Support

Akeeba Backup for Joomla!

#15895 Akeeba Backup compromised?

Posted in ‘Akeeba Backup for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Akeeba Backup version
n/a

Latest post by user69460 on Friday, 26 April 2013 07:35 CDT

Friday, 26 April 2013 04:24 CDT

user69460
Mandatory information about my setup:

Have I read the related troubleshooter articles above before posting (which pages?)? No
Have I searched the tickets before posting? No
Have I read the documentation before posting (which pages?)? No
Joomla! version: (unknown)
PHP version: (unknown)
MySQL version: (unknown)
Host: (optional, but it helps us help you)
Akeeba Backup version: (unknown)

EXTREMELY IMPORTANT: Please attach a ZIP file containing your Akeeba Backup log file in order for us to help you with any backup or restoration issue. If the file is over 2Mb, please upload it on your server and post a link to it.

Description of my issue:

I have the latest akkeba,
after a malware i got in the server i use sucuri company to clean my site.
except the cleaning, after a scan they did , i got this warning

Server side scanning:
File possibly compromised: ./administrator/components/com_admintools/akeeba/platform/jfscan/engines/archiver/jfscan.php. Manual review recommended.


Is it possible to be compromised or it is false alarm ?

Friday, 26 April 2013 04:51 CDT

tampe125
Hi,

actually that file is used to scan your server files for malicious code, so it stores strings with a list of "bad word":
$suspiciousWords = array(
			'C99', 'suid', 'find /', 'find .', '.htpasswd',
			'service.pwd', '/etc/passwd', '.fetchmailrc',
			'netstat', '"REMOTE_ADDR"', "'REMOTE_ADDR'",
			'PHP_AUTH_USER', 'PHP_AUTH_PW', '.bash_history',
			'/etc/shadow', '/etc/groups', '.mysql_history',
			'my.cnf', 'pureftpd.conf', 'proftpd.conf', 'ftpd.conf',
			'resolv.conf', 'login.conf', 'smb.conf', 'sysctl.conf',
			'syslog.conf', 'access.conf', 'accounting.log'
		);


This means that if another service look inside that file, it will found a lot of bad word, flagging it as malicious.
But these word are there only as list, to find them inside other files!

Long story short, it's a false positive, you can ignore it.

Davide Tampellini

Developer and Support Staff

🇮🇹Italian: native 🇬🇧English: good • 🕐 My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 26 April 2013 07:35 CDT

user69460
i dont think i have a list with bad words i think is empty
anyway
Thank you/grazie

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!