WordPress.org

Ready to get started?Download WordPress

Forums

Trojan horse on this site (16 posts)

  1. hpguru
    Member
    Posted 5 years ago #

    Hi, in this http://wordpress.org/support/topic/269854 topic is a Trojan Horse... Avast say, in this topic is any ZIP link or any other, who have a trojan horse. Could you delete a topic??? Bad English, sorry.

  2. t31os
    Member
    Posted 5 years ago #

    There's no trojan on that page.. on the link posted perhaps, but otherwise not...

    Which seems quite clear considering the nature of said thread...

  3. dadaas
    Member
    Posted 4 years ago #

    Yes there is a trojan on that topic, says my avast.

  4. It's a false alarm from Avast.

  5. hpguru
    Member
    Posted 4 years ago #

    In this topic (http://wordpress.org/support/topic/269854) is VIRUS. Not false positive.

    http://forum.avast.com/index.php?topic=54797.0

    Admin please delete this code and make image available http://forum.avast.com/index.php?action=dlattach;topic=54797.0;attach=43034;image in topic.

    "The problem is some idiot posted the complete script code on the page instead of using an image and to make it worse even posts a direct active link to the hacked page.

    Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at."

  6. ClaytonJames
    Member
    Posted 4 years ago #

    The warning I got included a message describing the threat as an "exploit link to a known exploit site" and denies my browser (Windows/Firefox/AVG) access to the entire page.

  7. hpguru
    Member
    Posted 4 years ago #

    AVG maybe not detect malicious script. Avast did this. Topic must be cleaned!

  8. So flag the post modlook and reply saying that.

    I suppose if they wrap it in code tags, it'll stop pinging your virus scan. Your browser shouldn't be executing that code, anyway, since the php doesn't 'work.'

  9. ClaytonJames
    Member
    Posted 4 years ago #

    I believe I stated that AVG did detect it. I also stated that what it detected, was a known exploit link to a known exploit site. Then it refused to let me view the page.

  10. hpguru
    Member
    Posted 4 years ago #

    David from Avast team:

    Thanks, hopefully they will need your suggestion/advice when posting exploit/malicious script code, use an image or break the code in a way it can't be taken for the real threat.

    http://forum.avast.com/index.php?topic=54797.msg463789#msg463789

  11. mrmist
    Forum Janitor
    Posted 4 years ago #

    I've removed the link, so whether it's a real virus or not is irrelevant now, I guess.

    Yes, the code for the hack is there, but it's not active content, so any browser that treats it as such is just plain odd.

  12. hpguru
    Member
    Posted 4 years ago #

    Just Avast detect it to virus code.

    Unfortunately avast treats the text based script code the same as if it were in the html code as that is what it is looking at.

  13. hpguru
    Member
    Posted 4 years ago #

    Could you please remove or break the malicious code? Avast -> Iframe trj.

  14. hpguru
    Member
    Posted 4 years ago #

    Thank you. Now i am able to click link without any virus warning.

  15. IMO this is AVAST being a silly program.

    The page has PHP code, encoded, which isn't smart, but it's not 'wrong'. It's not, in any way, shape, or form executable code. The <?php ... ?> code doesn't run.

    <?php
    Echo "Hello, World!";
    ?>

    should be sanitized by the parser and just show up as text. Unformated, ugly, text, but text. So the fact that you have a evil link checker that looks back at that plain text and says 'Danger Will Robinson!' is an overreaction on it's part.

    More logical would be for it to say 'Hey, if the inline text has evil PHP, let the page load and don't execute it. After all, the browser wasn't gonna anyway.'

    Unless of course IE is idiotic enough to parse it.

  16. Unless of course IE is idiotic enough to parse it.

    Would not surprise me. IE is E-V-I-L. I was floored when IE executed JavaScript in a file that was .txt with the mime type set to text.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags