For some time now I've been struggling with a weird problem.
chronocontact.html.php disappears
Even if I copy this file and rename it chronocontact2.html.php for example it still gets deleted in about 3 to 6 hours.
Why? No other files are touched no trace in access log files. How can this be???
Thanks.
Hi raifs ,
Sorry, I've no idea, I don't recall anything like that being reported here before and I can’t think of any obvious explanation. Have you asked your ISP/hosting company for help?
Bob
No I haven't asked.
But there must be something with this file... no other file are touched and even if I rename the file it still gets deleted. If it is an attack or something similar they couldn't delete the renamed file - how would they know?
You have an encoded line inside the file - maybe there's something to do with that...?
I just can't figure out why only chronocontact.html.php gets deleted...
Hi raifs & Bob,
The first thing that comes to mind for me, is that an antivirus cronjob removes the file as a suspected virus/malvare. It is most likely the "eval(base64_decode(..." piece of code triggering the AV scanner, as this is a common technique to hide code from the user.
The hidden code in this case is rather harmless (though perhaps not 100% GPL-kosher), but these AV filters usually trigger on the actual hiding of the code itself - not what the hidden code does.
/Fredrik
Hi Fredrik,
thanks for the information. Never thought of that. I will try to find out if that is the case.
Thanks again.
Raifs
Hi Fredrik,
Good catch. That makes sense - and didn't cross my mind as a possibility. I'd forgotten about the base64 encoded problems.
Bob
Yes,
it was an antivirus who deleted this file. Hosting company said "Regular expression match = [decode regex]" and they added this file to their safe list. So i think that solves my problem.
Thanks.
Kinda weird that no one else had this issue:)
Regards,
Raifs
Hi Raifs,
Not vanishing files - we did have some problems with an anti-virus scanner a few months ago but that gave an error report. Perhpas I should have put two and two together though.
Bob
Hi Nibinaear ,
Thanks for the info. The file may be suspicious but it isn't malicious. This is a false report and your webhost should reinstate the file and whielist ti to prevent further errors.
That said if you aren't using ChronoForms then uninstall it and all will be well.
Bob
good morning
chronocontact.html.php the file is locked and deleted.
Hosting has determined that the file can not be inserted in the files considered reliable because it potentially harmful.
They asked to edit the file.
Please make the change as soon as possible.
Hi Vito,
I have already replied to your email and on Skype. This file is not malicious, does not contain a virus and the correct answer is for your web host to white-list it in their virus scanner software.
If they won't do that then you should change web host as soon as possible,
Bob