Potential Exploit Checking Script....

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
User avatar
jjonker
Joomla! Intern
Joomla! Intern
Posts: 53
Joined: Sat May 27, 2006 10:18 pm
Contact:

Re: Potential Exploit Checking Script....

Post by jjonker » Fri Jan 11, 2008 11:46 am

Hi there!

I got the script working OK. I received an email with some lines of possible exploits... Now what ????

For example:
The script indicates that there are possible exploits in some files from the component 'com_securityimages' that is used in one of my Jooma sites. Does this mean this is a great security risk? Should I remove this component? Or is it possible that this scrips generates 'false positives?'

Thanks!

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Potential Exploit Checking Script....

Post by RussW » Fri Jan 11, 2008 9:46 pm

You read the messages provided, and then go check any scripts that have been marked as suspect and for inspection.  Read the lines of code highlighted in the message to see if it is something that is expected or reasonable for the script to be trying to do, normally these are email notifications or base64 encoding that get pickup, and might be considered as false positives in some case, but are not in others..

That you will have to learn for yourself, I the script has no idea of what is reasonable for an exrtensions to be doing something, it just just certain keywords to look for in files that have been known to be exploit files.....
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

tragged
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Wed Jan 16, 2008 12:29 pm

Re: Potential Exploit Checking Script....

Post by tragged » Wed Jan 16, 2008 12:40 pm

RussW wrote: You read the messages provided, and then go check any scripts that have been marked as suspect and for inspection.  Read the lines of code highlighted in the message to see if it is something that is expected or reasonable for the script to be trying to do, normally these are email notifications or base64 encoding that get pickup, and might be considered as false positives in some case, but are not in others..

That you will have to learn for yourself, I the script has no idea of what is reasonable for an exrtensions to be doing something, it just just certain keywords to look for in files that have been known to be exploit files.....

NorthBay
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Feb 16, 2008 3:32 pm

Re: Potential Exploit Checking Script....

Post by NorthBay » Sat Feb 16, 2008 4:14 pm

Hello
The script is no longer available for download. Instead, where the script was located in the original post, is this entry: "The extension txt has been deactivated and can no longer be displayed."

?

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: Potential Exploit Checking Script....

Post by RussW » Sat Feb 16, 2008 9:49 pm

Sorry, the new forum change-over has caused a few attachements issues. Please find attached the latest file. Just unzip it and follow the instructions in the first post.
You do not have the required permissions to view the files attached to this post.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

nerbone1
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Jul 11, 2009 7:55 am

Re: Potential Exploit Checking Script....

Post by nerbone1 » Sat Jul 11, 2009 7:58 am

This script is great, but... Is there any way to make it check multiple home drives. For instance, on one server I have /home, /home2, /home3 and /home4. Is it as simple as listing all the home drives seperated by a comma?

dahobbit
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Feb 09, 2010 11:03 am

Re: Potential Exploit Checking Script....

Post by dahobbit » Tue Feb 09, 2010 12:08 pm

Idea for improvment - why do not put the pattern file on some hosting and grab it from there ? The poor side of this solution is that we have to update it and it have to be done by some person :P


Locked

Return to “Security - 1.0.x”