Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Recently I was browsing the web on my netbook, and I clicked a link. It went to Encyclopedia Dramatica, and Epiphany said it downloaded a file called css.php. I thought this was just the website not set up correctly, but Geany opened the file. Since then, I deleted the file, ran chkrootkit, but I was wondering if anyone else knew about it.
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
it's probably just the website not set up correctly, php scripts can't run without a php interpreter even if you did manage to grab the code, and even so are unlikely to contain malicious payloads.
What makes you think it's a virus? More than likely just a poorly written website.
What did the css.php file contain?
Originally I was suspicious as Geany instantly opened it. When I get the PHP files off of my website to work on, it just saves them. It contained something like @FONTTYPE (Probably not FONTTYPE, something like it.) UTF-8
Quote:
Originally Posted by frieza
it's probably just the website not set up correctly, php scripts can't run without a php interpreter even if you did manage to grab the code, and even so are unlikely to contain malicious payloads.
Thanks for the reassurance. I think now that is was just a badly written website.
There's is a 'trick' used by some website designers that use the 'include' function in php to create dynamic css code. (for example, a different theme according to time of day or the season)
It sounds like your browser downloaded this file instead and, because it didn't know what else to do with it, it simply passed it on to the system's default text editor. (geany on your system)
There's is a 'trick' used by some website designers that use the 'include' function in php to create dynamic css code. (for example, a different theme according to time of day or the season)
It sounds like your browser downloaded this file instead and, because it didn't know what else to do with it, it simply passed it on to the system's default text editor. (geany on your system)
Ah, thanks for the explanation. Geany isn't my systems default text editor, but it is default for PHP, C, and C++ files. That explains it, I think.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.