As soon as I entered a site, my browser (chrome) downloaded this script. It’s not obfuscated and not too long, and I think it’s harmless, but I don’t know PHP so i’m not sure. The file was called
Chrome made it seem like this was the only file downloaded. Is it possible this is not true?
Could someone shed some light on what this is doing?
The server you’re visiting is poorly configured. As a result, instead of executing the PHP, the server sent it to your browser. Browsers don’t execute PHP so you’re safe.
If you care about the site you were visiting, the nice thing to do would be to contact support and refer it to this post.
A similarly named
csync.php file has been reported in a couple of places online over the last couple of days. This, along with its reference to AKAMAI (a huge content delivery network), suggests that the mis-configured server isn’t the 1st party site you were actually on, but a 3rd-party server that the site, along with many others, relies on.
File’s apparent source: http://qsearch.media.net/csync.php
Similar reports (Google): https://encrypted.google.com/search?q=csync.php+download
I also saw this file drop into my downloads. The source is qsearch.media.net. If you visit media.net, you’ll see it is part of the internet advertisement ecosystem. It’s likely that there is a bug in one of their scripts. Sites using media.net’s service then incidentally cause your computer to download this php file.
This is absolutely not server error of any websites, it is because my browser also download this script from multiple sites,one of them are from speedtest.net, i don’t know what’s hack is going on.