Forensic Analysis of Malicious Code

Status
Not open for further replies.

RG70Hz

Active member
Greetings. It was brought to my attention that I have downloaded a pirated add-on from an external site. I did not know this at the time. Apparently they have a reputation of injecting malicious code into your site.

I would like for someone to review the files as to make sure there was no malicious code injected. I have uninstalled the add-on and deleted related files.

Thanks,
 
Have you purchased valid licenses from the appropriate places for all the add-ons you're running on your site? You seem to be aware these sites exist, as you were called out 10 years for doing the same thing. At some point, it goes from being an honest mistake to other reasons.



Resource authors work really hard to release add-ons to XenForo. Don't discredit that hard work by downloading from those sites.
 
The irony that it is less expensive to just buy every add-on/style you want than it is to have someone go through and do a full analysis of your server and files...
 
What about paying the devs of those addons instead?
I think he has realised his mistake and has publicly addressed us with it! Helping him would make more sense than continuing to reproach him.

Basically, if you want to be 100% sure.
There is nothing left for you but to completely rebuild the server.
Overwrite all files with the legal ones.
Check everything with an AV.

From harm comes wisdom.
 
The irony that it is less expensive to just buy every add-on/style you want than it is to have someone go through and do a full analysis of your server and files...
The irony is you're judging me off a mistake that happened over 10 years ago when I was 14 years old. The add-on that was downloaded was by mistake as I was unaware that the site hosted pirated software. As it was brought to my attention I promptly informed the developer, xenforo and deleted all associated files remaining for said extension.

I was lucky enough to have someone review the code of the extension free of charge and there was no malicious code involved.

Thanks for you input.
 
Have you purchased valid licenses from the appropriate places for all the add-ons you're running on your site? You seem to be aware these sites exist, as you were called out 10 years for doing the same thing. At some point, it goes from being an honest mistake to other reasons.



Resource authors work really hard to release add-ons to XenForo. Don't discredit that hard work by downloading from those sites.
You're going by a post that I made when I was 14 years old-over 10 years ago. All of the add-ons running on my site have been purchased legitimately and hold a valid license, for your concern.

I have absolutely no problem supporting developers.

This is just a poor attempt to slander me.

Unless you are able to help there is no reason to comment. Thanks for you input.
 
No, it would require a complete audit of all files on the server.
I already pm'd you but if you would like me to send files so you can see yourself then let me know. I have no trouble doing so. I can even include a screenshot of my installed add-ons. If it was my intention to use pirated software I would have never reached out to you or XF team. As soon as you informed me it was pirated I deleted all associated files and had someone take a look at the source code for me as to make sure there was no malicious code injected.

Thanks,
Cody.
 
This is just a poor attempt to slander me
It's not slander when it's just facts stated. All he was doing was disputing your claim that you didn't know the latest item was pirated. Surely you jest, after more than ten years experience you don't know warez when you see it? Russ' reputation is above reproach.
 
It's not slander when it's just facts stated. All he was doing was disputing your claim that you didn't know the latest item was pirated. Surely you jest, after more than ten years experience you don't know warez when you see it? Russ' reputation is above reproach.
This statement appears to contain defamatory content. I would like to clarify that your assumption about my tenure of ten years' experience is incorrect. It is not relevant to the present conversation, but for your information, I procured the license in 2013 and utilized it for a brief period before recommencing use in February of 2023. Furthermore, even if I had a decade of experience, it would not necessarily imply that I possess knowledge of websites that offer illicit merchandise. One isolated incident in ten years cannot be construed as a trend.

I must note that your assessment of me is solely based on the posts I had created when I was fourteen years old, which do not provide an accurate representation of my present self. It is important to acknowledge the facts as they are.
 
I must note that your assessment of me is solely based on the posts I had created when I was fourteen years old, which do not provide an accurate representation of my present self. It is important to acknowledge the facts as they are.
I hate to say it, but in matters like this, your past is going to haunt you. If you had robbed a store at fourteen and didn't get your record expunged, it could affect your job prospects later if an employer runs a police check. Doing something like that creates a trust issue for people, pure and simple.

Personally, I hope someone gives you the help you need (I am not qualified to do so) but you also need to understand why your past is coming up and show that you're dealing with it, not just trying to sweep it under the rug as something that happened a long time ago.
 
must note that your assessment of me is solely based on the posts I had created when I was fourteen years old
I haven't even looked at any of those. So look who's assuming now.

My post still stands and it's not defamatory. No doubt Russ like me, assumed you have ten years experience. We have only your word to dispute that.
 
I hate to say it, but in matters like this, your past is going to haunt you. If you had robbed a store at fourteen and didn't get your record expunged, it could affect your job prospects later if an employer runs a police check. Doing something like that creates a trust issue for people, pure and simple.

Personally, I hope someone gives you the help you need (I am not qualified to do so) but you also need to understand why your past is coming up and show that you're dealing with it, not just trying to sweep it under the rug as something that happened a long time ago.
I am cognizant that my past actions may still linger in digital form and potentially impact my present standing. However, it is essential to recognize that those missteps do not define my current character. With the passage of time, individuals mature and evolve. In the context of the present discussion, it is crucial to acknowledge that there exists a vast difference between a single error in judgement and a deliberate illegal act such as bank robbery.

To elucidate further, suppose I had indulged in smoking a cigarette in 2013 and repeated it in 2023. Would that, in your opinion, signify a behavioral pattern? It is common for people to make mistakes in their youth, and I am no exception. I regret that I cannot eliminate the old posts from my digital footprint. Nonetheless, it is imperative to acknowledge that those posts from a decade ago do not represent my current values and beliefs.

I wish to assert that my website operates within legitimate means, and I am committed to ensuring that it continues to be so. It is inconceivable that I would jeopardize it by resorting to piracy. Additionally, I have made significant investments, including the purchase of three paid add-ons worth over $150, and losing the ability to download updates would be detrimental to my website. So therefore, I would not risk any such activity knowingly.
 
It is common for people to make mistakes in their youth, and I am no exception
Everyone knows that and makes allowances for that. BUT you're expecting us to believe you made the same mistake again? Unknowingly installed warez pirated add-on. That's the only question. Not the distant past. What you're trying to convince us of, today. Nobody's holding your past against you. It only comes up because gee lookie here, it's repeated!
 
Everyone knows that and makes allowances for that. BUT you're expecting us to believe you made the same mistake again? Unknowingly installed warez pirated add-on. That's the only question. Not the distant past. What you're trying to convince us of, today. Nobody's holding your past against you. It only comes up because gee lookie here, it's repeated!
May I ask for clarification on the "warez" add-on that you have mentioned? If you review my previous post, you will notice that I acknowledged my past dishonesty. Presently, I was merely browsing through the xenForo extension list and got redirected to a third-party website. I do not possess the expertise to differentiate between legitimate and pirated add-ons, which makes your argument untenable. Please refrain from making assumptions without factual evidence.


I kindly request that you refrain from leaving comments unless you can provide constructive feedback aimed at assisting me in resolving the issue. The intention behind my post was to seek help, and I would appreciate it if we could focus on that aspect rather than discussing my personal history.
 
Everyone knows that and makes allowances for that. BUT you're expecting us to believe you made the same mistake again? Unknowingly installed warez pirated add-on. That's the only question. Not the distant past. What you're trying to convince us of, today. Nobody's holding your past against you. It only comes up because gee lookie here, it's repeated!
May I respectfully ask if you have gone a decade without making any recurring mistakes? If so, I would be grateful for the opportunity to learn from your experience
 
Status
Not open for further replies.
Top Bottom