cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

webformmailer.php

I have a file in my root, called   "webformmailer.php"

 

this is a link file, with access rwxrwxrwx, so everyone can read/write/execute the file

 

I also have a file "feedback.php" which doesn't seem to explicitly call the "webformmailer.php" file

 

when I change the name of the "webformmailer.php" file, then change it back to "webformmailer.php", my feedback.php file stops working and throws up errors

 

I would like to delete the "webformmailer.php" file, but I suspect my feedback.php file would stop working if I did so

 

so, questions ; what is the "webformmailer.php" for, what does it do, can it be renamed / deleted? it currently has access "rwxrwxrwx" which worries me because it means anyone can write to this file; should I change the access to something else, eg to allow only user access and not group/everyone?

 

Recently I had my website hacked, and all this is the fall out.

 

Thanks for help.

9 REPLIES 9
Helper VI
Helper VI

Re: webformmailer.php

@tadeusz what do you use for your site? A CMS, custom code, a mix of both?

 

Did you have those files before it was hacked?

 

I'd recommend you to tar them, and then delete both. If something stops working, you should check the code inside those files. (Actually, you should check all your code, since it got hacked, you may find some vulnerabilities which allowed the attack to happen in the first place).

 

Hope it helps!

 

If you find my replies helpful, give me a like or kudo 🙂
And if I solved your issue, mark it as solution 😄

Re: webformmailer.php


ANSWERS IN CAPITAL LETTERS IN TEXT

@jpablo wrote:

@tadeusz what do you use for your site? A CMS, custom code, a mix of both?

 

MOSTLY HAND CODED HTML + PHP (NOT CMS)

 

Did you have those files before it was hacked?

 

"feedback.php" - YES

 

"webformmailer.php" - NO

 

I'd recommend you to tar them, and then delete both. If something stops working, you should check the code inside those files. (Actually, you should check all your code, since it got hacked, you may find some vulnerabilities which allowed the attack to happen in the first place).

 

THE FILE "feedback.php" IS NOT FAULTY. I HAVE A COPY ON MY LOCAL COMPUTER OF THIS FILE DATING BACK TO 2008

 

 THE FILE "webformmailer.php" MAY BE FAULTY. IT DOES NOT APPEAR ON MY LOCAL COMPUTER. ON MY FTP FILE LIST, IT SHOWS AS TYPE "LINK". IT HAS PERMISSIONS RWX-RWX-RWX

 

DO YOU HAVE ACCESS TO THE FILESYSTEM FOR MY ACCOUNT? IDEALLY I WOULD LIKE FOR A GODADDY EMPLOYEE / EXPERT TO TAKE A LOOK AT "webformmailer.php" AND TELL ME WHAT ITS FUNCTION IS, AND WHETHER IT CAN BE DELETED

 

THANKS FOR YOUR HELP


 

Helper VI
Helper VI

Re: webformmailer.php

@tadeusz I see...

I'm not a GD employee, I'm a member like you.

But, I have found this in the GD help section. So it seems to be a GD file.

Are you using Classic Hosting?

 

Hope it helps!

 

If you find my replies helpful, give me a like or kudo 🙂
And if I solved your issue, mark it as solution 😄

Re: webformmailer.php


@jpablo wrote:

@tadeusz I see...

I'm not a GD employee, I'm a member like you.

But, I have found this in the GD help section. So it seems to be a GD file.

Are you using Classic Hosting

Yes, I am using Classic Hosting;   "Hosting - Classic - Deluxe - Linux - Renewal - 2 years (recurring)"

 

If I upgrade to a newer hosting plan, do you think that would solve the issue? maybe the Deluxe Linux plan?

 

on;   https://ca.godaddy.com/help/using-our-php-form-mailers-on-web-and-classic-hosting-8376

it says; "<form action="/webformmailer.php" method="post">"

 

my feedback.php file contains;

 

<form id="mailform" name="mailform" method="post" action="feedthanks.php" onsubmit="return validateForm(this);">

 

in other words, it does not use webformmailer.php

 

I think the first step might be to upgrade to a new hosting plan. With luck that might get rid of the "webformmailer.php" file.

 

What's your opinion, is that a sensible first step?

Helper VI
Helper VI

Re: webformmailer.php

@tadeusz In my opinion, the permissions you see are the one's for the symbolic link. Which are correct, since you may want to delete the link if you don't use it.

However, what happens if you try to download the link via FTP? Can you download the symbolic link?

If so, can you open it with a text/hex editor?

 

If you want to upgrade to a newer hosting, that could take care of the file, but I don't see it as a necessary step.

If you find my replies helpful, give me a like or kudo 🙂
And if I solved your issue, mark it as solution 😄

Re: webformmailer.php


@jpablo wrote:

@tadeusz In my opinion, the permissions you see are the one's for the symbolic link. Which are correct, since you may want to delete the link if you don't use it.

However, what happens if you try to download the link via FTP? Can you download the symbolic link?

If so, can you open it with a text/hex editor?

 

I CANNOT DELETE THE SYMBOLIC LINK

 

WHEN I TRY TO DOWNLOAD IT WITH AN FTP CLIENT, I GET;

 

"Can't open webformmailer.php: No such file or directory"

 

WHEN I CHANGE THE FILENAME OF THE "webformmailer.php" FILE TO SOMETHING ELSE, THEN CHANGE IT BACK AGAIN TO "webformmailer.php", THEN MY FEEDBACK.PHP FILE CEASES TO WORK

 

I WOULD LIKE A GD EMPLOYEE TO CHANGE THE FILE NAME, SEE IF IT WORKS WITHOUT THE "webformmailer.php" FILE, THEN CHANGE IT BACK AGAIN IF NECESSARY

 

DO GD TECH SUPPORT EXPERTS TAKE PART IN THIS FORUM, OR SHOULD I CONTACT GD BY EMAIL?

 

TYVM

Helper VI
Helper VI

Re: webformmailer.php

@tadeusz Oh, so you can't delete the script. Well, then I guess you should contact support and ask them about it.

 

My guess is that the file should be fine, since it's a GD script.

Have you determined how your site got hacked in the first place?

 

Hope it helps!

 

If you find my replies helpful, give me a like or kudo 🙂
And if I solved your issue, mark it as solution 😄

Re: webformmailer.php


@jpablo wrote:

@tadeusz Oh, so you can't delete the script. Well, then I guess you should contact support and ask them about it.

 

My guess is that the file should be fine, since it's a GD script.

Have you determined how your site got hacked in the first place?

I tried to give you a "kudos", but the webpage won't allow it.

 

I've gone through my website in detail, and there is nothing suspicious about the current code.

 

I don't know how the site got hacked. I'm worried it might happen again. I have a CAPTCHA script which may be buggy, and a webmail script which I'm unsure about. These are written in PHP, and I don't have detailed understanding of PHP.

 

Perhaps I could hire a programmer to look at the PHP files and tell me if they have Trojans? The hackers did somehow get into my website, and I would like reassurance that the code which allowed that isn't going to cause a repeat.

Helper VI
Helper VI

Re: webformmailer.php

@tadeusz no problem.

 

Can you post your website's domain name? If you prefer, you can send it to me in a private message.

If you find my replies helpful, give me a like or kudo 🙂
And if I solved your issue, mark it as solution 😄