- Compatible XF 2.x versions
- 2.3
Overview:
- This add on scans all your forum files, core and third party add ons alike. This can be very useful security wise when you want to make sure that all your forum files are clean.
- You can enter keywords that you want to check if they are present in your forum files and run the tool. Your whole forum files will be scanned for the entered keywords and if any are found they will be displayed as to in which files they were found.
- As shown in the screenshot I used several keywords to check, such as eval(base64_decode, eval(gzinflate(base64_decode, str_rot13, shell_exec, eval, assert(), passthru.
- Why did I chose those keywords to search for you might ask. That's a very good question. The use of str_rot13 is heavily used in pair with base64_decode which can be used to disguise the nature of the malicious code.
- The same goes for eval(base64_decode(....)) or eval(gzinflate(base64_decode(..)))
- All the aforementioned php functions, commands, executions etc are all legit. But unfortunately they are also the most commonly used functions by the bad actors to inject malicious code. Therefore there will be false positives reports.
- If you see your forum files mentioned as containing the aforementioned code, you can ignore it. But if any of the forum files that were shown in scan results have also been reported as recently modified by XenForo's file check, and you haven't touched the file(s) in question, then you should check it immediately as the chances are that it's foul play.
