PHP in resources folder

Chris, Did you update to 2.8.18, because there is a new feature which was added to this update

• Adds a Health Check scan for PHP files in the resources folder

See MORE at https://grabaperch.com/update

I found the file, its called 'cantseeme.phtml'. This is not a file I put there. Ive copied it to my local machine but removed it from the server and the error is gone. Any idea what this is though?

I would check to see if .phtml files execute on your web server (ie. if the file is there, if you click on it do you see a page or do you just see the code, or nothing?) If you see a page, then you should assume that an attack has been made on your server. If it doesn't execute, then you have nothing to worry about.

One of my clients who was on a server that did allow this script to function saw them investigate any text files on the server that may have password details, saw them grab the SQL details from Perch config and do a dump of the database, and then try to install software that would enable them to launch attacks on other websites from that server. This was all visible from the raw log files of the web server. So if the script does execute, you might want to check your log files for the time the file was uploaded and alert your host to the activity.

Rachel - it only appeared after I did the Perch update, not before.

Mallen - thanks for the info. I'm afraid I don't understand most of what you just said! However I removed the file and the site appears to be working fine, so Im hoping I wont have to worry about it

Robert Ketter said:

Chris, Did you update to 2.8.18, because there is a new feature which was added to this update

• Adds a Health Check scan for PHP files in the resources folder

See MORE at https://grabaperch.com/update

Oh I see - sorry Im being slow. OK thats cool. Thanks both :)