity_event_suggest.php
./public/serendipity/plugins/serendipity_event_suggest/serendipity_event_suggest/serendipity_event_suggest.php
./public/serendipity/plugins/serendipity_event_textwiki/UTF-8/lang_pt_PT.inc.php
./public/serendipity/plugins/serendipity_event_textwiki/lang_pt_PT.inc.php
./public/serendipity/plugins/serendipity_event_todolist/serendipity_event_todolist/serendipity_event_todolist.php
./public/serendipity/plugins/serendipity_event_usergallery/JPEG_TOOLKIT/EXIF.php
./public/serendipity/plugins/serendipity_event_usergallery/JPEG_TOOLKIT/Photoshop_IRB.php
./public/serendipity/plugins/serendipity_event_usergallery/plugin_usergallery.tpl
./public/serendipity/plugins/serendipity_event_usergallery/plugin_usergallery_imagedisplay.tpl
./public/serendipity/plugins/serendipity_event_userprofiles/serendipity_event_userprofiles/Contact_Vcard_Build.php
./public/serendipity/plugins/serendipity_event_userprofiles/serendipity_event_userprofiles/serendipity_event_userprofiles.php
./public/serendipity/plugins/serendipity_plugin_adduser/serendipity_plugin_adduser/common.inc.php
./public/serendipity/templates/default/admin/media_items.tpl
./public/serendipity/templates_c/btemplate.php
./public/serendipity/templates_c/bulletproof^%%6D^6DE^6DE17693%%entries.tpl.php
The best,
~Ed
~Ed
Re: Save what files to wipe & install new SY9?
I can not really believe all these files been hacked to be eval and carry a virus. Maybe some. But this list is so weird, that maybe your server admin is a little overworried too and did not verify what he found.
Since having had that Xinha issue, fixed with 1.5.5, I never heard again of hacked Serendipity Blogs by later Serendipity versions, beside of people carrying rest vulnerabilities with them. But that would not correspond with your list. Hacking Serendipity was possible later too, but much more for real specialists. So the cause of this flaw(s) is more or less somewhere else, I assume.
Since having had that Xinha issue, fixed with 1.5.5, I never heard again of hacked Serendipity Blogs by later Serendipity versions, beside of people carrying rest vulnerabilities with them. But that would not correspond with your list. Hacking Serendipity was possible later too, but much more for real specialists. So the cause of this flaw(s) is more or less somewhere else, I assume.
Regards,
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Save what files to wipe & install new SY9?
This can very easily be a worm that used FTP credentials and simply iterated directories.
No worries though. The EASIEST way is always this: Simple re-upload all files that come with a Serendipity release to your server, overwriting all existing files.
ONLY if you manually ever edited those files, you would need to insert your changes into the files you changed. However, Serendipity is really built so that you would rarely ever need to edit core files - so that rarely applies.
Now to your specific list of files: YES, do DELETE all of the files that are listed there. After that, re-upload all files from Serendipity 1.7.8 to your webspace. (Some of the files mentioned will no longer be contained in the 1.7.8 release file, this is the reason you need to delete the listed files first). To be sure, make a backup of those files, just in case you did edit manually one of them and need to restore changes at some point.
After you have done that: Immediately scan for virusses on your PC(s), change the password for FTP/SSH to your server and then change the login password for Serendipity as well.
HTH,
Garvin
No worries though. The EASIEST way is always this: Simple re-upload all files that come with a Serendipity release to your server, overwriting all existing files.
ONLY if you manually ever edited those files, you would need to insert your changes into the files you changed. However, Serendipity is really built so that you would rarely ever need to edit core files - so that rarely applies.
Now to your specific list of files: YES, do DELETE all of the files that are listed there. After that, re-upload all files from Serendipity 1.7.8 to your webspace. (Some of the files mentioned will no longer be contained in the 1.7.8 release file, this is the reason you need to delete the listed files first). To be sure, make a backup of those files, just in case you did edit manually one of them and need to restore changes at some point.
After you have done that: Immediately scan for virusses on your PC(s), change the password for FTP/SSH to your server and then change the login password for Serendipity as well.
