• Resolved janus.l



    My site was recently hacked, with the hacker putting a file pawn3d.html in most of my directories, including the main public_html directory. My web host was pathetic in trouble shooting how it happened and how to prevent it from reoccurring.

    I ran your tool, it found one threat inside tiny_mce.js, however I think this might be a false positive, because when I looked at the highlighted code, I didn’t see anything malicious.

    How likely is it that your tool found the threat? I want to know if I should be satisfied or keep looking for this hacker.


Viewing 1 replies (of 1 total)
  • Plugin Author Eli


    My plugin is designed to find malicious code patterns that are mostly found in PHP and JavaScript files. The use of the function eval() will usually be found as a potential threat (don’t worry too much about these, there are lots of safe uses for eval that are not yet white-listed in my definitions). Sometimes eval or other functions are combined in ways that are know to be used maliciously, these will show up as a Known Threat, and that is what you should watch out for. If a Known Threat is detected by my plugin it will remove it automatically.

    If you want to send my one of those pawn3d.html files I can add it to my definition update.

    Also, if you want to send me the version of the tiny_mce.js file that was detected as a potential threat then I can add it to my white-list (there are so many different version of those tiny_mce.js files).

    Let me know if I can do anything else for you.

Viewing 1 replies (of 1 total)
  • The topic ‘false positive?’ is closed to new replies.