Client Security Breach


(Chet) #1

One of my clients had a security breach on the owner’s email account. The account had the credentials for their web server/FTP accounts and they’re getting warnings from their web host that there was a php injection attack on the site.

I built the website using Foundry and Stacks. It was updated earlier this year using RW8.

They’ve asked me to delete all of the files on the server and republish all files. I believe they are on an an Apache server and I’m nervous to just delete all, especially since I usually hang out in the html folder.

Can you tell me if it’s safe to delete the following files/folders?

  • zshrc
  • bashrc
  • bash_profile
  • bash_logout
  • cgi-bin (Folder that is empty w/ no invisible files when browsing in Transmit)
  • data (Folder that is empty w/ no invisible files when browsing in Transmit)
  • pub (Folder that is empty w/ no invisible files when browsing in Transmit)
  • report (Folder that is empty w/ no invisible files when browsing in Transmit)

Thanks!


(Doug Bennett) #2

I wouldn’t delete anything other than what you are going to replace when You republish all files. Stay with html folder.


(system) #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.