Bluehost flagging Rokpad files as malicious.
-
-
- Peter Koruga
- Jr. Rocketeer
- Posts: 33
- Thanks: 0
-
My sites were shut down today due to what they are saying are malicious files or viruses. In thier report almost all of the files are related to Rokpad or Rok"something".
This is the list they say looks malicious;
../plugins/editors/rokpad/MD5SUMS
../parse/vendor/joomla/framework/src/Joomla/Log/Tests/LogTest.php
../administrator/error_log
../templates/rt_hexeris/MD5SUMS
../media/editors/codemirror/theme/tomorrow-night-bright.css
../media/editors/codemirror/theme/tomorrow-night-eighties.css
../libraries/rokcommon/MD5SUMS
../plugins/editors/rokpad/MD5SUMS
../templates/rt_lexicon/MD5SUMS
../media/editors/codemirror/theme/tomorrow-night-bright.css
../media/editors/codemirror/theme/tomorrow-night-eighties.css
../libraries/rokcommon/MD5SUMS
../plugins/editors/rokpad/MD5SUMS
../templates/rt_paradigm/MD5SUMS
../media/editors/codemirror/theme/tomorrow-night-bright.css
../media/editors/codemirror/theme/tomorrow-night-eighties.css
../libraries/rokcommon/MD5SUMS
../plugins/editors/rokpad/MD5SUMS
../templates/rt_metropolis/MD5SUMS
../media/editors/codemirror/theme/tomorrow-night-bright.css
../media/editors/codemirror/theme/tomorrow-night-eighties.css
../libraries/rokcommon/MD5SUMS
../libraries/rokcommon/MD5SUMS
../plugins/editors/rokpad/MD5SUMS
../modules/mod_rokminievents3/MD5SUMS
../templates/rt_chimera/MD5SUMS
../includes/znp.php
../media/editors/codemirror/theme/tomorrow-night-bright.css
../media/editors/codemirror/theme/tomorrow-night-eighties.css
../libraries/rokcommon/MD5SUMS
These ones they say that it looks like code has been added to them nad should be "cleaned";
../plugins/editors/rokpad/ace/theme-monokai.js
../plugins/editors/rokpad/ace/theme-github.js
../plugins/editors/rokpad/ace/theme-dreamweaver.js
../plugins/editors/rokpad/ace/theme-crimson_editor.js
../plugins/editors/rokpad/ace/theme-tomorrow.js
../plugins/editors/rokpad/ace/theme-textmate.js
../plugins/editors/rokpad/ace/theme-chrome.js
../plugins/editors/rokpad/ace/theme-solarized_dark.js
../plugins/editors/rokpad/ace/theme-kr.js
../plugins/editors/rokpad/ace/ext-old_ie.js
../plugins/editors/rokpad/ace/theme-mono_industrial.js
../plugins/editors/rokpad/ace/theme-solarized_light.js
../plugins/editors/rokpad/ace/theme-vibrant_ink.js
../plugins/editors/rokpad/ace/theme-tomorrow_night_bright.js
../plugins/editors/rokpad/ace/theme-xcode.js
../plugins/editors/rokpad/ace/theme-merbivore.js
../plugins/editors/rokpad/ace/theme-tomorrow_night_blue.js
../plugins/editors/rokpad/ace/theme-eclipse.js
../plugins/editors/rokpad/ace/theme-terminal.js
../plugins/editors/rokpad/ace/theme-tomorrow_night_eighties.js
../plugins/editors/rokpad/ace/theme-idle_fingers.js
../plugins/editors/rokpad/ace/theme-ambiance.js
../plugins/editors/rokpad/ace/theme-pastel_on_dark.js
../plugins/editors/rokpad/ace/theme-clouds.js
../plugins/editors/rokpad/ace/theme-dawn.js
../plugins/editors/rokpad/ace/theme-twilight.js
../plugins/editors/rokpad/ace/theme-clouds_midnight.js
../plugins/editors/rokpad/ace/theme-tomorrow_night.js
../plugins/editors/rokpad/ace/theme-merbivore_soft.js
../plugins/editors/rokpad/ace/ext-searchbox.js
../plugins/editors/rokpad/ace/theme-cobalt.js
../plugins/system/rokbox/assets/styles/rokbox.css
../components/com_roksprocket/layouts/strips/themes/default/strips.css
../components/com_roksprocket/layouts/mosaic/themes/default/mosaic.css
As you can see they are almost all Rok"something". All of these sites have been updated to the latest versions of joomla and the latest versions of the extensions.
Anyone have any thoughts on this. Happy to provide more info, just ask.
Thanks,
Peter
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13484
- Web Designer/Developer
-
Please would you post your URL, superuser id and pswd in the secure tab of your post and i'll have a look for you.
Also, Please post your FTP logon, password and FTP URL in the secure area of your post.
They don't look hacked to me but I will have a look.
Regards, Mark. - Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
-
-
- Peter Koruga
- Jr. Rocketeer
- Posts: 33
- Thanks: 0
-
Thank you for your help Mark. They have been good enough to temporarily turn the sites back on but told me to look into these issues. If you need any other information from me please just ask.
Thanks again,
Peter
-
-
-
- MrT
- Preeminent Rocketeer
- Posts: 101084
- Thanks: 13484
- Web Designer/Developer
-
Ok So I checked and all the MD5SUMS are just the MD5 checksums for verifying the integrity of the plugin. There is no malicious software in those files so that is a false positive. Those MD5SUMS are in our rokpad extension package. I then randomly checked a few of the other files and there is nothing wrong with any of them either. So, again they are false positives. The thing that usually triggers these is the use of base64 strings - but they can be used legitimately too - some of these files are doing that.
So, in short, I don't see any issues in those files at all.
Regards, Mark. - Please search forums before posting. Please make sure your post includes the version of the CMS you are using and a link to the problem. Annotations on screenshots can also be helpful to explain problems/goals. Please use the "secure" tab for confidential information.
-
Time to create page: 0.047 seconds