Malware attack - Can i just delete users?

FireFusion · 2009-11-10 09:41:06

I have a site using TXP 4.0.6 that google is reporting as having a Trojan on. Can I delete all the users in the TXP table via phpmyadmin to lockdown?

Gocom · 2009-11-10 10:09:12

FireFusion wrote:

I have a site using TXP 4.0.6 that google is reporting as having a Trojan on. Can I delete all the users in the TXP table via phpmyadmin to lockdown?

You mean deny users from logging into TXP? Yes.

But that isn’t going to fix the cause. Or did some of your authors upload an infected file? If the infected file is there for a reason (not by upload accident), then you may want to verify your files and change all passwords.

Bloke · 2009-11-10 10:16:37

FireFusion wrote:

Can I delete all the users in the TXP table via phpmyadmin to lockdown?

Seems a bit drastic. I would backup the txp_user table and then set all user privs (bar your own) to 0 instead. At least then all the resources that have been uploaded will still have user logins attached to them so you can do some digging to see who uploaded what (if indeed something dodgy was uploaded via the TXP interface). If you need to delete user accounts you can always do it selectively later once you’ve found the culprit(s) and then reinstate the existing privs from the backup file. And then force all passwords to be reset too as Gocom suggests.

Last edited by Bloke (2009-11-10 10:19:30)

FireFusion · 2009-11-10 10:31:26

I found the files. I suspect it was due to an FTP password leak rather then a TXP problem as the files where uploaded to the root. Am looking into it further.

Textpattern CMS

Textpattern CMS support forum

#1 2009-11-10 09:41:06

Malware attack - Can i just delete users?

#2 2009-11-10 10:09:12

Re: Malware attack - Can i just delete users?

#3 2009-11-10 10:16:37

Re: Malware attack - Can i just delete users?

#4 2009-11-10 10:31:26

Re: Malware attack - Can i just delete users?

Board footer