Mar 25, 2014
So, I run an IPB forum, and recently, my new web hosting provider scanned the server and sent me an email that it found an infected file (layout.php.1448533385_1). They quarantined it, told me to disinfect it and reupload it to the appropriate path using ftp. I have absolutely no clue how to disinfect it because my coding skills are very limited and I don't know what to do.

Can you guys help me? I can attach the file here if you want.


New Member
Feb 19, 2015
I could take a look at it, but, it's important to be able to determine -how- the file became infected in the first place, because, if the cause of the infection isn't addressed, the file will likely become infected again in the future.

If you could attach the file here, that would help, but also, if it's okay, I'd like to ask you a few questions, too.

1. Have you checked the version of your IPB forum software to ensure that you're running the latest version?

2. Are you running any plugins, extensions or mods for your IPB forum software?

2A. If yes, have you checked to ensure that you're running the latest version of those plugins, extensions and/or mods?

2B. Have you tried searching Google for (for each plugin, extension and mod that you run):

"name of plugin/mod/extension" +"vulnerability"
..To see if anything insightful appears (to suggest possible exploits or vulnerabilities that may exist in that software)?

3. What other software, unrelated to IPB, are you running from your webhosting package?

4. Are the passwords for your webhosting, your FTP, and the email address associated with your webhosting package secured, and do you use those same passwords elsewhere?