WordPress.org

Ready to get started?Download WordPress

Forums

Exploit Scanner
Running exploit Scanner on 3.1 - is there any point? (5 posts)

  1. modwor
    Member
    Posted 3 years ago #

    Is there any point in running exploit Scanner on 3.1 RC2 installs?

    I did, and came up with 73 severe warnings, with a lot of these, for example:

    explode(':', base64_decode(substr($

    and

    // eval('$v_result

    I'm not sure what to make of that.

    Any guidance on how to interprate that kind of thing, or do I need to tear my site down (only a wireframe at this point) and reinstall 3.0.4?

  2. Jon Cave
    WordPress Dev
    Plugin Author

    Posted 3 years ago #

    Since there are no file hashes for 3.1 core files yet (they are still liable to change, so hashes will not be available until final release), yes you will get warnings about 'bad' code within core files.

    You will have to use your judgment on how to interpret these, but I do not want to discourage you from developing on RC2 so maybe waiting until final release before using an updated Exploit Scanner is the best option. I would imagine these are probably fine, unless any are marking 3rd-party plugins which I cannot be certain about.

  3. modwor
    Member
    Posted 3 years ago #

    Hi, Jon,
    Thanks for the reply, and the good info.

    There were eval( and base64 in 3rd party plug-ins.
    I guess there are valid reasons for these PHP codes being used.

    Should I always be concerned when I see those terms, or do they have to be interpreted in context?

    In any regards, I decided to do a reinstall, and with the new install, and less plug-ins, I see none of those at this point.

    Thanks,
    Modstu

  4. Jon Cave
    WordPress Dev
    Plugin Author

    Posted 3 years ago #

    They should always be interpreted in context, base64 etc. alone is not enough to definitively prove malicious code it is just a common indicator.

  5. modwor
    Member
    Posted 3 years ago #

    Thanks for the info, Jon.
    Have a great weekend.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic