Topic: Didn't upgrade but says I did?

[Shawn]

I haven't upgraded since the switch to ioncube but just realized all my installs say I'm running: Version 1.0.7 build 39 and when I check the updates it says there are no updates... so I'm confused because I KNOW I DIDN'T RUN THE LAST BUNCH OF UPGRADES!  How can I check and see what I'm really running and why's it say I'm up to date??

[ip0li]

1) You are running what it says in HEADER so by what you say u are running latest version.

2) It is impossible script upgraded by itself. We do not have such feature in our script.

[Shawn]

Ok well my server is still getting the same exploits injected into a bunch of my websites as before all the updates and my host says: based on the logs, there appears to be something in a /tp/ directory that appears to be running a remote script.

I know I didn't upgrade because I was waiting to see how the newer versions worked and with the two step upgrade I didn't have time, my host didn't upgrade it so I'm at a loss as to why it would show the latest version.

[ip0li]

Please ask your host to try and locate exploit then you should update(after its cleaned) to latest build. This is ONLY way to deal with it and obviously exploit had to do something with VERSION NUMBER.

cheers

[Shawn]

I've been asking my host since the first time we had problems but everytime they can't find anything except TP folder is suspicious and its zend encoded so they don't know what to look for.  So I'm guessing it's hidden in there somewhere...

[Shawn]

Host says: /tp/top_thumb.php

this appears to be the backdoor

However, it is zend encoded, so, we can't troubleshoot it.

I've done the updates (until the ioncube update) ever since the first time you guys had an exploit so how the hell am I still dealing with this??

[Shawn]

and i can't seem to downgrade or upgrade, says 0 files updated even though there are 3 downgrade options

[Kildoozer]

2 Shawn: contact me for fast check/solution
kildoozer@scriptpulse.com