We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Backdoors inside the plugin ? - Anti Spam, Anti Bots Killer | Forum

« Back to plugin
« Back to forum topic list
OW-Ghost
OW-Ghost Mar 3 '19
Hello SD,


My host company did scan my websites files and this was they result:


Scanning [/home/mysite] ... Please wait...
[HEX]non_alpha_backdoor [23/02/19] /home/mysite/.opcache/888b1b2b3719b54e59f563400d7ce5f2/home/mysite/public_html/ow_plugins/plugin_addoMeREbAN/classes/libs/zbblock/signatures/file.sig.bin
[HEX]non_alpha_backdoor [23/02/19] /home/mysite/.opcache/888b1b2b3719b54e59f563400d7ce5f2/home/mysite/public_html/ow_plugins/plugin_addoMeREbAN/classes/libs/zbblock/signatures/cook.sig.bin
[HEX]non_alpha_backdoor [23/02/19] /home/mysite/.opcache/888b1b2b3719b54e59f563400d7ce5f2/home/mysite

/public_html/ow_plugins/plugin_addoMeREbAN/classes/libs/zbblock/signatures/ib.sig.bin

-----------------------------------------
Scanned Files : 351832
Scanner Hits : 3

The Forum post is edited by OW-Ghost Mar 3 '19
#1
AppXprt
AppXprt Mar 3 '19
Wait, this may be a false positive in the form of malware detection definitions!
The Forum post is edited by AppXprt Mar 3 '19
#2
OW-Ghost
OW-Ghost Mar 3 '19
probably yes a false warning...but i need a confirm
#3
AppXprt
AppXprt Mar 3 '19
It is in the malware signatures sections, I would say its a safe bet that it is a false positive...

It's even in a bin (binary) file, so check the format... send me those bin files and I'll tell you...
Look at the files:zbblock/signatures/file.sig.bin

#4
AppXprt
AppXprt Mar 3 '19
Your hosting provider didn't catch that at all?
#5
OW-Ghost
OW-Ghost Mar 3 '19
i think they stupid....i agree with you when i read the file names i understand more....but they should bee more professional to understand this...no they did not catch this at all
#6
Senior Developer Leader
Senior Developer Apr 9 '19
Hi OW-Ghost!


That's what we call a false positive, they just see there is a ".bin" file and automatically mark it as a potential threat, which is incorrect. Those files come with the zbblock library, there is nothing to be afraid of. I will take a look and see if those files are really needed, I will update this plugin soon.


Senior Developer.

The Forum post is edited by Senior Developer Apr 12 '19
#7
Senior Developer Leader
Senior Developer Apr 12 '19

I took a look at the issue, here is the results of my investigation:


Those files come with the zbblock library (file.sig, ib.sig, cook.sig), it contains signatures which is code to identify potential threats. Opcache converts those files into bin files to run faster and the scanner read those lines and thinks it is a threat (false positive), if you are having have trouble with your hosting provider to keep those bin files, maybe you need to blacklist those files in the php.ini file so they don't convert into bin files and they don't think you are a threat for their servers. If they don't need you to remove those files then just keep those files right there as there is nothing wrong with them, it is working as it should.


Senior Developer.

#8
You do not have permission to reply this topic
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software