HTH,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Re: Save what files to wipe & install new SY9?
Thanks Ian and Garvin,
This will be easier.
The best,
~Ed
This will be easier.
The best,
~Ed
The best,
~Ed
~Ed
Re: Save what files to wipe & install new SY9?
I worked at deleting the infected files and re-installing new files from 1.7.8. My service re-enabled all the files but my blog came up as a blank page. Went to the admin suite and tested with the Installation Integrity module. Found I still had dozens of files which were corrupt or modified. Used this list to again write over all these files. In fact, transferred the entire plugins folder since it seemed each of those files was infected.
Ran the Installation Integrity again but this time the test would not complete and the Admin Suite no longer appears, it is a blank page too. Thought I would upgrade to 1.7.8 and saw that you need the Admin Suite to do it.
I have kept serendipity_config-local.inc.php so I have all the db credentials. The following is the .htaccess, I don't remember all the rewrites in it and perhaps it is corrupt.
# BEGIN s9y
ErrorDocument 404 /serendipity/index.php
DirectoryIndex /serendipity/index.php
php_value session.use_trans_sid 0
php_value register_globals off
Options -MultiViews
RewriteEngine On
RewriteBase /serendipity/
RewriteRule ^serendipity_admin.php serendipity_admin.php [NC,L,QSA]
RewriteRule ^((archives/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+\.html)/?) index.php?/$1 [NC,L,QSA]
RewriteRule ^(authors/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/categories/([0-9;]+)\-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/authors/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(categories/([0-9;]+)\-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^archives([/A-Za-z0-9]+)\.html index.php?url=/archives/$1.html [NC,L,QSA]
RewriteRule ^([0-9]+)[_\-][0-9a-z_\-]*\.html index.php?url=$1-article.html [L,NC,QSA]
RewriteRule ^feeds/(.*) index.php?url=/feeds/$1 [L,QSA]
RewriteRule ^unsubscribe/(.*)/([0-9]+) index.php?url=/unsubscribe/$1/$2 [L,QSA]
RewriteRule ^approve/(.*)/(.*)/([0-9]+) index.php?url=approve/$1/$2/$3 [L,QSA]
RewriteRule ^delete/(.*)/(.*)/([0-9]+) index.php?url=delete/$1/$2/$3 [L,QSA]
RewriteRule ^(admin|entries)(/.+)?$ index.php?url=admin/ [L,QSA]
RewriteRule ^archive/? index.php?url=/archive [L,QSA]
RewriteRule ^(index|atom[0-9]*|rss|b2rss|b2rdf).(rss|rdf|rss2|xml) rss.php?file=$1&ext=$2
RewriteRule ^(plugin|plugin)/(.*) index.php?url=$1/$2 [L,QSA]
RewriteRule ^search/(.*) index.php?url=/search/$1 [L,QSA]
RewriteRule ^comments/(.*) index.php?url=/comments/$1 [L,QSA]
RewriteRule ^(serendipity\.css|serendipity_admin\.css)$ index.php?url=/$1 [L,QSA]
RewriteRule ^index\.(html?|php.+) index.php?url=index.html [L,QSA]
RewriteRule ^htmlarea/(.*) htmlarea/$1 [L,QSA]
#RewriteCond %{REQUEST_URI} !-U
RewriteRule (.*\.html?) index.php?url=/$1 [L,QSA]
<Files *.tpl.php>
deny from all
</Files>
<Files *.tpl>
deny from all
</Files>
<Files *.sql>
deny from all
</Files>
<Files *.inc.php>
deny from all
</Files>
<Files *.db>
deny from all
</Files>
# END s9y
#SPAMDENY
Deny From 193.201.224.76 195.211.155.154 27.254.82.17 5.254.133.99 54.88.135.154 91.200.13.87 91.200.14.55
#/SPAMDENY
Any other ideas before I attempt a complete re-installation? Thanks very much.
Ran the Installation Integrity again but this time the test would not complete and the Admin Suite no longer appears, it is a blank page too. Thought I would upgrade to 1.7.8 and saw that you need the Admin Suite to do it.
