Our FamilyForum

FamilyForum Documentation & Help => FamilyForum Features & Guidelines => Code & Stuff => Topic started by: Skhilled on November 15, 2016, 08:39:09 AM

Title: Code Scanner
Post by: Skhilled on November 15, 2016, 08:39:09 AM

I get a newsletter from The Admin Zone and it contained this topic about Hostgator having bad security:

https://theadminzone.com/threads/hostgator-is-security-bad.142308/

In it, I found this "Malicious Code Scanner". You can use it to scan your website for malicious code if you suspect or have been hacked to help clean it.

https://github.com/mikestowe/Malicious-Code-Scanner

Title: Re: Code Scanner
Post by: Ken on November 15, 2016, 12:13:50 PM

Thanks for this one... gonna run it just for testing purposes. :)

Title: Re: Code Scanner
Post by: Ken on November 15, 2016, 12:33:26 PM

 shocked003

Ran the scanner on my test site and got this:

Quote

== MALICIOUS CODE FOUND ==

The following files appear to be infected:
  -  /home/ourfamil/public_html/beta-test/Sources/Load.php
  -  /home/ourfamil/public_html/beta-test/Sources/Load.php~
  -  /home/ourfamil/public_html/beta-test/Sources/Subs-List.php
  -  /home/ourfamil/public_html/beta-test/Sources/TPSubs.php
  -  /home/ourfamil/public_html/beta-test/Themes/ShelfLife-1/Profile.template.php
  -  /home/ourfamil/public_html/beta-test/Themes/default/Profile.template.php
  -  /home/ourfamil/public_html/beta-test/Themes/default/Profile.template.php~
  -  /home/ourfamil/public_html/beta-test/Themes/default/Register.template.php
  -  /home/ourfamil/public_html/beta-test/Themes/default/Register.template.php~
  -  /home/ourfamil/public_html/beta-test/Themes/modernstyle102_20/Profile.template.php
  -  /home/ourfamil/public_html/beta-test/Themes/modernstyle103_20/Profile.template.php
  -  /home/ourfamil/public_html/beta-test/Themes/shelflife203/Profile.template.php

Title: Re: Code Scanner
Post by: Ken on November 15, 2016, 12:39:53 PM

And here on the live forum:

Quote

== MALICIOUS CODE FOUND ==

The following files appear to be infected:
  -  /home/ourfamil/public_html/FamilyForum/Sources/Load.php
  -  /home/ourfamil/public_html/FamilyForum/Sources/Load.php~
  -  /home/ourfamil/public_html/FamilyForum/Sources/Subs-List.php
  -  /home/ourfamil/public_html/FamilyForum/Sources/TPSubs.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/Apocalypse_TK2/Profile.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/default/Profile.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/default/Profile.template.php~
  -  /home/ourfamil/public_html/FamilyForum/Themes/default/Register.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/default/Register.template.php~
  -  /home/ourfamil/public_html/FamilyForum/Themes/modernstyle102_20/Profile.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/modernstyle103_20/Profile.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/modernstyle104_20/Profile.template.php
  -  /home/ourfamil/public_html/FamilyForum/Themes/shelflife203/Profile.template.php

Title: Re: Code Scanner
Post by: Skhilled on November 16, 2016, 09:01:03 AM

I checked a few of your files but did not see anything out of the ordinary. I check the files with Notepad++ and RJ TextED but did not see anything stranger. Usually, you'll see very strange looking code if something is wrong. I'm not a coder by any stretch of the imagination but I couldn't see anything.

Since some of the files in question are TP and Bloc's themes you might want to ask him if he can see anything.

EDIT: I totally forgot about asking Illori...

I haven't run it on mine yet. Another thing to do is download them or if you already have the same files on your PC you can run a scan on them to see if anything turns up. It could be that the scanner is detecting the JS script portions of the files...

Title: Re: Code Scanner
Post by: Ken on November 17, 2016, 09:40:11 AM

Not knowing how to analyze the code for bits that do not belong I'm not going to get to excited about this.  :oops!

Title: Re: Code Scanner
Post by: Skhilled on November 18, 2016, 07:39:21 AM

You will "usually" see something very strange/different near the beginning or end of the file that doesn't look like the rest of the code. You may also see a link or redirect to another site that should not be there.

Title: Re: Code Scanner
Post by: Ken on November 18, 2016, 11:28:45 AM

I'm gonna take a look to see if anything jumps out.

Title: Re: Code Scanner
Post by: Skhilled on November 19, 2016, 06:03:13 AM

You can also download fresh files and mods...after deleting the old and re-install your files and mods. Just to be sure. I do it every so often just to kill any bad code if nothing else.

Haven't done it lately and need to do it soon. Another reason why I haven't redone my site site...just been putting it off. But I am backing everything up for all of my domains as I might be changing hosting soon.