Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Latest post by changlee on Tuesday, 07 December 2021 06:11 CST
Hello,
My scan focus on 3 files:
I replace these files with Joomla fresh downloaded and the PHP File Change Scanner marks them as 100 Threat score. So what do you suggest please?
Thank you!
Mark them as safe.
As you can read in the documentation, the PPH File Change Scanner does not make any discrimination for or against any file β even our own software. It calculates the Threat Score on all .php files based on their contents. This will result in false positives. That's why you are marking files as safe when you know that they really are safe and should no longer be reported as potentially problematic.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
So as soon as I replace a file with Joomla default package, then the report should be marked as SAFE.
Am I right?
Since there are two ways to read what you wrote, I will rephrase it and put in bold type what is missing to clarify this.
After you replace a file with the one from the Joomla default package you should mark it as safe in the PHP File Change Scanner report.
Mark As Safe is an action that you need to take manually. It will not happen automatically.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Yes, you are right. I should have replied: "then the report should be marked as SAFE from me."
One last question: Is there any option for core files modification scan? Eg if I need to find ANY core joomla file that is modified?
Thanks again!
Good, I wanted to make sure that we're on the same page and that any people reading this public ticket will also be on the same page :)
The PHP File Change Scanner doesn't treat core, third party or arbitrary .php files any different. Every .php file, regardless of how it ended up on your site, is scanned and we determine a. if it's added or changed; and b. its Threat Score. As a result you do not need to do anything special for core files.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Thanks again!
Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.
Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!