Demitry

I totally understand! I have a bunch of addons that I don't care to dedicate time to for a completely dead software. Cheers for doing this update! I appreciate it.

Just an addition/addendum to my previous comment. Although there is a folder in the package for osC versions Before_2.3, ..there is a large gap from version 2.2 to the Flatline version, including osC versions 2.3, 2.4, BS Edge, Gold, and everything in between. This is no longer an issue for me, but it could be for anyone else who has an osC version that is part of that gap.

Sorry Jack,.. my mistake on that point. I had to look at the package again to see this. I skipped over that folder because I have BS Edge, which is after version 2.3 UPDATE: I ran a test database optimization after making that change you mentioned and there was no PHP warning. So, it works! Thanks.

This is not in that package for version 1.8 ...and I have BS Edge as I originally stated, which is after version 2.3.4. The oldest version in that package is Flatline. For number two, I had made the fix as I stated, in my post above. I was just letting you know about this as a potential issue for others updating to this latest version because without that PHP function defined, you get a PHP Fatal Error. As for number three, thank you for the fix. I have not applied it yet, but will, and I'll test it afterwards. I am on PHP7.2 at this time, so this might be the cause of this PHP warning. Thank you for your reply.

@Jack_mcs hi Jack, I updated all the files for the new 1.8 version of this addon and ran it for the first time last night. One of the errors I got was for the tep_draw_bootstrap_button() function for that Update button. I have BS Edge and since there is nothing in the package for any osC versions older than Flatline (Frozen), I had to apply the changes for that version to BS Edge. However, in doing so, I noticed that Flatline does not have the tep_draw_bootstrap_button() function defined either. I got this function from Zombified Phoenix and the Update button now displays & works as it should. The other issue was a PHP warning I got regarding a non-numeric value related to the following file and line. The database optimization summary is also listed below. I looked up that line and here it is. $dateOrder = date("Y-m-d", time() - ($config['orphan_orders'] * 86400)); So, three issues: 1) There is no package solution for any osC versions older than Flatline (Frozen) 2) The tep_draw_bootstrap_button() function does not exist in Flatline for the Update button, which is in the admin/database_optimizer.php file 3) The calculation for $dateOrder variable in admin/includes/modules/database_optimizer_common.php on line 165 is producing a PHP warning of a non-numeric value I should also mention that I have not made any adjustments to the default setting in the configuration part of this addon.

@domiosc So, I Googled this and did find a couple of articles on a malware injected into a site using .ico files. Here are the articles: https://blog.quttera.com/post/suspicious-icon-files-on-your-website/ https://www.theregister.com/2015/03/25/blank/ If you do regular back-ups, I would go back to the back-up you did just prior to this problem occurring and compare all folders using a comparison tool. This may not find the issue, but it is a good place to start.

@ecartz Hey thanks Matt, That MS2.2 site is going away soon, but based on this conversation, I'll go ahead and remove that MS2.2 configuration cache addon. For some reason, I just did not think that my subdomain would be affected from a higher directory tier.

yes, that's the same app. However, this addon is based on old MS2.2 code and does not reside in my subdomain, which is BS Edge with PHP7.2 And, the old MS2.2 site was not affected at all. I do have this addon for the BS Edge subdomain, but it is different (designed for the later version of osC) and in my opinion, more secure than the MS2.2 version.

ok, thanks Matt. The shell scan for viruses and malware came back from the hosting company and it listed a bunch of files with hack related strings that it found. However, all those terms relate to security files and were not responsible for anything malicious. There was one file that was not consistent with the findings as the rest. This file is part of an older MS2.2 addon and resides higher up in the directory structure and not in my subdomain. I'm not sure if this is the culprit or not, though as I mentioned before, these .mx regeneration of duplicate .php files has not happened after the third time. here is the line that was found by the hosting company's shell scan. "/home/*******/public_html/***renamed-admin***/includes/configuration_cache.php": "hex match,{HEX}php.gzbase64.inject.452.UNOFFICIAL",

