Watchful.li malware scan reports 2 files to check

  • vthomas
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 17
  • Thank you received: 0

vthomas created the topic: Watchful.li malware scan reports 2 files to check

I have been happy w/Breezing Forms. Just started using Watchful.li Admin Software. The malware scanner reports 2 Breezing forms files to check ...

/components/com_breezingforms/facileforms.process.php Reason: Hidden eval()
/administrator/components/com_breezingforms/libraries/dropbox/native-api/Client.php Reason: assert()

Are these two 'reasons' actually code that you placed in those files, so all is OK? I've seen them on a two of my site's audits, so either (1) yes, this code is OK ... or (2) I have infected files on both sites.
I know the malware scanner is looking for possible malware, so could be a false positive.

Thank you, Vicky
#175953
  • Posts: 7464
  • Karma: 150
  • Thank you received: 553

TheMuffinMan replied the topic: Watchful.li malware scan reports 2 files to check

Hi,

that's false positive. Eval() isn't bad per-se, so isn't assert().

However, just by the blank amount of evals that watchful.li finds it isn't easy to find how your site got breached.

Additionally, I would do it the classic way to cross-check the results:

1. Write down all 3rd party extensions (templates, plugins, components, modules) that you have installed, including version numbers. I know that services like watchful.li can help on that but relying only on those tools isn't enough.

2. Do some web search about if any of those versions contain known security issues and update if possible.

3. Try to find uploaded files, especially those ending with .php that are not part of a joomla or an extension install (very hard, but do-able).
I am referring especially to files that reached your webspace through uploads, so I would check upload folders first

4. Read your access logs and try to spot the date, time and url of very the first attack attempt (that will actually help to spot what exact hole the attacker was using).

5. last but not least clear all infected files from malicious code.

Please let us know how it went, we can also have a look through your logs if you like.

Best Regards,
Markus

===============================================
Support Crosstec and get ALL EXTENSIONS and professional support for just $5
Here!
===============================================
Satisfied?
Consider a membership!
===============================================
Like us on Facebook
===============================================
#175973
The following user(s) said Thank You: vthomas
  • vthomas
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 17
  • Thank you received: 0

vthomas replied the topic: Watchful.li malware scan reports 2 files to check

Thank you! Happily, those are the only two files the malware scan identified. So, since those values are intentional and OK in those files, I don't think I have a breach.

I just wanted to insure that you those values were intentional and placed there by the Breezing Forms team.

Also, thank you for giving good info on how to check my site if I think I ever have a breach.
#176032
Moderators: ForumSupporttomeperica
Time to create page: 0.061 seconds

New Icon Packs Category!

Crosstec is now offering icon packs.

If you are a paying subscriber, icon packs are automatically added to your account.

Check out our icon packs page!

Live Support Chat Opened!

Join our Discord chat here to receive live support and talk directly to the team!

Summer Sale!

50% discount on all of our extension subscription plans, templates and icon packs!

Get Your Subscription Here

News and Updates

Get informed about new downloads, updates and more in our News and Updates newsletter.

All Extensions Subscription

Get 1 year access to all of our current and future products and 1 year of professional support -- 99 for just 49! (Summer Sale)

No support per domain or website installation limits! Includes all of our current and future Joomla!® extensions, Joomla!® templates for the duration of your membership. This means, by purchasing an All Extensions Subscription you'll have it all covered!

Get it from here

3rd Party Discount - 25% Off

We help you to keep your costs under control. If you are a new member and purchased a form building tool from a different form vendor, then you'll get a 25% discount on our subscription plans.

How to receive the discount:

Send us a quick email to sales@crosstec.org with a proof of purchase (for example a paypal receipt), await payment instructions and enjoy your membership!

Live Support Chat Opened!

Join our Discord chat here to receive live support and talk directly to the team!

Community Reward

Help us to create new extensions and plugins! With only $5 you help us a lot and get unlimited download access to all of our products, professional support and even more. Get your reward now!

Read More Here