Our FamilyForum
FamilyForum Documentation & Help => FamilyForum Features & Guidelines => Code & Stuff => Topic started by: Skhilled on November 15, 2016, 08:39:09 AM
-
I get a newsletter from The Admin Zone and it contained this topic about Hostgator having bad security:
https://theadminzone.com/threads/hostgator-is-security-bad.142308/
In it, I found this "Malicious Code Scanner". You can use it to scan your website for malicious code if you suspect or have been hacked to help clean it.
https://github.com/mikestowe/Malicious-Code-Scanner
-
Thanks for this one... gonna run it just for testing purposes. :)
-
shocked003
Ran the scanner on my test site and got this:
== MALICIOUS CODE FOUND ==
The following files appear to be infected:
- /home/ourfamil/public_html/beta-test/Sources/Load.php
- /home/ourfamil/public_html/beta-test/Sources/Load.php~
- /home/ourfamil/public_html/beta-test/Sources/Subs-List.php
- /home/ourfamil/public_html/beta-test/Sources/TPSubs.php
- /home/ourfamil/public_html/beta-test/Themes/ShelfLife-1/Profile.template.php
- /home/ourfamil/public_html/beta-test/Themes/default/Profile.template.php
- /home/ourfamil/public_html/beta-test/Themes/default/Profile.template.php~
- /home/ourfamil/public_html/beta-test/Themes/default/Register.template.php
- /home/ourfamil/public_html/beta-test/Themes/default/Register.template.php~
- /home/ourfamil/public_html/beta-test/Themes/modernstyle102_20/Profile.template.php
- /home/ourfamil/public_html/beta-test/Themes/modernstyle103_20/Profile.template.php
- /home/ourfamil/public_html/beta-test/Themes/shelflife203/Profile.template.php
-
And here on the live forum:
== MALICIOUS CODE FOUND ==
The following files appear to be infected:
- /home/ourfamil/public_html/FamilyForum/Sources/Load.php
- /home/ourfamil/public_html/FamilyForum/Sources/Load.php~
- /home/ourfamil/public_html/FamilyForum/Sources/Subs-List.php
- /home/ourfamil/public_html/FamilyForum/Sources/TPSubs.php
- /home/ourfamil/public_html/FamilyForum/Themes/Apocalypse_TK2/Profile.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/default/Profile.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/default/Profile.template.php~
- /home/ourfamil/public_html/FamilyForum/Themes/default/Register.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/default/Register.template.php~
- /home/ourfamil/public_html/FamilyForum/Themes/modernstyle102_20/Profile.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/modernstyle103_20/Profile.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/modernstyle104_20/Profile.template.php
- /home/ourfamil/public_html/FamilyForum/Themes/shelflife203/Profile.template.php
-
I checked a few of your files but did not see anything out of the ordinary. I check the files with Notepad++ and RJ TextED but did not see anything stranger. Usually, you'll see very strange looking code if something is wrong. I'm not a coder by any stretch of the imagination but I couldn't see anything.
Since some of the files in question are TP and Bloc's themes you might want to ask him if he can see anything.
EDIT: I totally forgot about asking Illori...
I haven't run it on mine yet. Another thing to do is download them or if you already have the same files on your PC you can run a scan on them to see if anything turns up. It could be that the scanner is detecting the JS script portions of the files...
-
Not knowing how to analyze the code for bits that do not belong I'm not going to get to excited about this. :oops!
-
You will "usually" see something very strange/different near the beginning or end of the file that doesn't look like the rest of the code. You may also see a link or redirect to another site that should not be there.
-
I'm gonna take a look to see if anything jumps out.
-
You can also download fresh files and mods...after deleting the old and re-install your files and mods. Just to be sure. I do it every so often just to kill any bad code if nothing else.
Haven't done it lately and need to do it soon. Another reason why I haven't redone my site site...just been putting it off. But I am backing everything up for all of my domains as I might be changing hosting soon.