Hi,
Yes, there are several signatures in NinjaScanner that can help you to detect the CryptoPHP backdoor.
@nintechnet
That’s relieving to hear. I am using an Apache setup with NGINX as a reverse proxy and have heard how well NinjaFirewall works with setups like this. So I was curious to check out the scanner as well.
But after using it. I am seeing pages and pages of warnings of suspicious files, suspicious coding commands, etc. I’m a little worried that NinjaScanner maybe for someone who is just more knowledgeable of coding than I am.
Like, even these malware warnings for the plugin AMP for WP that I am using had been listed in a malware portion
– https://wordpress.org/support/topic/ninjascanner-malware-alerts/
I cannot reproduce the issue, I don’t get any warnings when I scan the AMP plugin.
Make sure that you are running the latest version of NinjaScanner with the latest signatures file. Try to scan again.
You can also flush its cache (“settings > Advanced Users Settings > Nerds Settings > Run the garbage collector > Run it Now”).
Make sure also to activate all 4 options in the “Settings > Advanced Users Settings > File integrity checker” section. That will compare your plugin with the original one from the wordpres.sorg repo.
-
This reply was modified 5 years, 8 months ago by nintechnet.