false positive?

  • Resolved janus.l

    (@janusl)


    11 years, 6 months ago

    Hello,

    My site was recently hacked, with the hacker putting a file pawn3d.html in most of my directories, including the main public_html directory. My web host was pathetic in trouble shooting how it happened and how to prevent it from reoccurring.

    I ran your tool, it found one threat inside tiny_mce.js, however I think this might be a false positive, because when I looked at the highlighted code, I didn’t see anything malicious.

    How likely is it that your tool found the threat? I want to know if I should be satisfied or keep looking for this hacker.

    https://www.ads-software.com/plugins/gotmls/

Viewing 1 replies (of 1 total)
  • Plugin Author Eli

    (@scheeeli)

    My plugin is designed to find malicious code patterns that are mostly found in PHP and JavaScript files. The use of the function eval() will usually be found as a potential threat (don’t worry too much about these, there are lots of safe uses for eval that are not yet white-listed in my definitions). Sometimes eval or other functions are combined in ways that are know to be used maliciously, these will show up as a Known Threat, and that is what you should watch out for. If a Known Threat is detected by my plugin it will remove it automatically.

    If you want to send my one of those pawn3d.html files I can add it to my definition update.

    Also, if you want to send me the version of the tiny_mce.js file that was detected as a potential threat then I can add it to my white-list (there are so many different version of those tiny_mce.js files).

    Let me know if I can do anything else for you.

Viewing 1 replies (of 1 total)
  • The topic ‘false positive?’ is closed to new replies.