The one thing I noticed, is that everything you posted is based on HTTP/1.0 -- this is an old protocol. Most everything today has moved to HTTP/2.0. You need to contact your hosting company to find out if their servers are on HTTP/2.0. If they are not, you need to switch to a different hosting company. HTTP\2.0 is faster and more secure. After doing this, you need to do a site-wide search for HTTP\1 and/or for $_SERVER["SERVER_PROTOCOL"] and manually change related instance of that HTTP\1.0 or HTTP\1.1 to HTTP\2.0. When I had to do this, it was about 25 files. Things like this are always a problem when you are upgrading from a much older version to a new one. I believe it is always better to start with the latest version of the CMS and customize it from scratch. Don't keep trying to upgrade from older versions of osC, this software is not designed for that and it will cause you a lot of headaches and time wasted. As for the INF field/attribute, I have no idea what that is because it looks like custom code and after looking in advanced_search.php and advanced_search_results.php, I don't see any part of this SQL query in those files. If you are migrating from osC MS2.2 to Zombie Phoenix, search your osC MS2.2 database for this field.

hi Vicent, Please let me know what you find. I have not had another instance of this issue after that last third time. So, for now everything is good. Talk soon.

hi Vicent, My hosting company made a back-up of that subdomain and then ran a shell script to remove all those .mx files. So, I really did not have to do anything. Since that time, there has not been any more incidents of this weird file replication. I called my hosting company to try and get some idea of what it was. They said, they thought it was a hack. However, I am not convinced because all scans came up empty and I did a folder comparison to a prior back-up and there was nothing new or different. My hosting company tech support also said this problem was currently occurring with other accounts, non-osC accounts. So, for now, all is good. Hope you find what is causing the .ico file replication. It might be a related issue. Use the shell script from this thread to remove all those files from the server, though be sure to back-up first.

@ecartz Matt, ..you're awesome!! I don't know shell scripting ..so this will not only help me, but anyone else who comes across this thread. I have not removed these files just yet. I'm still waiting to see if my hosting company comes up with an answer before cleaning that entire sub-domain. I did see that stackoverflow.com post when searching for an answer but there were no solutions offered on that post. And though I still use Dreamweaver (old habits die hard), this is the first time I've experienced this problem. And you might be right on point with this outdated software. Tough to let go of that comfort pillow. lol Thanks Matt.

Update: I was given a shell script by my hosting company to clean all of these files out at once, which is a huge help because I had to do it manually the past few times. However, I have not cleared all of these files out just yet. I want to give the hosting company techs plenty of time to figure this problem out before removing it from the server. Here is the script in case someone else runs across this same issue. find /home/change_to_your_own_directory/public_html/ -type f -name "*.mx" -exec rm -rf {} \; Please be very careful before using anything like this, and back-up entire site and all files (along with the .mx file) before running this script. If you don't know what you're doing, don't mess with it!

hi, I'm trying to figure out why I keep getting a ton of these .mx files inserted as copies of all the .php files on the sub-domain I am working on. The files look like this: .mx.99063925.mx though with different numbers for each file,.. and when you open one of these files, its content is identical to one of the .php files I have in the same directory. These .mx files are not generated for any other extension except for .php and each of the .mx file sizes matches the same .php file. They are basically clones of all the .php files. I cleaned them out of every folder and a day later they all reappeared. That happened three times now. This file type is commonly associated with email files, but these are not email files and have nothing to do with that. They are also not desktop files as detailed in this article. https://www.reviversoft.com/file-extensions/mx I called my hosting company several times and they have no idea of what it is. The only thing I was told, was that their higher tier tech support came across this problem once before with a WordPress site and after running a shell script to clean all the .mx files, the issue never came back. They are now trying to figure it out and doing a full site scan. I thought it might be a hack, but this is unlikely. I've done a number of scans for viruses & malware and they all came back clean. I have nothing in my error log and no noticeable issue browsing the site. There is also nothing in the console via Chrome Developer Tools. The .mx files just add clutter to the directory structure and nearly double the size of the osC software. I searched everywhere on this issue (including osC forums) and could not find anything of value. I'm just wondering if anyone has come across this issue before and how it was resolved? Here is an image of FileZilla showing these .mx files.