SOLVED Removing Gdocs Directory?

[deedubbleyew]

Warning...you are dealing with a very inexperienced, somewhat inept person when it comes to tech-speak.
I try...but I have no problem admitting my lack of understanding...please be tolerant.
......................................

I have a small smf Forum and a single webpage hosted on a friends Gator Hosting account.
His contribution to our group.
Had it for years...I have my own domain name and own private access to my own c-panel.
Nobody else maintains it.

A couple of years back, I was in the File Manager for some reason and I found all these files and folders called gdoc.
They seem to have grown...I now have at least three areas full of folders, which are full of gdocs.

And there are dozens/hundreds of sub-folders, full of these gdoc files (images and scripts)

What are they? How did they get there? Who put them there?
Why do I need them...and what can I/should I delete?

Disk Space is an issue...I'm trying to clean out unnecessary stuff.
I've had to ask for more space twice from the owner
Thats another reason I am here...to ask about Logs and Temp files.
But first, I want to deal with these gdoc files.

I've added a couple of screengrabs to illustrate what I am talking about.
Thanks for any advice.

 

[deedubbleyew]

Just so i don't sound like a complete idiot, I am aware that gdoc is google document.
I have searched for a basic understanding of what google document is.
I still think its google phishing for statistics and covertly monitoring web traffic.

I just want to know if I can remove some or all of these things, and how...or why I shouldn't?

 

[cPanelLauren]

Hi @deedubbleyew

Unfortunately, I can't tell you if you should remove them or not, I can tell you that they aren't something inherently supplied with cPanel so they would have to be associated with the site in some way.

 

[Infopro]

A couple of years back, I was in the File Manager for some reason and I found all these files and folders called gdoc.
They seem to have grown...I now have at least three areas full of folders, which are full of gdocs.

If it was me, I think I'd simply rename that directory shown in your screenshot to something else and see what breaks on your site. If nothing breaks, leave the directory renamed over night. They've been there for a years, another night can't hurt too much.

Are any of the files recent by timestamp? Can you view the contents of any of the files?

 

[deedubbleyew]

That makes sense.
I'm not sure exactly which gdoc folders you are suggesting I rename...or all three of them?
My first image shows the entire file manager tree, with the areas expanded that contain related gdoc folders.
Sorry for my ineptitude.

In most of the subfolders, you will see a set of php files. repeated over and over.
aol, gmail, hotmail, yahoo, index, etc

I never really examined the dates before...I saw all kinds of dates.
The earliest "last modified" dates are from March and April 2014...theres a lot of of those.

Then, the rest are from Mar 16-23 of 2018.
The majority of the files I can see are from those dates and nothing else.
And I don't see anything newer than that.

These are php (script?) and I have no idea how to use them or open them.
I tried sending a copy of one of the folders to someone who wanted to examine them.
He could not receive them (anti malware alerts went off).
I tried zipping and storing a folder on mediafire...and then sharing a download link...he couldn't download. Malware alerts again.

I'm afraid to touch them.

 

[Infopro]

Yes, renaming each directory, right where it's at, might be the easiest place to start.

Going by that first image, I would rename that "file" directory, "Box" directory, and "login" directory, to, .fileDEAD, .BoxDEAD, .loginDEAD so I knew which ones I changed. Adding the dot at the start can't hurt.

That said, your forum account lists you as Website Owner. You should get in touch with your Hosting Provider and let them know you've got some mysterious files and directories on your account. I'm sure they'd like to have a closer look, too.

Good luck with this.

 

[deedubbleyew]

I will try what you have suggested...thank you.

I renamed the directories...adding the dot before the name, just made the files disappear.
I had to turn on "see hidden files" to get them back! panic!

The host is Gator (I think thats what it is called).
As I mentioned, its not my hosting plan.
The guy I work for sublets to various people in my/our hobby.
He donated this hosting to me for the forum I run (related to our hobby). [- Removed -]
I supplied a domain name, and then he gave me a C-Panel account,
and I have maintained it ever since.

Last week, the site was shut down and he was sent a warning of a particular phishing file.
He then contacted me. to explain.
I went in and removed the malware and took a look around for anything else.
I found nothing else out of concern...other than the gdocs, which I already knew were there.
Once we were sure everything looked okay, he requested the necessary "security check".

They approved and lifted the suspension the next day.
But we also asked them about the malware and the gdocs.
The response was "for a fee, we can investigate the malware attack".
Thats it, thats all they will agree to, and thats all they offer as support.

 

[Infopro]

I renamed the directories...adding the dot before the name, just made the files disappear.
I had to turn on "see hidden files" to get them back! panic!

Yep, sorry I failed to mention that. That's the idea, makes them unavailable for access. Leave things go overnight now and see if you notice any issues with the site or new errors in your cPanel Error logs in your cPanel. Assuming you have access to those.

Last week, the site was shut down and he was sent a warning of a particular phishing file.

This account has apparently been compromised at some point. That's no good. Being new and/or inexperienced with this sort of thing, the chances of you removing a file or two and everything going back to normal, are slim. If you're not interested in paying for that Hosting Providers support (I would if I was in your shoes), you might like to know about these listings, you could hire a 3rd party to assist you with this instead:

System Administration Services | cPanel Forums

That's pretty much all we can do for you here on these forums as well.

 

[deedubbleyew]

Thanks for the advice...

after renaming the three directories (related to the gdocs) I went through my site.
I didn't find any errors or anything out place.
I informed my Mods to keep an eye out and report...but they found nothing.

After 24 hours I deleted the renamed folders.

(yes, I did zip, download and save the files first)

Everything is still working fine.
We'll see how it goes.

I am not hearing good things about HostGator, so I am considering moving the sites.
But I will wait a few months to make sure there are no further attacks or gdoc recurrences.

 

[Infopro]

Good news then! Thanks for posting back.