Detect CryptoPHP?

Resolved dlynch027
(@dlynch027)

5 years, 8 months ago

Just curious if this scanner, or its core firewall application, can detect/remove CryptoPHP like I’m reading that WordFence can.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author nintechnet
(@nintechnet)

5 years, 8 months ago

Hi,

Yes, there are several signatures in NinjaScanner that can help you to detect the CryptoPHP backdoor.

Thread Starter dlynch027
(@dlynch027)

5 years, 8 months ago

@nintechnet

That’s relieving to hear. I am using an Apache setup with NGINX as a reverse proxy and have heard how well NinjaFirewall works with setups like this. So I was curious to check out the scanner as well.

But after using it. I am seeing pages and pages of warnings of suspicious files, suspicious coding commands, etc. I’m a little worried that NinjaScanner maybe for someone who is just more knowledgeable of coding than I am.

Like, even these malware warnings for the plugin AMP for WP that I am using had been listed in a malware portion

– https://wordpress.org/support/topic/ninjascanner-malware-alerts/
Plugin Author nintechnet
(@nintechnet)

5 years, 8 months ago
I cannot reproduce the issue, I don’t get any warnings when I scan the AMP plugin.
Make sure that you are running the latest version of NinjaScanner with the latest signatures file. Try to scan again.
You can also flush its cache (“settings > Advanced Users Settings > Nerds Settings > Run the garbage collector > Run it Now”).
Make sure also to activate all 4 options in the “Settings > Advanced Users Settings > File integrity checker” section. That will compare your plugin with the original one from the wordpres.sorg repo.
- This reply was modified 5 years, 8 months ago by nintechnet.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Detect CryptoPHP?’ is closed to new replies.