I have kept serendipity_config-local.inc.php so I have all the db credentials. The following is the .htaccess, I don't remember all the rewrites in it and perhaps it is corrupt.
# BEGIN s9y
ErrorDocument 404 /serendipity/index.php
DirectoryIndex /serendipity/index.php
php_value session.use_trans_sid 0
php_value register_globals off
Options -MultiViews
RewriteEngine On
RewriteBase /serendipity/
RewriteRule ^serendipity_admin.php serendipity_admin.php [NC,L,QSA]
RewriteRule ^((archives/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+\.html)/?) index.php?/$1 [NC,L,QSA]
RewriteRule ^(authors/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/categories/([0-9;]+)\-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(feeds/authors/([0-9]+)\-[0-9a-z\.\_!;,\+\-\%]+\.rss) index.php?/$1 [NC,L,QSA]
RewriteRule ^(categories/([0-9;]+)\-[0-9a-z\.\_!;,\+\-\%]+) index.php?/$1 [NC,L,QSA]
RewriteRule ^archives([/A-Za-z0-9]+)\.html index.php?url=/archives/$1.html [NC,L,QSA]
RewriteRule ^([0-9]+)[_\-][0-9a-z_\-]*\.html index.php?url=$1-article.html [L,NC,QSA]
RewriteRule ^feeds/(.*) index.php?url=/feeds/$1 [L,QSA]
RewriteRule ^unsubscribe/(.*)/([0-9]+) index.php?url=/unsubscribe/$1/$2 [L,QSA]
RewriteRule ^approve/(.*)/(.*)/([0-9]+) index.php?url=approve/$1/$2/$3 [L,QSA]
RewriteRule ^delete/(.*)/(.*)/([0-9]+) index.php?url=delete/$1/$2/$3 [L,QSA]
RewriteRule ^(admin|entries)(/.+)?$ index.php?url=admin/ [L,QSA]
RewriteRule ^archive/? index.php?url=/archive [L,QSA]
RewriteRule ^(index|atom[0-9]*|rss|b2rss|b2rdf).(rss|rdf|rss2|xml) rss.php?file=$1&ext=$2
RewriteRule ^(plugin|plugin)/(.*) index.php?url=$1/$2 [L,QSA]
RewriteRule ^search/(.*) index.php?url=/search/$1 [L,QSA]
RewriteRule ^comments/(.*) index.php?url=/comments/$1 [L,QSA]
RewriteRule ^(serendipity\.css|serendipity_admin\.css)$ index.php?url=/$1 [L,QSA]
RewriteRule ^index\.(html?|php.+) index.php?url=index.html [L,QSA]
RewriteRule ^htmlarea/(.*) htmlarea/$1 [L,QSA]
#RewriteCond %{REQUEST_URI} !-U
RewriteRule (.*\.html?) index.php?url=/$1 [L,QSA]
<Files *.tpl.php>
deny from all
</Files>
<Files *.tpl>
deny from all
</Files>
<Files *.sql>
deny from all
</Files>
<Files *.inc.php>
deny from all
</Files>
<Files *.db>
deny from all
</Files>
# END s9y
#SPAMDENY
Deny From 193.201.224.76 195.211.155.154 27.254.82.17 5.254.133.99 54.88.135.154 91.200.13.87 91.200.14.55
#/SPAMDENY
Any other ideas before I attempt a complete re-installation? Thanks very much.
The best,
~Ed
~Ed
Re: Save what files to wipe & install new SY9?
only this new or - like Garvin wrote -ed587 wrote:I worked at deleting the infected files and re-installing new files from 1.7.8.
all files of 1.7.8?garvinhicking wrote:do DELETE all of the files that are listed there. After that, re-upload all files from Serendipity 1.7.8 to your webspace.
If doing this by FTP, you should use a programm which is able to force overwrite and automatic binary uploads, like FileZilla.
Totally blank pages mean a fatal error, which is logged to the server logs, commonly access.log and error.log. Ask you ISP to give you that information.ed587 wrote:My service re-enabled all the files but my blog came up as a blank page.
No wonder, since you did not have upgraded yet. The terms corrupt or modified just mean, that they are not the same any more by date, or size, as from last successful installed release upgrade, which is checked by a checksum comparison.ed587 wrote:Went to the admin suite and tested with the Installation Integrity module. Found I still had dozens of files which were corrupt or modified.
No, since that was the main idea before. Always upload all files! (After having saved a backup copy of all files you might had changed yourself before.)ed587 wrote:Used this list to again write over all these files. In fact, transferred the entire plugins folder since it seemed each of those files was infected.
Ran the Installation Integrity again but this time the test would not complete and the Admin Suite no longer appears, it is a blank page too. Thought I would upgrade to 1.7.8 and saw that you need the Admin Suite to do it.
Any other ideas before I attempt a complete re-installation? Thanks very much.
The htaccess looks ok for me, if your IP isn't blocked in the SPAMDENY, which part could be just wiped out.
I asssume if not being a matter of false FTP upload, the fatal error is because of not updated plugins.
Regards,
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Re: Save what files to wipe & install new SY9?
Timbalu,
Thank you for the step by step anwers, I went through the files again, found some I had not deleted, deleted them and uploaded new files from 1.7.8. My blog comes up as does the Admin Suite. I have problems with the plugins. Most of my plugins now come up as errors where the plugins should be on the Configure Plugins page in the Admin Suite. Errors like: Error!
Error: serendipity_plugin_photoblog:7fd466cd714...
I was going to try re-installing but many of them are not available in the list on the install plugin page. I don't see the option to install from a downloaded plugin.
I also need to get my Guestbook working. Any help will be greatly appreciated.
Thank you for the step by step anwers, I went through the files again, found some I had not deleted, deleted them and uploaded new files from 1.7.8. My blog comes up as does the Admin Suite. I have problems with the plugins. Most of my plugins now come up as errors where the plugins should be on the Configure Plugins page in the Admin Suite. Errors like: Error!
Error: serendipity_plugin_photoblog:7fd466cd714...
I was going to try re-installing but many of them are not available in the list on the install plugin page. I don't see the option to install from a downloaded plugin.
I also need to get my Guestbook working. Any help will be greatly appreciated.
The best,
~Ed
~Ed
Re: Save what files to wipe & install new SY9?
So you did upload ALL files at the very end, did you?!ed587 wrote:Thank you for the step by step anwers, I went through the files again, found some I had not deleted, deleted them and uploaded new files from 1.7.8.
I think you did not, since your blog is still announcing itself as Serendipity v.1.6.2.
You can do this by hand either via Spartacus Web online repository downloads http://spartacus.s9y.org/ and uploading them manually one by oneed587 wrote:My blog comes up as does the Admin Suite. I have problems with the plugins. Most of my plugins now come up as errors where the plugins should be on the Configure Plugins page in the Admin Suite. Errors like: Error!
Error: serendipity_plugin_photoblog:7fd466cd714...
I was going to try re-installing but many of them are not available in the list on the install plugin page. I don't see the option to install from a downloaded plugin.
I also need to get my Guestbook working. Any help will be greatly appreciated.
or by installing the Spartacus serendipity_event_spartacus plugin, which is its online in-blog variation and a very recommended 'must have' plugin. Then you can upgrade your plugins one by one on click, via the "rose" upgrade buttons on top of plugin administration.
Though 1.7 Series has come into years and continuously has been upgrading and modifying plugins which were noted to not work, there might still be plugins out in the wild, which will not work properly. Come back if that is the case, with detailed errors etc.
Regards,
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Ian
Serendipity Styx Edition and additional_plugins @ https://ophian.github.io/ @ https://github.com/ophian
Re: Save what files to wipe & install new SY9?
Ian & Garvin,
Thanks very much for helping me get the blog up and running again which it is with Serendipity 1.7.8. I've re-installed the plugins I wanted and all those are running correctly. I was about to abandon all hope when I started this thread. Thanks again for your patience and help.
Thanks very much for helping me get the blog up and running again which it is with Serendipity 1.7.8. I've re-installed the plugins I wanted and all those are running correctly. I was about to abandon all hope when I started this thread. Thanks again for your patience and help.
The best,
~Ed
~Ed