Topic: out.php looks infected

[gerd]

this week i realised that every second time when I clicked on a thumb i got redirected to http://itrxx.com/fr.php.
first i thought smart thumbs was hacked. but it was not.

then i replaced trade pulse with a different trade script and the redirect was completely gone.
so i have disabled trade pulse completely now on my server.

my tp/out.php looks infected.
i have attached the file to this thread.


might it be possible that this file is infected?
maybe you could give me some tips that this will not happen again.

[Andrew]

Well I'm not from TP but for a start there must be something odd going on because out.php is supposed to be Zend encoded - and the attached file is not.

Personally I would delete that TP install asap and do a fresh install from the scriptpulse site - and check that the files are properly encoded

[ip0li]

Hi, this exploit happens because of other scripts on your server and it simply targets TP out.php since its used on MANY sites with MANY traffic hence attack makes sense.

To solve this issue ask your host to secure your server, update all scripts to latest versions, remove unneeded scripts and make sure all is 500% clean before doing UPDATE of tp, you can update TP by going into tools/updater, and it will replace out.php with original one.