Anti-Malware Security and Brute-Force Firewall
[resolved] false positive? (2 posts)

  1. janus.l
    Posted 2 years ago #


    My site was recently hacked, with the hacker putting a file pawn3d.html in most of my directories, including the main public_html directory. My web host was pathetic in trouble shooting how it happened and how to prevent it from reoccurring.

    I ran your tool, it found one threat inside tiny_mce.js, however I think this might be a false positive, because when I looked at the highlighted code, I didn't see anything malicious.

    How likely is it that your tool found the threat? I want to know if I should be satisfied or keep looking for this hacker.


  2. Eli
    Plugin Author

    Posted 2 years ago #

    My plugin is designed to find malicious code patterns that are mostly found in PHP and JavaScript files. The use of the function eval() will usually be found as a potential threat (don't worry too much about these, there are lots of safe uses for eval that are not yet white-listed in my definitions). Sometimes eval or other functions are combined in ways that are know to be used maliciously, these will show up as a Known Threat, and that is what you should watch out for. If a Known Threat is detected by my plugin it will remove it automatically.

    If you want to send my one of those pawn3d.html files I can add it to my definition update.

    Also, if you want to send me the version of the tiny_mce.js file that was detected as a potential threat then I can add it to my white-list (there are so many different version of those tiny_mce.js files).

    Let me know if I can do anything else for you.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic


No tags yet.