Forum Replies Created
-
AuthorPosts
-
https://ufile.io/u2dha (exp 30 days)
I think this one is the backdoor that could not be found and was creating hear.php
Some observations / suggestions -
too many long strings are suspect — perhaps you can allow users to opt in to report some files directly to you via the scanner.
files without any comments are suspect (true in case of hear.php)
strings with multiple occurrences of strings like this on the same line — “].$”
the AV should use a file scanner so any new/modified files can be directly reported to you if found suspect
annual subscription allows instant updates (others will get it a week later) and daily background scanningThank you for your product and service!
Some more bad files… including the .ico file which has php code in it.
https://ufile.io/shyqj (zip files)
hear.php –> https://ufile.io/70g1b
Also, I have seen files like this getting added (don’t have copies of these)
/wp-content/wflogs/favicon_e85058.ico
/wp-content/uploads/ithemes-security/hkncnabx.phpsorry… looks like a ttf file encoded as base 64… problem still continues on website with hear.php
Hi -
I found some malicious looking code (base64 coded) in the CSS file. Please see attachment and let me know what you think.
https://ufile.io/qy0k6 (exp. 30 days)
Hi -
Thank you for this wonderful tool!
The tool, however, does not detect the below issue…
The file scanner I have installed shows that lend.php and hear.php gets created in the root folder. I delete it, but it gets created again every 3-4 hours. I am unable to figure out what is causing these files to get created.
lend.php -> https://ufile.io/izttn — (30 day expiry)
Also, please check this file; it looks very suspect -> evas.php – https://ufile.io/bntw0 — (30 day expiry)
Your help with this is much appreciated.
-
AuthorPosts