ogwinilo Posted January 31, 2010 Share Posted January 31, 2010 I have installed the bubble store. After running Sitimonitor, i get the following files as possibly hacked: Checked 223 directories containing a total of 1173 files. Skipped 851 files. 20 suspected hacked files found. Hacked Files Found power/fckeditor/fckeditor.afp power/fckeditor/fckeditor.asp power/fckeditor/fckeditor.cfc power/fckeditor/fckeditor.cfm power/fckeditor/fckeditor.js power/fckeditor/fckeditor.lasso power/fckeditor/fckeditor.pl power/fckeditor/fckeditor.py power/fckeditor/fckeditor_php4.php power/fckeditor/fckeditor_php5.php power/fckeditor/editor/fckdialog.html power/fckeditor/editor/dialog/fck_docprops.html power/fckeditor/editor/dialog/fck_flash.html power/fckeditor/editor/dialog/fck_image.html power/fckeditor/editor/dialog/fck_link.html power/fckeditor/editor/dialog/fck_paste.html power/fckeditor/editor/dialog/fck_spellerpages.html power/fckeditor/editor/filemanager/connectors/test.html power/fckeditor/editor/filemanager/connectors/uploadtest.html power/fckeditor/editor/js/fckdebug.html I don't believe they've been hacked, could there be an explanation for this? Felix Link to comment Share on other sites More sharing options...
knifeman Posted January 31, 2010 Share Posted January 31, 2010 I have installed the bubble store. After running Sitimonitor, i get the following files as possibly hacked: Checked 223 directories containing a total of 1173 files. Skipped 851 files. 20 suspected hacked files found. Hacked Files Found power/fckeditor/fckeditor.afp power/fckeditor/fckeditor.asp power/fckeditor/fckeditor.cfc power/fckeditor/fckeditor.cfm power/fckeditor/fckeditor.js power/fckeditor/fckeditor.lasso power/fckeditor/fckeditor.pl power/fckeditor/fckeditor.py power/fckeditor/fckeditor_php4.php power/fckeditor/fckeditor_php5.php power/fckeditor/editor/fckdialog.html power/fckeditor/editor/dialog/fck_docprops.html power/fckeditor/editor/dialog/fck_flash.html power/fckeditor/editor/dialog/fck_image.html power/fckeditor/editor/dialog/fck_link.html power/fckeditor/editor/dialog/fck_paste.html power/fckeditor/editor/dialog/fck_spellerpages.html power/fckeditor/editor/filemanager/connectors/test.html power/fckeditor/editor/filemanager/connectors/uploadtest.html power/fckeditor/editor/js/fckdebug.html I don't believe they've been hacked, could there be an explanation for this? Felix This text is straight from the site monitor mod: It is important to realize that some such code is valid so found files are not necessarily infected files. But, if found, you should look more closely at them. I don't use the editor you have, so I have no first hand knowledge about the files. I would assume that if they have not been changed from when you installed them, then they are not hacked. Tim Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted January 31, 2010 Share Posted January 31, 2010 I don't believe they've been hacked, could there be an explanation for this? After you installed the add on did you run site monitor and create a new reference file? Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
ogwinilo Posted January 31, 2010 Author Share Posted January 31, 2010 After you installed the add on did you run site monitor and create a new reference file? I had the Sitemonitor add on installed before the add on Link to comment Share on other sites More sharing options...
♥mdtaylorlrim Posted February 1, 2010 Share Posted February 1, 2010 I had the Sitemonitor add on installed before the add on Right, every time you add any file at all to your site you have to generate a new reference file, otherwise Site Monitor sees that as an intrusion, but reports it as an added file. Your post above is saying that Site Monitor is reporting suspicious code in those files. That could simply mean that fckeditor may have code in it that is commonly used by hacker for malicious things and Site Monitor is reporting it this way. Had you run Site Monitor immediately after adding fckeditor in you would have noted how site monitor handles those files. Now, it is best for you to ask in the Site Monitor support thread. They will know there if fckeditor returns a false positive. Community Bootstrap Edition, Edge Avoid the most asked question. See How to Secure My Site and How do I...? Link to comment Share on other sites More sharing options...
ogwinilo Posted February 1, 2010 Author Share Posted February 1, 2010 Right, every time you add any file at all to your site you have to generate a new reference file, otherwise Site Monitor sees that as an intrusion, but reports it as an added file. Your post above is saying that Site Monitor is reporting suspicious code in those files. That could simply mean that fckeditor may have code in it that is commonly used by hacker for malicious things and Site Monitor is reporting it this way. Had you run Site Monitor immediately after adding fckeditor in you would have noted how site monitor handles those files. Now, it is best for you to ask in the Site Monitor support thread. They will know there if fckeditor returns a false positive. Thanks Mark, will do Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.