Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Removing Gdocs Directory?

Discussion in 'General Discussion' started by deedubbleyew, Apr 7, 2019.

  1. deedubbleyew

    deedubbleyew Member

    Joined:
    Apr 7, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Warning...you are dealing with a very inexperienced, somewhat inept person when it comes to tech-speak.
    I try...but I have no problem admitting my lack of understanding...please be tolerant.
    ......................................

    I have a small smf Forum and a single webpage hosted on a friends Gator Hosting account.
    His contribution to our group.
    Had it for years...I have my own domain name and own private access to my own c-panel.
    Nobody else maintains it.

    A couple of years back, I was in the File Manager for some reason and I found all these files and folders called gdoc.
    They seem to have grown...I now have at least three areas full of folders, which are full of gdocs.

    And there are dozens/hundreds of sub-folders, full of these gdoc files (images and scripts)

    What are they? How did they get there? Who put them there?
    Why do I need them...and what can I/should I delete?

    Disk Space is an issue...I'm trying to clean out unnecessary stuff.
    I've had to ask for more space twice from the owner
    Thats another reason I am here...to ask about Logs and Temp files.
    But first, I want to deal with these gdoc files.

    I've added a couple of screengrabs to illustrate what I am talking about.
    Thanks for any advice.
    gdoc folders.jpg gdoc files.jpg gdoc folders.jpg
     
  2. deedubbleyew

    deedubbleyew Member

    Joined:
    Apr 7, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Just so i don't sound like a complete idiot, I am aware that gdoc is google document.
    I have searched for a basic understanding of what google document is.
    I still think its google phishing for statistics and covertly monitoring web traffic.

    I just want to know if I can remove some or all of these things, and how...or why I shouldn't?
     
  3. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @deedubbleyew

    Unfortunately, I can't tell you if you should remove them or not, I can tell you that they aren't something inherently supplied with cPanel so they would have to be associated with the site in some way.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    If it was me, I think I'd simply rename that directory shown in your screenshot to something else and see what breaks on your site. If nothing breaks, leave the directory renamed over night. They've been there for a years, another night can't hurt too much. ;)

    Are any of the files recent by timestamp? Can you view the contents of any of the files?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    cPanelLauren likes this.
  5. deedubbleyew

    deedubbleyew Member

    Joined:
    Apr 7, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    That makes sense.
    I'm not sure exactly which gdoc folders you are suggesting I rename...or all three of them?
    My first image shows the entire file manager tree, with the areas expanded that contain related gdoc folders.
    Sorry for my ineptitude.

    In most of the subfolders, you will see a set of php files. repeated over and over.
    aol, gmail, hotmail, yahoo, index, etc

    I never really examined the dates before...I saw all kinds of dates.
    The earliest "last modified" dates are from March and April 2014...theres a lot of of those.

    Then, the rest are from Mar 16-23 of 2018.
    The majority of the files I can see are from those dates and nothing else.
    And I don't see anything newer than that.

    These are php (script?) and I have no idea how to use them or open them.
    I tried sending a copy of one of the folders to someone who wanted to examine them.
    He could not receive them (anti malware alerts went off).
    I tried zipping and storing a folder on mediafire...and then sharing a download link...he couldn't download. Malware alerts again.

    I'm afraid to touch them.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yes, renaming each directory, right where it's at, might be the easiest place to start.

    Going by that first image, I would rename that "file" directory, "Box" directory, and "login" directory, to, .fileDEAD, .BoxDEAD, .loginDEAD so I knew which ones I changed. Adding the dot at the start can't hurt.

    That said, your forum account lists you as Website Owner. You should get in touch with your Hosting Provider and let them know you've got some mysterious files and directories on your account. I'm sure they'd like to have a closer look, too.

    Good luck with this.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. deedubbleyew

    deedubbleyew Member

    Joined:
    Apr 7, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    I will try what you have suggested...thank you.

    I renamed the directories...adding the dot before the name, just made the files disappear.
    I had to turn on "see hidden files" to get them back! panic!

    The host is Gator (I think thats what it is called).
    As I mentioned, its not my hosting plan.
    The guy I work for sublets to various people in my/our hobby.
    He donated this hosting to me for the forum I run (related to our hobby). [- Removed -]
    I supplied a domain name, and then he gave me a C-Panel account,
    and I have maintained it ever since.

    Last week, the site was shut down and he was sent a warning of a particular phishing file.
    He then contacted me. to explain.
    I went in and removed the malware and took a look around for anything else.
    I found nothing else out of concern...other than the gdocs, which I already knew were there.
    Once we were sure everything looked okay, he requested the necessary "security check".

    They approved and lifted the suspension the next day.
    But we also asked them about the malware and the gdocs.
    The response was "for a fee, we can investigate the malware attack".
    Thats it, thats all they will agree to, and thats all they offer as support.
     
    #7 deedubbleyew, Apr 10, 2019
    Last edited by a moderator: Apr 10, 2019
  8. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Yep, sorry I failed to mention that. That's the idea, makes them unavailable for access. Leave things go overnight now and see if you notice any issues with the site or new errors in your cPanel Error logs in your cPanel. Assuming you have access to those.

    This account has apparently been compromised at some point. That's no good. Being new and/or inexperienced with this sort of thing, the chances of you removing a file or two and everything going back to normal, are slim. If you're not interested in paying for that Hosting Providers support (I would if I was in your shoes), you might like to know about these listings, you could hire a 3rd party to assist you with this instead:

    System Administration Services | cPanel Forums

    That's pretty much all we can do for you here on these forums as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. deedubbleyew

    deedubbleyew Member

    Joined:
    Apr 7, 2019
    Messages:
    5
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Canada
    cPanel Access Level:
    Website Owner
    Thanks for the advice...

    after renaming the three directories (related to the gdocs) I went through my site.
    I didn't find any errors or anything out place.
    I informed my Mods to keep an eye out and report...but they found nothing.

    After 24 hours I deleted the renamed folders.

    (yes, I did zip, download and save the files first)

    Everything is still working fine.
    We'll see how it goes.

    I am not hearing good things about HostGator, so I am considering moving the sites.
    But I will wait a few months to make sure there are no further attacks or gdoc recurrences.
     
    Infopro likes this.
  10. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Good news then! Thanks for posting back.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice